Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe (20+) spawned; Norton reports intrusion but states it's ok


  • This topic is locked This topic is locked
40 replies to this topic

#1 indiana27

indiana27

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 16 October 2014 - 06:06 PM

Hi I posted this in the wrong forum earlier today.

 

Appears there are several related topics in this forum.

 

Hi, I have Windows Vista 64 bit and believe I come across PUP.Optional.FrostwireTB.A or something similar. I have multiple accounts setup on the computer and one (Brian) started running to a crawl on 9/22/2014. Norton's reported that there were two items block just when I think things went bad. I was doing something in IE, Firefox and Google at the time. I noticed that there were bunches (maybe 20+) of dllhost.exe running from reviewing TaskManager.

 

I logged out and rebooted. When I logged back in the same dllhost.exe started happening before the system finished loading up stuff (Adaware had just displayed it's banner before the issue). Takes maybe 2 minutes after login.

 

I rebooted and ran Nortons (ensuring it's up-to-date) from another aparently clean account (AmyA) and Nortons didn't find anything. I have tried following the instructions at: http://malwaretips.com/blogs/remove-pup-optional-frostwiretb-a-virus/ (from the AmyA account) and it found some items that I have deleted however the problem still persist on the (Brian) account. (login to Brian and 20+ dllhost.dll start running)  I've since run on the "Brian" account while disconnected from internet and not much was found and issue still remains.

 

Nortons also reported some of the following intrusion detections at the time when the 20+ dllhost.dll started running above. (first two most common)
1 System Infected: Trojan.AdClicker 195.2.240.79 - 195.2.240.80
2 System Infected: Trojan.Powelik 95.215.1.57, 31.184.192.90
3 Web Attack: MSIE CVE-2013-2551 144.76.36.67
4 Exploit Toolkit 217.23.14.7 (may have been the first entry?)

 

I created another account BrianA and it got infected as well after being fine for a few days. Best I can tell I may have gotten infected with a Google extension (Mafia Demon 2.6.4) as that was recently updated on BrianA and I discovered that was different between accounts. That seems to be common between Brian and BrianA, while AmyA and Briani do not have the issue.

 

I've tried: Noton, Spybot, Adaware, McAfee Security Scan Plus, AdwCleaner, Junkware Removal Tool, Malware Bytes, Hitman Pro.  I've also tried returning to restore point before the issue but the restore attempts fail.

 

Any help greatly appreciated.

 

Thanks, Brian


Edited by indiana27, 16 October 2014 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 AM

Posted 17 October 2014 - 08:17 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 indiana27

indiana27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 17 October 2014 - 08:37 AM

Hi Marius,

 

RE: Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

 

Norton reports this as a threat WS.Reputation.1 and has deleted the download from my system.  http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854-99&vid=4294919973&product=Norton%20360&version=21.6.0.32&plang=sym:EN&layouttype=ESD&buildname=Retail&heartbeatID=1DBDBAA0-1911-11DF-9CA4-0021707022C1&env=prod&vendorid=&plid=81&plgid=4&skup=21236413&skum=21294674&skuf=21228661&endpointid={1DBDBAA0-1911-11DF-9CA4-0021707022C1}&partnerid=&lic_type=16&lic_attr=21255186&psn=W7DWXT32GG2X&osvers=6.0&oslocale=iso:USA&oslang=iso:ENG&os=windows

 

Has this tool been infected?  Is there another tool to be used instead?  What should I do?

 

Thanks, Brian



#4 indiana27

indiana27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 19 October 2014 - 11:52 PM

Researched and discovered that Norton reports false positive on FRST64.exe.  Logs below as requested:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by AmyA (administrator) on INDIANA on 20-10-2014 00:02:51
Running from C:\Downloads\Software
Loaded Profile: AmyA (Available profiles: Brian & Amy & Cara & Deanna & AmyA & BrianA & Briani)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(GreenPrint Technologies LLC.) C:\Program Files\GreenPrint\gpsrht01.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(GreenPrint Technologies LLC.) C:\Program Files\GreenPrint\gpsrdg01.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6431232 2008-07-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => Skytel.exe
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-11-22] (Google Inc.)
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\MountPoints2: {21cbf4af-b8c6-11dd-81e6-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
GroupPolicyUsers\S-1-5-21-3581106983-3228185147-2497233209-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3581106983-3228185147-2497233209-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAC5F9E071ED5CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {AA299E98-6FB5-409F-99D3-D30D749F4864} https://support.infinitesolutionsllc.com/inc/kaxRemote.dll
DPF: HKLM-x32 {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/MeetUploader_200909.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\AmyA\AppData\Roaming\Mozilla\Firefox\Profiles\bkzd1a0o.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-19]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-24]
CHR Extension: (Google Docs) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-24]
CHR Extension: (Google Drive) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (YouTube) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-24]
CHR Extension: (Google Search) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-24]
CHR Extension: (Mafia Wars) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpaajdmciceaicpamnglddkegaelimni [2014-09-24]
CHR Extension: (Google Sheets) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-24]
CHR Extension: (Norton Identity Safe) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-24]
CHR Extension: (Spockholm Mafia Toolbar) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmnlgpakocffbjcgfibfdmgmfhjgepni [2014-09-24]
CHR Extension: (Mafia Wars Addon) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2014-09-24]
CHR Extension: (Google Wallet) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-24]
CHR Extension: (Gmail) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited)
R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-18] (Andrea Electronics Corporation)
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
R2 GreenPrint; C:\Program Files\GreenPrint\GPSRHT01.exe [434728 2009-10-27] (GreenPrint Technologies LLC.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-23] (SurfRight B.V.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2062200 2012-04-14] (MediaMall Technologies, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-18] (GFI Software)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-19] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141017.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141019.001\ENG64.SYS [129752 2014-10-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141019.001\EX64.SYS [2137304 2014-10-18] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2008-07-21] (Windows (R) Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 00:02 - 2014-10-20 00:02 - 00000000 ____D () C:\FRST
2014-10-19 23:55 - 2014-10-19 23:55 - 00000000 ____D () C:\Users\AmyA\AppData\Local\LogiShrd
2014-10-19 23:54 - 2014-10-19 23:54 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Logitech® Webcam Software
2014-10-19 23:53 - 2014-10-19 23:53 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\ATI
2014-10-19 23:53 - 2014-10-19 23:53 - 00000000 ____D () C:\Users\AmyA\AppData\Local\ATI
2014-10-19 18:30 - 2014-10-19 18:30 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Adobe
2014-10-19 18:25 - 2014-10-19 18:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-16 23:23 - 2014-10-16 23:30 - 00000180 _____ () C:\Users\AmyA\Downloads\TL-WDR4300_v1_140916.zip
2014-10-16 23:07 - 2014-10-16 23:07 - 00000834 _____ () C:\Users\AmyA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2014-10-16 23:07 - 2014-10-16 23:07 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\TextPad
2014-10-16 03:21 - 2014-09-17 02:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 03:21 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 03:20 - 2014-09-27 19:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 03:13 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 03:13 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 03:13 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 03:13 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 03:13 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 03:13 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 03:12 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 07:43 - 2014-09-19 20:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 07:43 - 2014-09-19 19:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 07:43 - 2014-09-19 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 07:43 - 2014-09-19 19:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 07:43 - 2014-09-19 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 07:43 - 2014-09-19 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 07:43 - 2014-09-19 19:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 07:43 - 2014-09-19 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 07:43 - 2014-09-19 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 07:43 - 2014-09-19 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 07:43 - 2014-09-19 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 07:43 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 07:43 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 07:43 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 07:43 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 07:43 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 07:43 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 07:43 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 07:43 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 07:43 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 07:43 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 07:42 - 2014-09-19 19:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 07:42 - 2014-09-19 19:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 07:42 - 2014-09-19 19:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 07:42 - 2014-09-19 19:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 07:42 - 2014-09-19 19:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 07:42 - 2014-09-19 19:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 07:42 - 2014-09-19 19:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 07:42 - 2014-09-19 19:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 07:42 - 2014-09-19 19:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 07:42 - 2014-09-19 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 07:42 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 07:42 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 07:42 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 07:42 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 07:42 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 07:42 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 07:42 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 07:42 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 07:42 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 07:42 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 07:42 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-14 22:53 - 2014-10-14 22:53 - 00001139 _____ () C:\Users\AmyA\Desktop\waiver_wire_research_2014 - Shortcut.lnk
2014-10-10 14:08 - 2014-10-10 14:08 - 00001702 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-10 14:08 - 2014-10-10 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-10 14:06 - 2014-10-10 14:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-10 14:06 - 2014-10-10 14:07 - 00000000 ____D () C:\Program Files\iTunes
2014-10-10 14:06 - 2014-10-10 14:06 - 00000000 ____D () C:\Program Files\iPod
2014-10-06 17:12 - 2014-10-06 17:12 - 00083456 _____ () C:\Users\Cara\Documents\halloween_party.pub
2014-10-06 01:03 - 2014-10-06 01:03 - 00000834 _____ () C:\Users\Briani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2014-10-06 01:03 - 2014-10-06 01:03 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\TextPad
2014-10-05 23:26 - 2014-10-05 23:26 - 00001085 _____ () C:\Users\Brian\Desktop\procexp.exe - Shortcut.lnk
2014-10-04 14:39 - 2014-10-04 14:40 - 00000018 _____ () C:\Users\Briani\Desktop\dlink.txt
2014-09-30 21:33 - 2014-09-30 21:34 - 00000000 ____D () C:\Users\Briani\AppData\Local\Adobe
2014-09-30 21:28 - 2014-09-30 21:29 - 00000193 _____ () C:\Users\Briani\Desktop\Network Security Settings.txt
2014-09-28 12:07 - 2014-10-08 22:24 - 00000000 ____D () C:\Users\Briani\AppData\Local\CrashDumps
2014-09-28 09:16 - 2014-09-28 09:16 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\Google
2014-09-28 00:36 - 2014-09-30 21:33 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\Adobe
2014-09-28 00:36 - 2014-09-28 00:36 - 00000000 ____D () C:\Users\Briani\AppData\Local\Macromedia
2014-09-28 00:35 - 2014-09-28 00:35 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\Mozilla
2014-09-28 00:35 - 2014-09-28 00:35 - 00000000 ____D () C:\Users\Briani\AppData\Local\Mozilla
2014-09-27 23:08 - 2014-10-10 08:59 - 00006836 _____ () C:\Users\Briani\AppData\Local\d3d9caps.dat
2014-09-27 23:08 - 2014-09-28 09:16 - 00000000 ____D () C:\Users\Briani\AppData\Local\Google
2014-09-27 23:08 - 2014-09-27 23:27 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\Ad-Aware Antivirus
2014-09-27 23:08 - 2014-09-27 23:08 - 00123312 _____ () C:\Users\Briani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 23:08 - 2014-09-27 23:08 - 00000987 _____ () C:\Users\Briani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-27 23:08 - 2014-09-27 23:08 - 00000982 _____ () C:\Users\Briani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-27 23:08 - 2014-09-27 23:08 - 00000957 _____ () C:\Users\Briani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-27 23:08 - 2014-09-27 23:08 - 00000923 _____ () C:\Users\Briani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-27 23:08 - 2014-09-27 23:08 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\Apple Computer
2014-09-27 23:08 - 2014-09-27 23:08 - 00000000 ____D () C:\Users\Briani\AppData\Local\PowerDVD DX
2014-09-27 23:08 - 2014-09-27 23:08 - 00000000 ____D () C:\Users\Briani\AppData\Local\adawarebp
2014-09-27 23:07 - 2014-09-30 21:10 - 00000000 ____D () C:\Users\Briani\AppData\Local\VirtualStore
2014-09-27 23:06 - 2014-09-27 23:08 - 00000000 ____D () C:\Users\Briani
2014-09-27 23:06 - 2014-09-27 23:06 - 00000632 __RSH () C:\Users\Briani\ntuser.pol
2014-09-27 23:06 - 2014-09-27 23:06 - 00000020 ___SH () C:\Users\Briani\ntuser.ini
2014-09-27 23:06 - 2011-01-07 15:28 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\Macromedia
2014-09-27 23:06 - 2010-02-26 17:35 - 00000000 ____D () C:\Users\Briani\AppData\Local\Microsoft Help
2014-09-27 23:06 - 2008-01-20 23:20 - 00000000 ___RD () C:\Users\Briani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-27 23:06 - 2008-01-20 23:20 - 00000000 ___RD () C:\Users\Briani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-27 15:32 - 2014-09-27 16:33 - 00000000 ____D () C:\Users\Brian\AppData\Local\adawarebp
2014-09-27 13:25 - 2014-09-27 13:25 - 00001330 _____ () C:\Users\Brian\Desktop\JRT.txt
2014-09-27 12:25 - 2014-09-27 12:25 - 00000000 ____D () C:\Windows\pss
2014-09-25 13:06 - 2014-09-25 13:09 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Windows Live
2014-09-25 13:06 - 2014-09-25 13:06 - 00000000 ____D () C:\Users\AmyA\AppData\Local\{9FA5BD59-7446-4D77-8097-FCA652400C84}
2014-09-25 13:06 - 2014-09-25 13:06 - 00000000 ____D () C:\Users\AmyA\AppData\Local\{333FD496-9220-4009-B9D3-C36885D71A58}
2014-09-25 10:16 - 2014-09-25 10:16 - 00000000 ____D () C:\Users\AmyA\AppData\Local\adawarebp
2014-09-25 07:17 - 2014-09-25 07:18 - 00001816 _____ () C:\Users\AmyA\Documents\cc_20140925_071737.reg
2014-09-25 06:54 - 2014-09-25 06:54 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-25 06:54 - 2014-09-25 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 06:54 - 2014-09-25 06:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-24 20:16 - 2014-09-24 20:16 - 00000715 _____ () C:\Users\AmyA\Desktop\JRT.txt
2014-09-24 10:18 - 2014-09-24 10:18 - 00000000 ____D () C:\Users\BrianA\AppData\Local\Apple
2014-09-24 03:00 - 2014-09-09 02:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 03:00 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 22:27 - 2014-09-23 22:27 - 00000834 _____ () C:\Users\BrianA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\Users\BrianA\AppData\Roaming\TextPad
2014-09-23 21:48 - 2014-09-23 21:48 - 00000937 _____ () C:\Users\BrianA\Desktop\remember.docx - Shortcut.lnk
2014-09-23 21:47 - 2014-10-17 15:49 - 00002033 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-23 21:47 - 2014-09-23 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-23 21:45 - 2014-09-23 21:45 - 00895120 _____ (Google Inc.) C:\Users\BrianA\Downloads\ChromeSetup.exe
2014-09-23 21:30 - 2014-09-23 21:30 - 00000000 ____D () C:\Users\BrianA\AppData\Local\Macromedia
2014-09-23 21:23 - 2014-09-23 21:47 - 00000000 ____D () C:\Users\BrianA\AppData\Local\Google
2014-09-23 21:23 - 2014-09-23 21:23 - 00000000 ____D () C:\Users\BrianA\AppData\Roaming\Mozilla
2014-09-23 21:23 - 2014-09-23 21:23 - 00000000 ____D () C:\Users\BrianA\AppData\Roaming\Google
2014-09-23 21:23 - 2014-09-23 21:23 - 00000000 ____D () C:\Users\BrianA\AppData\Roaming\Adobe
2014-09-23 21:23 - 2014-09-23 21:23 - 00000000 ____D () C:\Users\BrianA\AppData\Local\Mozilla
2014-09-23 21:20 - 2014-09-24 07:55 - 00000000 ____D () C:\Users\BrianA\AppData\Roaming\Ad-Aware Antivirus
2014-09-23 21:20 - 2014-09-23 21:20 - 00123312 _____ () C:\Users\BrianA\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 21:20 - 2014-09-23 21:20 - 00000987 _____ () C:\Users\BrianA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-23 21:20 - 2014-09-23 21:20 - 00000957 _____ () C:\Users\BrianA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-23 21:20 - 2014-09-23 21:20 - 00000680 _____ () C:\Users\BrianA\AppData\Local\d3d9caps.dat
2014-09-23 21:20 - 2014-09-23 21:20 - 00000000 ____D () C:\Users\BrianA\AppData\Roaming\Apple Computer
2014-09-23 21:20 - 2014-09-23 21:20 - 00000000 ____D () C:\Users\BrianA\AppData\Local\PowerDVD DX
2014-09-23 21:20 - 2014-09-23 21:20 - 00000000 ____D () C:\Users\BrianA\AppData\Local\adawarebp
2014-09-23 21:19 - 2014-09-23 21:20 - 00000923 _____ () C:\Users\BrianA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-23 21:19 - 2014-09-23 21:19 - 00000982 _____ () C:\Users\BrianA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-23 21:19 - 2014-09-23 21:19 - 00000000 ____D () C:\Users\BrianA\AppData\Local\VirtualStore
2014-09-23 21:18 - 2014-09-23 21:19 - 00000000 ____D () C:\Users\BrianA
2014-09-23 21:18 - 2014-09-23 21:18 - 00000632 __RSH () C:\Users\BrianA\ntuser.pol
2014-09-23 21:18 - 2014-09-23 21:18 - 00000020 ___SH () C:\Users\BrianA\ntuser.ini
2014-09-23 21:18 - 2011-01-07 15:28 - 00000000 ____D () C:\Users\BrianA\AppData\Roaming\Macromedia
2014-09-23 21:18 - 2010-02-26 17:35 - 00000000 ____D () C:\Users\BrianA\AppData\Local\Microsoft Help
2014-09-23 21:18 - 2008-01-20 23:20 - 00000000 ___RD () C:\Users\BrianA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-23 21:18 - 2008-01-20 23:20 - 00000000 ___RD () C:\Users\BrianA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-23 00:51 - 2014-09-23 00:51 - 00001378 _____ () C:\Windows\system32\.crusader
2014-09-23 00:35 - 2014-09-27 14:49 - 00001740 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-23 00:35 - 2014-09-23 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-23 00:35 - 2014-09-23 00:35 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-23 00:34 - 2014-09-23 00:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-23 00:00 - 2014-09-23 00:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 23:45 - 2014-09-27 13:17 - 00000000 ____D () C:\AdwCleaner
2014-09-22 23:03 - 2014-09-22 23:03 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-09-22 22:15 - 2014-09-27 23:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 22:13 - 2014-09-25 06:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-22 22:13 - 2014-09-22 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-22 22:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 22:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 22:10 - 2014-09-22 22:10 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\Malwarebytes
2014-09-22 11:54 - 2014-10-16 12:03 - 00005632 _____ () C:\Users\AmyA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-20 20:16 - 2014-09-20 20:16 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\Sling Media
2014-09-20 17:58 - 2014-09-24 13:22 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Google
2014-09-20 17:58 - 2014-09-20 20:12 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 00:05 - 2008-11-22 14:52 - 01658538 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 23:53 - 2012-03-03 22:42 - 00000000 ____D () C:\ProgramData\MediaMall
2014-10-19 23:52 - 2010-02-13 23:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 23:51 - 2013-01-18 10:47 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-10-19 23:51 - 2008-11-22 20:08 - 00000288 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-10-19 23:51 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 23:51 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 23:51 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 23:50 - 2012-04-26 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-19 23:50 - 2008-01-20 23:26 - 00884836 _____ () C:\Windows\PFRO.log
2014-10-19 23:48 - 2006-11-02 11:42 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-19 18:41 - 2010-02-13 23:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 18:37 - 2012-04-05 09:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 18:30 - 2014-08-26 09:39 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\Adobe
2014-10-19 17:45 - 2011-11-03 12:49 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-10-19 15:03 - 2012-03-03 22:47 - 00000000 ____D () C:\Program Files (x86)\MediaMall
2014-10-18 23:56 - 2009-01-16 23:20 - 00000000 ___RD () C:\temp
2014-10-18 03:55 - 2010-11-14 19:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-18 03:36 - 2010-02-13 23:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 03:36 - 2010-02-13 23:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 14:10 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 12:09 - 2014-08-26 09:34 - 00000000 ____D () C:\Users\AmyA\AppData\Local\VirtualStore
2014-10-16 03:44 - 2006-11-02 11:21 - 00424888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:18 - 2010-02-26 17:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 03:11 - 2013-07-12 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:01 - 2006-11-02 08:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-14 17:53 - 2010-08-12 23:30 - 00000000 ____D () C:\Users\Brian\AppData\Local\CrashDumps
2014-10-13 14:53 - 2014-09-03 10:18 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Apple
2014-10-13 10:41 - 2014-09-05 13:14 - 00000000 ____D () C:\Users\AmyA\AppData\Local\CrashDumps
2014-10-10 13:59 - 2014-08-26 09:33 - 00000000 ____D () C:\Users\AmyA
2014-10-05 23:57 - 2009-01-16 22:13 - 00000000 ____D () C:\Users\Brian\AppData\Local\Google
2014-10-04 13:22 - 2009-05-15 14:04 - 00000000 ____D () C:\Users\Amy\AppData\Local\Google
2014-10-03 18:55 - 2014-09-18 09:43 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\vlc
2014-09-28 16:35 - 2013-07-28 09:57 - 00006836 _____ () C:\Users\Deanna\AppData\Local\d3d9caps.dat
2014-09-28 16:35 - 2013-06-05 18:20 - 00000000 ____D () C:\Users\Deanna\AppData\Local\Google
2014-09-27 19:22 - 2014-07-29 21:36 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Keeper - Shortcut
2014-09-27 19:22 - 2014-07-29 21:35 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\research2014 - Shortcut
2014-09-27 19:22 - 2014-04-20 23:22 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\work_sync_mar_2014 - Shortcut
2014-09-27 19:22 - 2014-04-19 22:23 - 00000000 ____D () C:\Users\Brian\Downloads\Installs
2014-09-27 19:22 - 2014-02-02 12:36 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\temp - Shortcut
2014-09-27 19:22 - 2013-12-28 04:50 - 00000000 ____D () C:\Users\Brian\Downloads\Mafia
2014-09-27 19:22 - 2013-11-19 09:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-09-27 19:22 - 2013-10-14 12:29 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\football - Shortcut
2014-09-27 19:22 - 2013-01-18 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-09-27 19:22 - 2013-01-18 10:49 - 00000000 ____D () C:\Program Files (x86)\Ad-Aware Antivirus
2014-09-27 19:22 - 2012-11-02 08:22 - 00000000 ____D () C:\Users\Brian\Desktop\Document Shortcuts
2014-09-27 19:22 - 2012-11-01 22:55 - 00000000 ___RD () C:\Users\Brian\Desktop\Application Shortcuts
2014-09-27 19:22 - 2012-11-01 22:54 - 00000000 ____D () C:\Users\Brian\Desktop\Folder Shortcuts
2014-09-27 19:22 - 2012-08-01 07:22 - 00000000 ____D () C:\Users\Brian\Documents\Draft Predictor 2012
2014-09-27 19:22 - 2012-08-01 07:22 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Draft Predictor 2012
2014-09-27 19:22 - 2012-03-03 22:57 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\vlc
2014-09-27 19:22 - 2011-09-22 18:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-27 19:22 - 2011-04-30 09:52 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Skype
2014-09-27 19:22 - 2010-09-25 22:38 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
2014-09-27 19:22 - 2010-08-29 00:04 - 00000000 ____D () C:\Users\Brian\AppData\Local\Microsoft Help
2014-09-27 19:22 - 2010-08-17 21:22 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\TextPad
2014-09-27 19:22 - 2010-06-13 14:56 - 00000000 ____D () C:\Users\Brian\Downloads\ItunesArtImporter
2014-09-27 19:22 - 2010-03-08 10:13 - 00000000 ____D () C:\Users\Brian\Downloads\Itunes
2014-09-27 19:22 - 2010-03-05 10:38 - 00000000 ___RD () C:\Users\Brian\Short-Cuts
2014-09-27 19:22 - 2010-02-19 10:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-27 19:22 - 2009-01-22 21:58 - 00000000 ____D () C:\Users\Brian\Downloads\termsrv
2014-09-27 19:22 - 2009-01-16 21:39 - 00000000 ____D () C:\Users\Brian\AppData\Local\PowerDVD DX
2014-09-27 19:22 - 2009-01-16 21:36 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-27 19:22 - 2009-01-16 21:36 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-27 19:22 - 2009-01-16 21:36 - 00000000 ____D () C:\Users\Brian
2014-09-27 19:22 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-09-27 19:22 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-09-27 19:21 - 2014-01-18 10:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-27 19:21 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-09-27 14:50 - 2010-03-05 10:28 - 00007512 _____ () C:\Users\Brian\AppData\Local\d3d9caps.dat
2014-09-24 18:46 - 2011-01-08 14:23 - 00000000 ____D () C:\Users\Cara\AppData\Local\Google
2014-09-24 17:40 - 2006-11-02 08:34 - 00450757 ____R () C:\Windows\system32\Drivers\etc\hosts.20141016-113540.backup
2014-09-24 13:22 - 2014-08-26 09:35 - 00000680 _____ () C:\Users\AmyA\AppData\Local\d3d9caps.dat
2014-09-24 08:13 - 2006-11-02 08:34 - 00450757 ____R () C:\Windows\system32\Drivers\etc\hosts.20140924-174029.backup
2014-09-24 03:49 - 2012-04-05 09:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 03:49 - 2012-04-05 09:16 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 03:49 - 2011-05-16 09:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 21:46 - 2008-11-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 22:56 - 2012-10-26 13:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-09-22 22:55 - 2012-10-26 13:10 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-22 22:54 - 2013-01-23 23:43 - 00002145 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-09-22 22:13 - 2013-04-04 21:26 - 00000949 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-22 22:13 - 2011-09-22 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 19:00 - 2012-04-04 19:13 - 00000424 _____ () C:\Users\Cara\Desktop\StudyJams.website

Some content of TEMP:
====================
C:\Users\Amy\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-19 23:56

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by AmyA at 2014-10-20 00:06:51
Running from C:\Downloads\Software
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3ivx MPEG-4 5.0.3 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware Antivirus (HKLM-x32\...\{2819e172-81d5-4113-88bd-4605b02344e0}) (Version: 10.4.49.4168 - Lavasoft)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.82 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Any Video Converter 3.3.0 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help English (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help French (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help German (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Korean (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
CCC Help Turkish (x32 Version: 2008.0512.1132.18639 - ATI) Hidden
ccc-core-static (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
ccc-utility64 (Version: 2008.0512.1133.18639 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Draft Predictor 2012 (HKLM-x32\...\{A65656AA-3EAA-499D-9666-01B9348FD15F}) (Version: 12.3.0.0 - Bert Software)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FFLM version 14.00 (HKLM-x32\...\FFLM2005_is1) (Version: 6.00 - Sideline Software, Inc.)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoZone iSync (HKLM-x32\...\GoZone iSync) (Version: 1.0.91 - Virgin HealthMiles)
GreenPrint (HKLM\...\{2C49B82D-E23D-4258-9CBC-79CCB8E5FF17}) (Version: 2.1.1 - GreenPrint Technologies)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{F4330A8B-3610-4483-975E-69789B70A764}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{7C1C9924-3755-483C-87B1-8371B7454B1A}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Gallery Upload Software (HKLM-x32\...\com.kodakgallery.AirUploader) (Version: 2.09 - Kodak Imaging Network, Inc.)
KODAK Gallery Upload Software (x32 Version: 2.09 - Kodak Imaging Network, Inc.) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LWS Facebook (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.30.1396.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.30.1346.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{1C89932F-1D9D-4776-AD7A-9156FF792539}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Picaboo 2.5 (HKLM-x32\...\{8C525C3E-00C9-4A77-9F76-D22939DB53C0}) (Version: 2.5 - Picaboo)
PlayOn (HKLM-x32\...\{CE89E33D-1E0A-43DA-8126-3C5725BE19E1}) (Version: 3.4.37 - MediaMall Technologies, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version:  - )
Quicken 2008 (HKLM-x32\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.5.3 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM-x32\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}) (Version: 2.0.4521 - Sling Media)
SlingPlayer (x32 Version: 2.0.4521 - Sling Media) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Strawberry Shortcake - Amazing Cookie Party (HKLM-x32\...\Strawberry Shortcake - Amazing Cookie Party) (Version:  - )
TextPad 4.7 (HKLM-x32\...\{B510A987-487E-4C66-9F4F-D386AC275715}) (Version: 4.7.2 - Helios)
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2009 winiper (x32 Version: 009.000.0846 - Intuit Inc.) Hidden
TurboTax 2009 WinPerFedFormset (x32 Version: 009.000.2163 - Intuit Inc.) Hidden
TurboTax 2009 WinPerReleaseEngine (x32 Version: 009.000.0328 - Intuit Inc.) Hidden
TurboTax 2009 WinPerTaxSupport (x32 Version: 009.000.0238 - Intuit Inc.) Hidden
TurboTax 2009 wrapper (x32 Version: 009.000.0145 - Intuit Inc.) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 winiper (x32 Version: 010.000.1284 - Intuit Inc.) Hidden
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4227 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0483 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0214 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 winiper (x32 Version: 011.000.1697 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0495 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wkyiper (x32 Version: 011.000.1693 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 winiper (x32 Version: 012.000.1399 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wkyiper (x32 Version: 012.000.1394 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 winiper (x32 Version: 013.000.1240 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TweetDeck (HKLM-x32\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.37.6 - TweetDeck Inc)
TweetDeck (x32 Version: 0.37.6 - TweetDeck Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
VueScan (HKLM-x32\...\VueScan) (Version:  - )
WebSlingPlayer ActiveX (HKLM-x32\...\{2DC0661C-FF81-4358-9F33-76EA6CAB6BF6}) (Version: 1.5.15770 - Sling Media)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-09-2014 05:01:31 Scheduled Checkpoint
27-09-2014 09:38:10 Scheduled Checkpoint
27-09-2014 12:30:46 Restore Operation
27-09-2014 21:25:10 Restore Operation
27-09-2014 22:23:31 Restore Operation
27-09-2014 23:07:21 Restore Operation
30-09-2014 01:15:07 Scheduled Checkpoint
01-10-2014 05:57:56 Scheduled Checkpoint
02-10-2014 04:49:25 Scheduled Checkpoint
03-10-2014 04:36:19 Scheduled Checkpoint
04-10-2014 21:08:34 Scheduled Checkpoint
07-10-2014 05:09:09 Scheduled Checkpoint
08-10-2014 05:45:46 Scheduled Checkpoint
09-10-2014 05:59:32 Scheduled Checkpoint
10-10-2014 04:03:35 Scheduled Checkpoint
10-10-2014 17:59:12 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
12-10-2014 06:57:44 Scheduled Checkpoint
14-10-2014 04:45:04 Scheduled Checkpoint
15-10-2014 04:00:02 Scheduled Checkpoint
16-10-2014 07:00:21 Windows Update
17-10-2014 04:05:20 Scheduled Checkpoint
19-10-2014 23:56:49 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2014-10-16 11:35 - 00450821 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0665C984-1839-446F-829C-BD9937A54844} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1EF10F81-9692-414E-B6EC-919E8E7B82CF} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {244E75DE-F20E-4942-A366-7AF8C1BEAAD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2FD4BB79-4879-48F6-A781-33ABBC4EFB28} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {4583D4CB-2352-4931-98BC-DD2CF3DBD810} - System32\Tasks\{2C154528-14FC-467A-B9BD-7576353B5AAA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {4EF7478B-7034-46AA-9760-BF601E71631E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {515B9730-07D5-4F16-BD74-FFD825A2BC41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6788A5A8-36D1-462C-B510-BDC9AA8F35C9} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-03-07] ()
Task: {6EA2E590-EF03-4F84-9B98-F64D4775CB84} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2012-12-14] (Lavasoft Limited)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {874F3090-F9E3-4B84-BDBE-A690E33C9FFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {9DB4DE2F-4AEA-4FB1-8AE6-8E7C78B185AB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0620D67-7D06-4F82-B7A7-0A558C151C75} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {A4FBB120-642C-4984-9A41-2CB9DC85905F} - System32\Tasks\reboot => c:\temp\reboot.bat
Task: {B0D0A107-109D-4125-A9DE-65B476AE599E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B33851B4-53FD-4EA5-8B37-142B98C66885} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {B38A0BA0-9F90-4FA9-B261-1BD05F9A0C2C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EAE4DDB0-731F-48B3-A2D6-09C942D7D003} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe

==================== Loaded Modules (whitelisted) =============

2011-05-06 13:07 - 2011-05-06 13:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2008-11-22 22:23 - 2008-07-24 07:49 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-05-06 12:58 - 2011-05-06 12:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2011-08-12 12:18 - 2011-08-12 12:18 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2011-05-06 13:07 - 2011-05-06 13:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2011-05-06 13:02 - 2011-05-06 13:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2011-09-02 16:24 - 2011-09-02 16:24 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll
2009-04-09 19:04 - 2009-04-09 19:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
2009-04-22 17:53 - 2009-04-22 17:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
2010-10-29 16:01 - 2010-10-29 16:01 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
2010-10-29 16:02 - 2010-10-29 16:02 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-08-22 15:47 - 2011-08-22 15:47 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-01-18 10:50 - 2014-06-20 06:08 - 00192376 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-01-18 10:50 - 2014-06-20 06:08 - 00180088 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2010-04-09 22:57 - 2010-04-09 22:57 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-09 22:57 - 2010-04-09 22:57 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-04-09 17:16 - 2011-04-09 17:16 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3581106983-3228185147-2497233209-500 - Administrator - Disabled)
Amy (S-1-5-21-3581106983-3228185147-2497233209-1001 - Administrator - Enabled) => C:\Users\Amy
AmyA (S-1-5-21-3581106983-3228185147-2497233209-1004 - Administrator - Enabled) => C:\Users\AmyA
Brian (S-1-5-21-3581106983-3228185147-2497233209-1000 - Administrator - Enabled) => C:\Users\Brian
BrianA (S-1-5-21-3581106983-3228185147-2497233209-1005 - Administrator - Enabled) => C:\Users\BrianA
Briani (S-1-5-21-3581106983-3228185147-2497233209-1006 - Administrator - Enabled) => C:\Users\Briani
Cara (S-1-5-21-3581106983-3228185147-2497233209-1002 - Limited - Enabled) => C:\Users\Cara
Deanna (S-1-5-21-3581106983-3228185147-2497233209-1003 - Limited - Enabled) => C:\Users\Deanna
Guest (S-1-5-21-3581106983-3228185147-2497233209-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2014 11:51:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2014 07:56:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {7507bd15-0fa6-4b6d-bc64-71177f3b6101}

Error: (10/17/2014 00:05:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9b1d6be8-b7ee-4a61-ae29-3edcaeff72af}

Error: (10/16/2014 03:45:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 03:11:10 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent

Error: (10/16/2014 03:11:10 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent8

Error: (10/16/2014 03:11:09 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (10/16/2014 03:11:09 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook

Error: (10/16/2014 03:11:09 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: Outlook8

Error: (10/16/2014 03:11:09 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8


System errors:
=============
Error: (10/19/2014 11:54:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}

Error: (10/19/2014 11:51:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (10/19/2014 00:51:14 PM) (Source: DCOM) (EventID: 10016) (User: indiana)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}indianaAmyAS-1-5-21-3581106983-3228185147-2497233209-1004LocalHost (Using LRPC)

Error: (10/19/2014 00:51:13 PM) (Source: DCOM) (EventID: 10016) (User: indiana)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}indianaAmyAS-1-5-21-3581106983-3228185147-2497233209-1004LocalHost (Using LRPC)

Error: (10/16/2014 02:45:10 PM) (Source: DCOM) (EventID: 10016) (User: indiana)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}indianaAmyAS-1-5-21-3581106983-3228185147-2497233209-1004LocalHost (Using LRPC)

Error: (10/16/2014 02:45:10 PM) (Source: DCOM) (EventID: 10016) (User: indiana)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}indianaAmyAS-1-5-21-3581106983-3228185147-2497233209-1004LocalHost (Using LRPC)

Error: (10/16/2014 03:45:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (10/15/2014 10:35:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.198 for the Network Card with network address 0021707022C1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (10/15/2014 01:57:18 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/14/2014 11:21:56 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (08/08/2014 09:41:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2354 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (08/07/2014 00:24:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 448 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (08/05/2014 11:49:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4537 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (04/18/2014 09:08:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 367 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/11/2014 00:36:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 755 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (02/05/2014 05:48:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1234 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (12/03/2013 00:38:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 977 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (11/09/2013 06:09:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 226 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 00:19:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2013 10:49:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 4882 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-20 00:06:08.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 00:06:07.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 00:06:07.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 00:06:06.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 00:06:06.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 00:06:06.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 00:06:05.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 00:06:05.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 16:50:25.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 16:50:25.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 45%
Total physical RAM: 6142.26 MB
Available physical RAM: 3356.84 MB
Total Pagefile: 12397.53 MB
Available Pagefile: 8736.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WinVista) (Fixed) (Total:683.57 GB) (Free:162.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.69 GB) NTFS
Drive e: (CD165A4) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: B0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-20 00:41:36
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750630AS rev.DE12 698.64GB
Running: glhncmhv.exe; Driver: C:\Users\AmyA\AppData\Local\Temp\ugldrpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                           suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                           suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                           suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                           suspicious modification

---- Threads - GMER 2.1 ----

Thread    C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2324:2604]                                                                                                                                                                          0000000001060064
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2520] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)      0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2536] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)   0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [2628] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)  0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2716] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)       0000000010000000
Process   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (*** suspicious ***) @ C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [3576] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:50)                           0000000001160000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [3576] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                           0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [3812] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                                      0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2884] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                         0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\PROGRA~2\AD-AWA~1\AdAware.exe [3092] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                                                    0000000003530000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe [4864] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)           0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe [4648] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                 0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [3688] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)           0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\iexplore.exe [5252] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                               0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5292] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                                0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5452] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                                0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\iexplore.exe [5972] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                               0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\iexplore.exe [5928] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                               0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [5584] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)               0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\iexplore.exe [5444] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                               0000000010000000
Library   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [5276] (Ad-Aware Browsing Protection and Anti-Phishing/Lavasoft)(2012-12-11 23:20:44)                        0000000010000000

---- EOF - GMER 2.1 ----



#5 indiana27

indiana27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 19 October 2014 - 11:53 PM

Post was too long, so here is the 4th file requested.

00:47:58.0094 0x167c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
00:48:23.0832 0x167c  ============================================================
00:48:23.0832 0x167c  Current date / time: 2014/10/20 00:48:23.0832
00:48:23.0833 0x167c  SystemInfo:
00:48:23.0833 0x167c  
00:48:23.0833 0x167c  OS Version: 6.0.6002 ServicePack: 2.0
00:48:23.0833 0x167c  Product type: Workstation
00:48:23.0833 0x167c  ComputerName: INDIANA
00:48:23.0833 0x167c  UserName: AmyA
00:48:23.0833 0x167c  Windows directory: C:\Windows
00:48:23.0833 0x167c  System windows directory: C:\Windows
00:48:23.0833 0x167c  Running under WOW64
00:48:23.0833 0x167c  Processor architecture: Intel x64
00:48:23.0833 0x167c  Number of processors: 4
00:48:23.0833 0x167c  Page size: 0x1000
00:48:23.0833 0x167c  Boot type: Normal boot
00:48:23.0833 0x167c  ============================================================
00:48:25.0968 0x167c  KLMD registered as C:\Windows\system32\drivers\30438318.sys
00:48:26.0631 0x167c  System UUID: {40BD0AF9-D01D-E8FB-AF12-4322ECAB9E88}
00:48:27.0225 0x167c  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:48:27.0291 0x167c  ============================================================
00:48:27.0291 0x167c  \Device\Harddisk0\DR0:
00:48:27.0292 0x167c  MBR partitions:
00:48:27.0292 0x167c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
00:48:27.0292 0x167c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x55722000
00:48:27.0292 0x167c  ============================================================
00:48:27.0338 0x167c  C: <-> \Device\Harddisk0\DR0\Partition2
00:48:27.0396 0x167c  D: <-> \Device\Harddisk0\DR0\Partition1
00:48:27.0397 0x167c  ============================================================
00:48:27.0397 0x167c  Initialize success
00:48:27.0397 0x167c  ============================================================
00:48:34.0550 0x111c  ============================================================
00:48:34.0550 0x111c  Scan started
00:48:34.0550 0x111c  Mode: Manual; 
00:48:34.0550 0x111c  ============================================================
00:48:34.0550 0x111c  KSN ping started
00:48:38.0562 0x111c  KSN ping finished: true
00:48:40.0563 0x111c  ================ Scan system memory ========================
00:48:40.0563 0x111c  System memory - ok
00:48:40.0563 0x111c  ================ Scan services =============================
00:48:40.0699 0x111c  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
00:48:40.0715 0x111c  ACPI - ok
00:48:40.0850 0x111c  [ A09A61CFDE15E5A67701EA812CE3F43F, B197FC45243DCA1F04C6DB28F2915E9B4310315878414D87B4A75624C73506D2 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
00:48:40.0877 0x111c  Ad-Aware Service - ok
00:48:40.0989 0x111c  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:48:40.0995 0x111c  AdobeFlashPlayerUpdateSvc - ok
00:48:41.0054 0x111c  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:48:41.0079 0x111c  adp94xx - ok
00:48:41.0128 0x111c  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:48:41.0145 0x111c  adpahci - ok
00:48:41.0162 0x111c  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
00:48:41.0168 0x111c  adpu160m - ok
00:48:41.0198 0x111c  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:48:41.0205 0x111c  adpu320 - ok
00:48:41.0250 0x111c  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:48:41.0252 0x111c  AeLookupSvc - ok
00:48:41.0279 0x111c  [ 0D7A11395C0A33D9E7587CDB9866EFAD, 2CD8E485B104F89FC2436FC38FE5152D076782F39D67B99C8CA9DF33B2CB43E6 ] AERTFilters     C:\Windows\system32\AERTSr64.exe
00:48:41.0289 0x111c  AERTFilters - ok
00:48:41.0324 0x111c  [ E58A17E945593544C707423F9772EEA0, FC17AFF979354EB89DCA307BF07C52B84629AF540D4C6A32DD537695CA654205 ] AFD             C:\Windows\system32\drivers\afd.sys
00:48:41.0358 0x111c  AFD - ok
00:48:41.0400 0x111c  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:48:41.0403 0x111c  agp440 - ok
00:48:41.0430 0x111c  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
00:48:41.0435 0x111c  aic78xx - ok
00:48:41.0454 0x111c  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
00:48:41.0457 0x111c  ALG - ok
00:48:41.0484 0x111c  [ 9544C2C55541C0C6BFD7B489D0E7D430, E242A7632BB51C965A7D2E2B0112C75018C0BB4B9A574920E44756E3AC1D8E77 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:48:41.0487 0x111c  aliide - ok
00:48:41.0506 0x111c  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:48:41.0508 0x111c  amdide - ok
00:48:41.0528 0x111c  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:48:41.0531 0x111c  AmdK8 - ok
00:48:41.0552 0x111c  [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] Appinfo         C:\Windows\System32\appinfo.dll
00:48:41.0555 0x111c  Appinfo - ok
00:48:41.0624 0x111c  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:48:41.0626 0x111c  Apple Mobile Device - ok
00:48:41.0638 0x111c  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
00:48:41.0642 0x111c  arc - ok
00:48:41.0667 0x111c  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:48:41.0671 0x111c  arcsas - ok
00:48:41.0781 0x111c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:48:41.0784 0x111c  aspnet_state - ok
00:48:41.0831 0x111c  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:48:41.0833 0x111c  AsyncMac - ok
00:48:41.0845 0x111c  [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi           C:\Windows\system32\drivers\atapi.sys
00:48:41.0846 0x111c  atapi - ok
00:48:41.0899 0x111c  [ 5F85C7284ED3D1B8FA923E876A168021, A9A3FB7F9D1A23BEC27A087A46B982858C6D8F756FE6CF16EF9B0E9426CD166C ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
00:48:41.0919 0x111c  Ati External Event Utility - ok
00:48:42.0066 0x111c  [ 77E980EB1CC596FB6073C5C540E85F62, FCB9349D45AFEDB21FFCEFDEDEA9233D7D3A12E882932D008E822CAA1754B3E5 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:48:42.0199 0x111c  atikmdag - ok
00:48:42.0258 0x111c  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:48:42.0301 0x111c  AudioEndpointBuilder - ok
00:48:42.0318 0x111c  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:48:42.0328 0x111c  AudioSrv - ok
00:48:42.0390 0x111c  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
00:48:42.0457 0x111c  BFE - ok
00:48:42.0595 0x111c  [ D90F5136CB6512B2B9A855C94F79B0B5, 7E2FFDF2B1147E25EA2530DB55667352116EE676D0B6F76ED4C6FEAFC88AB5D4 ] BHDrvx64        C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys
00:48:42.0654 0x111c  BHDrvx64 - ok
00:48:42.0720 0x111c  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\System32\qmgr.dll
00:48:42.0773 0x111c  BITS - ok
00:48:42.0796 0x111c  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
00:48:42.0800 0x111c  blbdrive - ok
00:48:42.0907 0x111c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:48:42.0917 0x111c  Bonjour Service - ok
00:48:42.0932 0x111c  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:48:42.0935 0x111c  bowser - ok
00:48:42.0962 0x111c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
00:48:42.0964 0x111c  BrFiltLo - ok
00:48:42.0976 0x111c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
00:48:42.0978 0x111c  BrFiltUp - ok
00:48:43.0003 0x111c  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
00:48:43.0007 0x111c  Browser - ok
00:48:43.0038 0x111c  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
00:48:43.0043 0x111c  Brserid - ok
00:48:43.0059 0x111c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
00:48:43.0061 0x111c  BrSerWdm - ok
00:48:43.0080 0x111c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
00:48:43.0081 0x111c  BrUsbMdm - ok
00:48:43.0106 0x111c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
00:48:43.0108 0x111c  BrUsbSer - ok
00:48:43.0122 0x111c  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:48:43.0125 0x111c  BTHMODEM - ok
00:48:43.0170 0x111c  [ 6C2DD66A3DB32450D661BA89B18B1941, F90707A6A708EFBED67E5FEEF713CD10CB9BBFEBDC4D0F9A5AD7BCF135E2FE1E ] CAXHWBS2        C:\Windows\system32\DRIVERS\CAXHWBS2.sys
00:48:43.0187 0x111c  CAXHWBS2 - ok
00:48:43.0258 0x111c  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys
00:48:43.0262 0x111c  ccSet_N360 - ok
00:48:43.0269 0x111c  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:48:43.0273 0x111c  cdfs - ok
00:48:43.0295 0x111c  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:48:43.0298 0x111c  cdrom - ok
00:48:43.0338 0x111c  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:48:43.0341 0x111c  CertPropSvc - ok
00:48:43.0370 0x111c  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\drivers\circlass.sys
00:48:43.0373 0x111c  circlass - ok
00:48:43.0407 0x111c  [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS            C:\Windows\system32\CLFS.sys
00:48:43.0424 0x111c  CLFS - ok
00:48:43.0500 0x111c  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:48:43.0504 0x111c  clr_optimization_v2.0.50727_32 - ok
00:48:43.0562 0x111c  [ 753049933D5326D835F4FCACDF4AD5E3, 715BEE09C19BCBCAD2A93E4725DB3A1FDD8E2FEFFF6E0C3D2F98FC607FED5D3A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:48:43.0567 0x111c  clr_optimization_v2.0.50727_64 - ok
00:48:43.0629 0x111c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:48:43.0632 0x111c  clr_optimization_v4.0.30319_32 - ok
00:48:43.0670 0x111c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:48:43.0673 0x111c  clr_optimization_v4.0.30319_64 - ok
00:48:43.0689 0x111c  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:48:43.0691 0x111c  cmdide - ok
00:48:43.0705 0x111c  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:48:43.0707 0x111c  Compbatt - ok
00:48:43.0712 0x111c  COMSysApp - ok
00:48:43.0719 0x111c  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:48:43.0720 0x111c  crcdisk - ok
00:48:43.0766 0x111c  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:48:43.0775 0x111c  CryptSvc - ok
00:48:43.0862 0x111c  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:48:43.0879 0x111c  DcomLaunch - ok
00:48:43.0911 0x111c  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:48:43.0916 0x111c  DfsC - ok
00:48:44.0048 0x111c  [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR            C:\Windows\system32\DFSR.exe
00:48:44.0156 0x111c  DFSR - ok
00:48:44.0185 0x111c  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
00:48:44.0201 0x111c  Dhcp - ok
00:48:44.0228 0x111c  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
00:48:44.0232 0x111c  disk - ok
00:48:44.0267 0x111c  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:48:44.0302 0x111c  Dnscache - ok
00:48:44.0318 0x111c  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
00:48:44.0327 0x111c  dot3svc - ok
00:48:44.0349 0x111c  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
00:48:44.0355 0x111c  DPS - ok
00:48:44.0383 0x111c  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:48:44.0385 0x111c  drmkaud - ok
00:48:44.0443 0x111c  [ 362CCEF305F45829316D62D3410F2062, 35033749E9B6B5AFC9C8C305F4AA1597E9776D465E7BBC24A20E836B7BEF0D73 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:48:44.0463 0x111c  DXGKrnl - ok
00:48:44.0522 0x111c  [ 17D40652EF3E55EEAE187A89DF40965A, D49D45E64D52FE0FD10A3A5F537A5F7AA4387BE862A1A5544565A1D5D3CDAAE5 ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
00:48:44.0533 0x111c  e1express - ok
00:48:44.0589 0x111c  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
00:48:44.0595 0x111c  E1G60 - ok
00:48:44.0616 0x111c  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
00:48:44.0620 0x111c  EapHost - ok
00:48:44.0651 0x111c  [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache          C:\Windows\system32\drivers\ecache.sys
00:48:44.0657 0x111c  Ecache - ok
00:48:44.0725 0x111c  [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:48:44.0736 0x111c  eeCtrl - ok
00:48:44.0811 0x111c  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:48:44.0819 0x111c  ehRecvr - ok
00:48:44.0835 0x111c  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched         C:\Windows\ehome\ehsched.exe
00:48:44.0839 0x111c  ehSched - ok
00:48:44.0857 0x111c  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart         C:\Windows\ehome\ehstart.dll
00:48:44.0859 0x111c  ehstart - ok
00:48:44.0899 0x111c  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:48:44.0916 0x111c  elxstor - ok
00:48:44.0953 0x111c  [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
00:48:44.0970 0x111c  EMDMgmt - ok
00:48:45.0005 0x111c  [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:48:45.0011 0x111c  EraserUtilRebootDrv - ok
00:48:45.0039 0x111c  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:48:45.0041 0x111c  ErrDev - ok
00:48:45.0083 0x111c  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
00:48:45.0100 0x111c  EventSystem - ok
00:48:45.0147 0x111c  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
00:48:45.0154 0x111c  exfat - ok
00:48:45.0203 0x111c  [ 1E34B436811CCA4A2783C0BC7A0BEB2E, 7C9496100DEA53FBADDA8B1EFF9F943FD13E75601A039632887A35F190C1F799 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:48:45.0211 0x111c  fastfat - ok
00:48:45.0237 0x111c  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:48:45.0239 0x111c  fdc - ok
00:48:45.0265 0x111c  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:48:45.0267 0x111c  fdPHost - ok
00:48:45.0286 0x111c  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:48:45.0288 0x111c  FDResPub - ok
00:48:45.0301 0x111c  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:48:45.0305 0x111c  FileInfo - ok
00:48:45.0316 0x111c  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:48:45.0319 0x111c  Filetrace - ok
00:48:45.0394 0x111c  [ B8602C90D3C427D8A86CE60437615CF5, E8058E71FD60D21884CBCF398338A65A92926BAC406F96713A262BDFDD04C80A ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
00:48:45.0404 0x111c  FlipShare Service - ok
00:48:45.0521 0x111c  [ AC5FB7094F31534594CAE48306972CBD, DB5A0F63EF6ABF68B1A952A05646A163A5C075E3571682FC1C4B32918E1569FC ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
00:48:45.0563 0x111c  FlipShareServer - ok
00:48:45.0584 0x111c  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:48:45.0586 0x111c  flpydisk - ok
00:48:45.0625 0x111c  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:48:45.0635 0x111c  FltMgr - ok
00:48:45.0709 0x111c  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache       C:\Windows\system32\FntCache.dll
00:48:45.0749 0x111c  FontCache - ok
00:48:45.0832 0x111c  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:48:45.0835 0x111c  FontCache3.0.0.0 - ok
00:48:45.0858 0x111c  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
00:48:45.0860 0x111c  fssfltr - ok
00:48:45.0961 0x111c  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:48:46.0010 0x111c  fsssvc - ok
00:48:46.0027 0x111c  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:48:46.0029 0x111c  Fs_Rec - ok
00:48:46.0056 0x111c  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:48:46.0060 0x111c  gagp30kx - ok
00:48:46.0088 0x111c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:48:46.0091 0x111c  GEARAspiWDM - ok
00:48:46.0116 0x111c  [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
00:48:46.0118 0x111c  gfibto - ok
00:48:46.0165 0x111c  [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:48:46.0189 0x111c  gpsvc - ok
00:48:46.0240 0x111c  [ 4773EBF096671B0F191B4701455EAC00, 504F3FE0108798B90F25D26B1AC57F7C81985D5324AE2C3764CA2FBA780BA8D4 ] GreenPrint      C:\Program Files\GreenPrint\GPSRHT01.exe
00:48:46.0249 0x111c  GreenPrint - ok
00:48:46.0352 0x111c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:48:46.0355 0x111c  gupdate - ok
00:48:46.0377 0x111c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:48:46.0380 0x111c  gupdatem - ok
00:48:46.0413 0x111c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:48:46.0420 0x111c  gusvc - ok
00:48:46.0450 0x111c  [ 68E732382B32417FF61FD663259B4B09, 10C5365AEAC46DF4F5F6A8F96D15141B4709851D4752613233E57EB20CE16446 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:48:46.0460 0x111c  HdAudAddService - ok
00:48:46.0511 0x111c  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:48:46.0544 0x111c  HDAudBus - ok
00:48:46.0574 0x111c  [ 68214C82FA6222591873677A72DF2A66, 056B85D19CEEE763D6616898F5F16BFD6F0D626B24DBD24DBC84037F1480D907 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:48:46.0576 0x111c  HidBatt - ok
00:48:46.0601 0x111c  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:48:46.0603 0x111c  HidBth - ok
00:48:46.0626 0x111c  [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:48:46.0628 0x111c  HidIr - ok
00:48:46.0659 0x111c  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\system32\hidserv.dll
00:48:46.0661 0x111c  hidserv - ok
00:48:46.0684 0x111c  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:48:46.0686 0x111c  HidUsb - ok
00:48:46.0737 0x111c  [ 846FCDB73941A5B8FC4299A234659713, A08AD3D82EF977C2CC095FDB39E50AEE2C30FA7FDCCA192F2174A979CCFD16AA ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
00:48:46.0740 0x111c  HitmanProScheduler - ok
00:48:46.0769 0x111c  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:48:46.0775 0x111c  hkmsvc - ok
00:48:46.0807 0x111c  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
00:48:46.0811 0x111c  HpCISSs - ok
00:48:46.0875 0x111c  [ 60F1D0EDE7AE2B92B3A8886E825B7147, A167DF71D3571D17A544AA4CD8FB1BE43AB0434214A05A794EE0CD071C25D177 ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
00:48:46.0923 0x111c  HSF_DPV - ok
00:48:46.0968 0x111c  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:48:46.0993 0x111c  HTTP - ok
00:48:47.0007 0x111c  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
00:48:47.0009 0x111c  i2omp - ok
00:48:47.0032 0x111c  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:48:47.0035 0x111c  i8042prt - ok
00:48:47.0082 0x111c  [ 07FB761600EFF44AF02C35B8B57E5863, 77266CF3A21BA73722C3868214F3B062C534B3C38DB2591C26E2E9F56FA70FD1 ] iaStor          C:\Windows\system32\drivers\iastor.sys
00:48:47.0098 0x111c  iaStor - ok
00:48:47.0127 0x111c  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
00:48:47.0137 0x111c  iaStorV - ok
00:48:47.0269 0x111c  [ A9AA69F749AC1D318151E77372CC83DB, 2A50A4D6ED22F5F6CB5DC56A639D904AD71E511DC744A6F6C3D1D4D39756AF31 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:48:47.0318 0x111c  idsvc - ok
00:48:47.0479 0x111c  [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64        C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141017.001\IDSvia64.sys
00:48:47.0513 0x111c  IDSVia64 - ok
00:48:47.0531 0x111c  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:48:47.0534 0x111c  iirsp - ok
00:48:47.0575 0x111c  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
00:48:47.0601 0x111c  IKEEXT - ok
00:48:47.0665 0x111c  [ 0DD17D4B59D0EC40E3C86A505BB0B6DD, 345A223585D640483438D3A18DB5768B95F1790BA25C5B360BA505401CCBD68D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:48:47.0714 0x111c  IntcAzAudAddService - ok
00:48:47.0753 0x111c  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
00:48:47.0762 0x111c  intelide - ok
00:48:47.0794 0x111c  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:48:47.0795 0x111c  intelppm - ok
00:48:47.0888 0x111c  [ 3DC635B66DD7412E1C9C3A77B8D78F25, D3894065DA2D08744863ECC5EE9027A0E39711A6A56AAB599F1CAF4BB996F42A ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
00:48:47.0889 0x111c  IntuitUpdateService - ok
00:48:47.0946 0x111c  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
00:48:47.0947 0x111c  IntuitUpdateServiceV4 - ok
00:48:47.0985 0x111c  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:48:47.0997 0x111c  IPBusEnum - ok
00:48:48.0024 0x111c  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:48:48.0027 0x111c  IpFilterDriver - ok
00:48:48.0065 0x111c  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:48:48.0074 0x111c  iphlpsvc - ok
00:48:48.0078 0x111c  IpInIp - ok
00:48:48.0099 0x111c  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
00:48:48.0103 0x111c  IPMIDRV - ok
00:48:48.0120 0x111c  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
00:48:48.0126 0x111c  IPNAT - ok
00:48:48.0177 0x111c  [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:48:48.0191 0x111c  iPod Service - ok
00:48:48.0208 0x111c  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:48:48.0210 0x111c  IRENUM - ok
00:48:48.0249 0x111c  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:48:48.0251 0x111c  isapnp - ok
00:48:48.0287 0x111c  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
00:48:48.0294 0x111c  iScsiPrt - ok
00:48:48.0306 0x111c  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
00:48:48.0310 0x111c  iteatapi - ok
00:48:48.0324 0x111c  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
00:48:48.0327 0x111c  iteraid - ok
00:48:48.0345 0x111c  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:48:48.0348 0x111c  kbdclass - ok
00:48:48.0371 0x111c  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:48:48.0373 0x111c  kbdhid - ok
00:48:48.0397 0x111c  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
00:48:48.0399 0x111c  KeyIso - ok
00:48:48.0440 0x111c  [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:48:48.0465 0x111c  KSecDD - ok
00:48:48.0487 0x111c  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:48:48.0489 0x111c  ksthunk - ok
00:48:48.0543 0x111c  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:48:48.0593 0x111c  KtmRm - ok
00:48:48.0633 0x111c  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:48:48.0641 0x111c  LanmanServer - ok
00:48:48.0667 0x111c  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:48:48.0673 0x111c  LanmanWorkstation - ok
00:48:48.0677 0x111c  Lbd - ok
00:48:48.0696 0x111c  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:48:48.0699 0x111c  lltdio - ok
00:48:48.0741 0x111c  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:48:48.0782 0x111c  lltdsvc - ok
00:48:48.0808 0x111c  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:48:48.0812 0x111c  lmhosts - ok
00:48:48.0835 0x111c  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:48:48.0840 0x111c  LSI_FC - ok
00:48:48.0861 0x111c  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:48:48.0866 0x111c  LSI_SAS - ok
00:48:48.0882 0x111c  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:48:48.0887 0x111c  LSI_SCSI - ok
00:48:48.0905 0x111c  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:48:48.0910 0x111c  luafv - ok
00:48:48.0954 0x111c  [ B2085E335F2B57077B0CBADB6F1245CD, 69C81753B2ABAE8C89CEDADFCB73FB332E5FCD555576959AD412BF036EC9E343 ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
00:48:48.0964 0x111c  lvpopf64 - ok
00:48:48.0984 0x111c  [ B3944D06EB4B64D57BD7E5FE89415F58, D6A4D17A887F54EEB6138909D10CD708582B10A51F1094275F53C9FFC2447F5F ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
00:48:48.0986 0x111c  LVPr2M64 - ok
00:48:48.0991 0x111c  [ B3944D06EB4B64D57BD7E5FE89415F58, D6A4D17A887F54EEB6138909D10CD708582B10A51F1094275F53C9FFC2447F5F ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
00:48:48.0992 0x111c  LVPr2Mon - ok
00:48:49.0032 0x111c  [ EF2BE2F45D4F06410A3BD2A3467325B0, F34741314ACD61A26F774FA91CBB5B5197F1853326C7CE4DF84B095906256696 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
00:48:49.0049 0x111c  LVRS64 - ok
00:48:49.0556 0x111c  [ AC22F92C6078640FE8A70D662A2F3AD5, 48AE7ADBE55CE15AACBD59869C1ECC609CCEA6DE7B4CAA263AF227070599D707 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
00:48:49.0753 0x111c  LVUVC64 - ok
00:48:49.0850 0x111c  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
00:48:49.0861 0x111c  McComponentHostService - ok
00:48:49.0891 0x111c  [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:48:49.0895 0x111c  Mcx2Svc - ok
00:48:49.0929 0x111c  [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:48:49.0931 0x111c  mdmxsdk - ok
00:48:50.0044 0x111c  [ BD985773F2163469D5C2952C599781D6, A663A90E0A59317827F426C98E18CD04965A00721B2E1BD80FCB533B9044C71D ] MediaMall Server C:\Program Files (x86)\MediaMall\MediaMallServer.exe
00:48:50.0085 0x111c  MediaMall Server - ok
00:48:50.0122 0x111c  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:48:50.0125 0x111c  megasas - ok
00:48:50.0161 0x111c  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
00:48:50.0178 0x111c  MegaSR - ok
00:48:50.0195 0x111c  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
00:48:50.0198 0x111c  MMCSS - ok
00:48:50.0212 0x111c  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
00:48:50.0214 0x111c  Modem - ok
00:48:50.0237 0x111c  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:48:50.0239 0x111c  monitor - ok
00:48:50.0244 0x111c  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:48:50.0247 0x111c  mouclass - ok
00:48:50.0260 0x111c  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:48:50.0262 0x111c  mouhid - ok
00:48:50.0271 0x111c  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
00:48:50.0298 0x111c  MountMgr - ok
00:48:50.0353 0x111c  [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:48:50.0358 0x111c  MozillaMaintenance - ok
00:48:50.0389 0x111c  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
00:48:50.0395 0x111c  mpio - ok
00:48:50.0424 0x111c  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:48:50.0429 0x111c  mpsdrv - ok
00:48:50.0473 0x111c  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:48:50.0498 0x111c  MpsSvc - ok
00:48:50.0515 0x111c  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
00:48:50.0518 0x111c  Mraid35x - ok
00:48:50.0532 0x111c  [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:48:50.0538 0x111c  MRxDAV - ok
00:48:50.0571 0x111c  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:48:50.0577 0x111c  mrxsmb - ok
00:48:50.0614 0x111c  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:48:50.0624 0x111c  mrxsmb10 - ok
00:48:50.0632 0x111c  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:48:50.0636 0x111c  mrxsmb20 - ok
00:48:50.0653 0x111c  [ 730B784962D22D2C6481EAE2370E7C8C, D797363808125247CFCE49E5E427193B95292260B70CDB882331CD9F58F8979B ] msahci          C:\Windows\system32\drivers\msahci.sys
00:48:50.0655 0x111c  msahci - ok
00:48:50.0679 0x111c  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:48:50.0685 0x111c  msdsm - ok
00:48:50.0703 0x111c  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
00:48:50.0708 0x111c  MSDTC - ok
00:48:50.0725 0x111c  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:48:50.0727 0x111c  Msfs - ok
00:48:50.0744 0x111c  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:48:50.0745 0x111c  msisadrv - ok
00:48:50.0795 0x111c  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:48:50.0802 0x111c  MSiSCSI - ok
00:48:50.0807 0x111c  msiserver - ok
00:48:50.0830 0x111c  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:48:50.0831 0x111c  MSKSSRV - ok
00:48:50.0845 0x111c  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:48:50.0847 0x111c  MSPCLOCK - ok
00:48:50.0864 0x111c  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:48:50.0866 0x111c  MSPQM - ok
00:48:50.0898 0x111c  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:48:50.0909 0x111c  MsRPC - ok
00:48:50.0921 0x111c  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:48:50.0924 0x111c  mssmbios - ok
00:48:50.0948 0x111c  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:48:50.0950 0x111c  MSTEE - ok
00:48:50.0967 0x111c  [ C83829C280F0207677B7AAA151EF9C4D, 3CD9E5C42391DCD6D7AC99C1100237BD54A57F1F5511811D6382D6EFB97D444E ] msvad_simple    C:\Windows\system32\drivers\povrtdev.sys
00:48:50.0969 0x111c  msvad_simple - ok
00:48:50.0990 0x111c  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:48:50.0993 0x111c  Mup - ok
00:48:51.0059 0x111c  [ A0C88349651D9F5421AFD363C27102E8, 71D5F7EDAF47AB1376444CB648BFD86CEA36735EE42A9935BDB876DF8F765F45 ] N360            C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
00:48:51.0065 0x111c  N360 - ok
00:48:51.0087 0x111c  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
00:48:51.0104 0x111c  napagent - ok
00:48:51.0132 0x111c  [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:48:51.0139 0x111c  NativeWifiP - ok
00:48:51.0201 0x111c  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141019.001\ENG64.SYS
00:48:51.0206 0x111c  NAVENG - ok
00:48:51.0354 0x111c  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141019.001\EX64.SYS
00:48:51.0437 0x111c  NAVEX15 - ok
00:48:51.0482 0x111c  [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:48:51.0523 0x111c  NDIS - ok
00:48:51.0534 0x111c  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:48:51.0536 0x111c  NdisTapi - ok
00:48:51.0560 0x111c  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:48:51.0562 0x111c  Ndisuio - ok
00:48:51.0600 0x111c  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:48:51.0606 0x111c  NdisWan - ok
00:48:51.0621 0x111c  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:48:51.0624 0x111c  NDProxy - ok
00:48:51.0639 0x111c  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:48:51.0643 0x111c  NetBIOS - ok
00:48:51.0675 0x111c  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
00:48:51.0684 0x111c  netbt - ok
00:48:51.0695 0x111c  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
00:48:51.0696 0x111c  Netlogon - ok
00:48:51.0729 0x111c  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
00:48:51.0746 0x111c  Netman - ok
00:48:51.0780 0x111c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:48:51.0787 0x111c  NetMsmqActivator - ok
00:48:51.0794 0x111c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:48:51.0798 0x111c  NetPipeActivator - ok
00:48:51.0819 0x111c  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
00:48:51.0836 0x111c  netprofm - ok
00:48:51.0844 0x111c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:48:51.0848 0x111c  NetTcpActivator - ok
00:48:51.0855 0x111c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:48:51.0859 0x111c  NetTcpPortSharing - ok
00:48:51.0876 0x111c  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:48:51.0879 0x111c  nfrd960 - ok
00:48:51.0897 0x111c  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:48:51.0905 0x111c  NlaSvc - ok
00:48:51.0915 0x111c  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:48:51.0917 0x111c  Npfs - ok
00:48:51.0931 0x111c  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
00:48:51.0934 0x111c  nsi - ok
00:48:51.0939 0x111c  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:48:51.0941 0x111c  nsiproxy - ok
00:48:52.0020 0x111c  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:48:52.0079 0x111c  Ntfs - ok
00:48:52.0092 0x111c  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
00:48:52.0095 0x111c  Null - ok
00:48:52.0126 0x111c  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:48:52.0131 0x111c  nvraid - ok
00:48:52.0156 0x111c  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:48:52.0159 0x111c  nvstor - ok
00:48:52.0184 0x111c  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:48:52.0189 0x111c  nv_agp - ok
00:48:52.0193 0x111c  NwlnkFlt - ok
00:48:52.0199 0x111c  NwlnkFwd - ok
00:48:52.0265 0x111c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:48:52.0307 0x111c  odserv - ok
00:48:52.0345 0x111c  [ B5B1CE65AC15BBD11C0619E3EF7CFC28, E9AA27724A7576D1869FF861A498DB8AF79A7B297F10272F1D63E6CB88CD455B ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
00:48:52.0348 0x111c  ohci1394 - ok
00:48:52.0386 0x111c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:48:52.0391 0x111c  ose - ok
00:48:52.0443 0x111c  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
00:48:52.0476 0x111c  p2pimsvc - ok
00:48:52.0518 0x111c  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:48:52.0537 0x111c  p2psvc - ok
00:48:52.0556 0x111c  [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport         C:\Windows\system32\drivers\parport.sys
00:48:52.0560 0x111c  Parport - ok
00:48:52.0581 0x111c  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:48:52.0585 0x111c  partmgr - ok
00:48:52.0603 0x111c  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:48:52.0607 0x111c  PcaSvc - ok
00:48:52.0621 0x111c  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
00:48:52.0628 0x111c  pci - ok
00:48:52.0655 0x111c  [ 2657F6C0B78C36D95034BE109336E382, C85CFDA57A64B7CC1BB09225C2F81629CEF21C5F25735B098F214397D6DE0D2C ] pciide          C:\Windows\system32\drivers\pciide.sys
00:48:52.0657 0x111c  pciide - ok
00:48:52.0696 0x111c  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:48:52.0704 0x111c  pcmcia - ok
00:48:52.0752 0x111c  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:48:52.0788 0x111c  PEAUTH - ok
00:48:52.0870 0x111c  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:48:52.0882 0x111c  PerfHost - ok
00:48:52.0954 0x111c  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
00:48:52.0985 0x111c  pla - ok
00:48:53.0017 0x111c  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:48:53.0058 0x111c  PlugPlay - ok
00:48:53.0092 0x111c  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
00:48:53.0111 0x111c  PNRPAutoReg - ok
00:48:53.0151 0x111c  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
00:48:53.0171 0x111c  PNRPsvc - ok
00:48:53.0212 0x111c  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:48:53.0237 0x111c  PolicyAgent - ok
00:48:53.0261 0x111c  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:48:53.0266 0x111c  PptpMiniport - ok
00:48:53.0288 0x111c  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
00:48:53.0292 0x111c  Processor - ok
00:48:53.0311 0x111c  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc         C:\Windows\system32\profsvc.dll
00:48:53.0318 0x111c  ProfSvc - ok
00:48:53.0327 0x111c  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:48:53.0329 0x111c  ProtectedStorage - ok
00:48:53.0348 0x111c  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
00:48:53.0352 0x111c  PSched - ok
00:48:53.0383 0x111c  [ 46851BC18322DA70F3F2299A1007C479, B2F0744F8B3AC0569D713773B8639EC225B80DD4C7D45C6B18423C52AFFAF17C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
00:48:53.0384 0x111c  PxHlpa64 - ok
00:48:53.0448 0x111c  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:48:53.0490 0x111c  ql2300 - ok
00:48:53.0521 0x111c  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:48:53.0526 0x111c  ql40xx - ok
00:48:53.0555 0x111c  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
00:48:53.0562 0x111c  QWAVE - ok
00:48:53.0576 0x111c  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:48:53.0579 0x111c  QWAVEdrv - ok
00:48:53.0731 0x111c  [ 77E980EB1CC596FB6073C5C540E85F62, FCB9349D45AFEDB21FFCEFDEDEA9233D7D3A12E882932D008E822CAA1754B3E5 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
00:48:53.0811 0x111c  R300 - ok
00:48:53.0825 0x111c  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:48:53.0826 0x111c  RasAcd - ok
00:48:53.0857 0x111c  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
00:48:53.0862 0x111c  RasAuto - ok
00:48:53.0870 0x111c  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:48:53.0874 0x111c  Rasl2tp - ok
00:48:53.0892 0x111c  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
00:48:53.0903 0x111c  RasMan - ok
00:48:53.0919 0x111c  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:48:53.0922 0x111c  RasPppoe - ok
00:48:53.0932 0x111c  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:48:53.0936 0x111c  RasSstp - ok
00:48:53.0952 0x111c  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:48:53.0961 0x111c  rdbss - ok
00:48:53.0975 0x111c  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:48:53.0977 0x111c  RDPCDD - ok
00:48:54.0012 0x111c  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
00:48:54.0023 0x111c  rdpdr - ok
00:48:54.0043 0x111c  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:48:54.0046 0x111c  RDPENCDD - ok
00:48:54.0082 0x111c  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:48:54.0090 0x111c  RDPWD - ok
00:48:54.0117 0x111c  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:48:54.0122 0x111c  RemoteAccess - ok
00:48:54.0139 0x111c  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:48:54.0147 0x111c  RemoteRegistry - ok
00:48:54.0192 0x111c  [ 5790BCA445CC40DF8B38C2C48608AAC2, E8CC273ECF44B6638FEC7AF443745C04E03580B5C6ECFE45648F18BA2B9B89E7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:48:54.0194 0x111c  RimUsb - ok
00:48:54.0232 0x111c  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
00:48:54.0233 0x111c  RpcLocator - ok
00:48:54.0282 0x111c  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
00:48:54.0299 0x111c  RpcSs - ok
00:48:54.0326 0x111c  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:48:54.0330 0x111c  rspndr - ok
00:48:54.0373 0x111c  [ B263B3AEBCDE2210D1CC25756601B8EA, 85395F55555BC846397BB5F4FE5DE90EC7A12B629B339758F969B5B4AE6C8ADA ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
00:48:54.0390 0x111c  RTL8169 - ok
00:48:54.0419 0x111c  [ 5532C4BF15173270757A75B46BAEB960, BDA8BBE27019FFEC5C60EEB15B6D94B0C7A4E534D634066DFA1E4CB99DC6FA87 ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
00:48:54.0421 0x111c  RtNdPt60 - ok
00:48:54.0435 0x111c  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
00:48:54.0436 0x111c  SamSs - ok
00:48:54.0585 0x111c  [ 99FC1599F89A80216E41175B8CA44D89, 20306278CF081E58002D6ADCC07CA65D7651C8D059392337562612EDFAC5BEB5 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
00:48:54.0666 0x111c  SBAMSvc - ok
00:48:54.0709 0x111c  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:48:54.0714 0x111c  sbp2port - ok
00:48:54.0781 0x111c  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:48:54.0806 0x111c  SBSDWSCService - ok
00:48:54.0839 0x111c  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:48:54.0846 0x111c  SCardSvr - ok
00:48:54.0890 0x111c  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule        C:\Windows\system32\schedsvc.dll
00:48:54.0924 0x111c  Schedule - ok
00:48:54.0940 0x111c  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:48:54.0941 0x111c  SCPolicySvc - ok
00:48:54.0967 0x111c  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:48:54.0973 0x111c  SDRSVC - ok
00:48:54.0988 0x111c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:48:54.0991 0x111c  secdrv - ok
00:48:54.0999 0x111c  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
00:48:55.0002 0x111c  seclogon - ok
00:48:55.0015 0x111c  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\System32\sens.dll
00:48:55.0019 0x111c  SENS - ok
00:48:55.0039 0x111c  [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum         C:\Windows\system32\drivers\serenum.sys
00:48:55.0041 0x111c  Serenum - ok
00:48:55.0061 0x111c  [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial          C:\Windows\system32\drivers\serial.sys
00:48:55.0066 0x111c  Serial - ok
00:48:55.0086 0x111c  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:48:55.0088 0x111c  sermouse - ok
00:48:55.0114 0x111c  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
00:48:55.0119 0x111c  SessionEnv - ok
00:48:55.0140 0x111c  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:48:55.0142 0x111c  sffdisk - ok
00:48:55.0162 0x111c  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:48:55.0164 0x111c  sffp_mmc - ok
00:48:55.0189 0x111c  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:48:55.0191 0x111c  sffp_sd - ok
00:48:55.0212 0x111c  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:48:55.0213 0x111c  sfloppy - ok
00:48:55.0251 0x111c  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:48:55.0265 0x111c  SharedAccess - ok
00:48:55.0297 0x111c  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:48:55.0330 0x111c  ShellHWDetection - ok
00:48:55.0350 0x111c  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
00:48:55.0353 0x111c  SiSRaid2 - ok
00:48:55.0371 0x111c  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:48:55.0376 0x111c  SiSRaid4 - ok
00:48:55.0411 0x111c  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:48:55.0415 0x111c  SkypeUpdate - ok
00:48:55.0465 0x111c  [ 0973BD0931BF4D0DFB1885BD464E9766, 592D1C383A3BD970F37A2FE28DE3DEFEE05ACAAF39DD685E1FDDA1F1DEDC49D9 ] SlingAgentService C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
00:48:55.0467 0x111c  SlingAgentService - ok
00:48:55.0571 0x111c  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
00:48:55.0662 0x111c  slsvc - ok
00:48:55.0692 0x111c  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
00:48:55.0696 0x111c  SLUINotify - ok
00:48:55.0723 0x111c  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:48:55.0727 0x111c  Smb - ok
00:48:55.0755 0x111c  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:48:55.0758 0x111c  SNMPTRAP - ok
00:48:55.0763 0x111c  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:48:55.0765 0x111c  spldr - ok
00:48:55.0796 0x111c  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
00:48:55.0803 0x111c  Spooler - ok
00:48:55.0951 0x111c  [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP           C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS
00:48:55.0984 0x111c  SRTSP - ok
00:48:56.0001 0x111c  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
00:48:56.0004 0x111c  SRTSPX - ok
00:48:56.0043 0x111c  [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:48:56.0060 0x111c  srv - ok
00:48:56.0084 0x111c  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:48:56.0090 0x111c  srv2 - ok
00:48:56.0119 0x111c  [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:48:56.0125 0x111c  srvnet - ok
00:48:56.0140 0x111c  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:48:56.0148 0x111c  SSDPSRV - ok
00:48:56.0176 0x111c  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:48:56.0183 0x111c  SstpSvc - ok
00:48:56.0215 0x111c  [ 14B4DB4381E4A55F570D8BB699B791D6, 14975F249C59F9D13359FF064433246C46A8A3328ED69A23712649ACAAE9121D ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:48:56.0217 0x111c  StillCam - ok
00:48:56.0262 0x111c  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc          C:\Windows\System32\wiaservc.dll
00:48:56.0321 0x111c  stisvc - ok
00:48:56.0363 0x111c  [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
00:48:56.0367 0x111c  stllssvr - ok
00:48:56.0387 0x111c  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:48:56.0389 0x111c  swenum - ok
00:48:56.0414 0x111c  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
00:48:56.0438 0x111c  swprv - ok
00:48:56.0450 0x111c  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
00:48:56.0453 0x111c  Symc8xx - ok
00:48:56.0514 0x111c  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
00:48:56.0524 0x111c  SymDS - ok
00:48:56.0574 0x111c  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
00:48:56.0599 0x111c  SymEFA - ok
00:48:56.0632 0x111c  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:48:56.0639 0x111c  SymEvent - ok
00:48:56.0665 0x111c  [ 6DE89F4CDF0B31A5BAF2855F9D80F8BA, 53064C246732594127E7D927C179FEB8134701D7D8C4A85CB1FE29B82F37A16A ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
00:48:56.0669 0x111c  SymIM - ok
00:48:56.0712 0x111c  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS
00:48:56.0721 0x111c  SymIRON - ok
00:48:56.0745 0x111c  [ 018D1F8343C301B4AF9DD042D2FFBCC8, 5DE8FADCBFA91B018DFA1E9B55CC84F70539791E1EDABB06301569EE92AFD970 ] SYMTDIv         C:\Windows\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS
00:48:56.0770 0x111c  SYMTDIv - ok
00:48:56.0789 0x111c  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
00:48:56.0792 0x111c  Sym_hi - ok
00:48:56.0809 0x111c  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
00:48:56.0812 0x111c  Sym_u3 - ok
00:48:56.0863 0x111c  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
00:48:56.0897 0x111c  SysMain - ok
00:48:56.0926 0x111c  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
00:48:56.0931 0x111c  TabletInputService - ok
00:48:56.0961 0x111c  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:48:56.0978 0x111c  TapiSrv - ok
00:48:56.0993 0x111c  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
00:48:56.0996 0x111c  TBS - ok
00:48:57.0057 0x111c  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:48:57.0089 0x111c  Tcpip - ok
00:48:57.0149 0x111c  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
00:48:57.0184 0x111c  Tcpip6 - ok
00:48:57.0204 0x111c  [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:48:57.0207 0x111c  tcpipreg - ok
00:48:57.0222 0x111c  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:48:57.0224 0x111c  TDPIPE - ok
00:48:57.0236 0x111c  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:48:57.0238 0x111c  TDTCP - ok
00:48:57.0270 0x111c  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:48:57.0304 0x111c  tdx - ok
00:48:57.0319 0x111c  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:48:57.0323 0x111c  TermDD - ok
00:48:57.0358 0x111c  [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService     C:\Windows\System32\termsrv.dll
00:48:57.0384 0x111c  TermService - ok
00:48:57.0404 0x111c  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
00:48:57.0412 0x111c  Themes - ok
00:48:57.0441 0x111c  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
00:48:57.0443 0x111c  THREADORDER - ok
00:48:57.0459 0x111c  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
00:48:57.0466 0x111c  TrkWks - ok
00:48:57.0511 0x111c  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:48:57.0513 0x111c  TrustedInstaller - ok
00:48:57.0535 0x111c  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:48:57.0537 0x111c  tssecsrv - ok
00:48:57.0567 0x111c  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
00:48:57.0569 0x111c  tunmp - ok
00:48:57.0594 0x111c  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:48:57.0596 0x111c  tunnel - ok
00:48:57.0616 0x111c  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:48:57.0619 0x111c  uagp35 - ok
00:48:57.0643 0x111c  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:48:57.0660 0x111c  udfs - ok
00:48:57.0672 0x111c  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:48:57.0675 0x111c  UI0Detect - ok
00:48:57.0698 0x111c  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:48:57.0701 0x111c  uliagpkx - ok
00:48:57.0739 0x111c  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
00:48:57.0748 0x111c  uliahci - ok
00:48:57.0777 0x111c  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
00:48:57.0790 0x111c  UlSata - ok
00:48:57.0827 0x111c  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
00:48:57.0834 0x111c  ulsata2 - ok
00:48:57.0859 0x111c  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:48:57.0862 0x111c  umbus - ok
00:48:57.0885 0x111c  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
00:48:57.0901 0x111c  upnphost - ok
00:48:57.0944 0x111c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:48:57.0947 0x111c  USBAAPL64 - ok
00:48:57.0969 0x111c  [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:48:57.0973 0x111c  usbaudio - ok
00:48:58.0005 0x111c  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:48:58.0010 0x111c  usbccgp - ok
00:48:58.0032 0x111c  [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:48:58.0036 0x111c  usbcir - ok
00:48:58.0071 0x111c  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:48:58.0074 0x111c  usbehci - ok
00:48:58.0094 0x111c  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:48:58.0103 0x111c  usbhub - ok
00:48:58.0134 0x111c  [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:48:58.0136 0x111c  usbohci - ok
00:48:58.0171 0x111c  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:48:58.0173 0x111c  usbprint - ok
00:48:58.0215 0x111c  [ C024814884CE9E6C2E6ED76A63AC3B9A, 39C9EB54998547B0B65EEE6391AA326B02C7CA52FAE9CEB98D538FEC8D9F1858 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:48:58.0218 0x111c  usbscan - ok
00:48:58.0258 0x111c  [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:48:58.0262 0x111c  USBSTOR - ok
00:48:58.0290 0x111c  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:48:58.0292 0x111c  usbuhci - ok
00:48:58.0316 0x111c  [ FC33099877790D51B0927B7039059855, 9EF33DABDBF0EEC60C63137F5FB21B27536B5923F10DF4F66621CC9864EB894E ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:48:58.0323 0x111c  usbvideo - ok
00:48:58.0351 0x111c  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
00:48:58.0354 0x111c  UxSms - ok
00:48:58.0394 0x111c  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
00:48:58.0419 0x111c  vds - ok
00:48:58.0431 0x111c  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:48:58.0433 0x111c  vga - ok
00:48:58.0447 0x111c  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:48:58.0449 0x111c  VgaSave - ok
00:48:58.0473 0x111c  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
00:48:58.0475 0x111c  viaide - ok
00:48:58.0499 0x111c  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:48:58.0503 0x111c  volmgr - ok
00:48:58.0524 0x111c  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:48:58.0541 0x111c  volmgrx - ok
00:48:58.0572 0x111c  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:48:58.0583 0x111c  volsnap - ok
00:48:58.0613 0x111c  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:48:58.0620 0x111c  vsmraid - ok
00:48:58.0688 0x111c  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
00:48:58.0717 0x111c  VSS - ok
00:48:58.0745 0x111c  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
00:48:58.0762 0x111c  W32Time - ok
00:48:58.0792 0x111c  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:48:58.0794 0x111c  WacomPen - ok
00:48:58.0830 0x111c  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
00:48:58.0834 0x111c  Wanarp - ok
00:48:58.0839 0x111c  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:48:58.0841 0x111c  Wanarpv6 - ok
00:48:58.0869 0x111c  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:48:58.0882 0x111c  wcncsvc - ok
00:48:58.0903 0x111c  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:48:58.0906 0x111c  WcsPlugInService - ok
00:48:58.0930 0x111c  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
00:48:58.0932 0x111c  Wd - ok
00:48:58.0983 0x111c  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
00:48:58.0985 0x111c  WDC_SAM - ok
00:48:59.0037 0x111c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:48:59.0071 0x111c  Wdf01000 - ok
00:48:59.0090 0x111c  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:48:59.0095 0x111c  WdiServiceHost - ok
00:48:59.0100 0x111c  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:48:59.0103 0x111c  WdiSystemHost - ok
00:48:59.0122 0x111c  [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient       C:\Windows\System32\webclnt.dll
00:48:59.0131 0x111c  WebClient - ok
00:48:59.0152 0x111c  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:48:59.0160 0x111c  Wecsvc - ok
00:48:59.0180 0x111c  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:48:59.0183 0x111c  wercplsupport - ok
00:48:59.0200 0x111c  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:48:59.0207 0x111c  WerSvc - ok
00:48:59.0250 0x111c  [ A53CDE6BEEA165FE9B430476EEDE3C54, 5933C8F3935F0E298A9845992259016947E977399A89C4C152381C626D21AC95 ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
00:48:59.0267 0x111c  winachsf - ok
00:48:59.0276 0x111c  WinDefend - ok
00:48:59.0285 0x111c  WinHttpAutoProxySvc - ok
00:48:59.0327 0x111c  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:48:59.0335 0x111c  Winmgmt - ok
00:48:59.0418 0x111c  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
00:48:59.0484 0x111c  WinRM - ok
00:48:59.0534 0x111c  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:48:59.0560 0x111c  Wlansvc - ok
00:48:59.0634 0x111c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:48:59.0637 0x111c  wlcrasvc - ok
00:48:59.0735 0x111c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:48:59.0783 0x111c  wlidsvc - ok
00:48:59.0807 0x111c  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:48:59.0809 0x111c  WmiAcpi - ok
00:48:59.0830 0x111c  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:48:59.0834 0x111c  wmiApSrv - ok
00:48:59.0840 0x111c  WMPNetworkSvc - ok
00:48:59.0869 0x111c  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:48:59.0877 0x111c  WPCSvc - ok
00:48:59.0902 0x111c  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:48:59.0907 0x111c  WPDBusEnum - ok
00:48:59.0928 0x111c  [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
00:48:59.0931 0x111c  WpdUsb - ok
00:49:00.0042 0x111c  [ A2BFEDF5D926CBED9C5F7BC46169A99C, 4F336C0D1DFBCDF9583F528331300FD377AE6565E0C70D58CD9E6ACE95B7273F ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:49:00.0064 0x111c  WPFFontCache_v0400 - ok
00:49:00.0084 0x111c  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:49:00.0085 0x111c  ws2ifsl - ok
00:49:00.0112 0x111c  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc          C:\Windows\System32\wscsvc.dll
00:49:00.0116 0x111c  wscsvc - ok
00:49:00.0120 0x111c  WSearch - ok
00:49:00.0227 0x111c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:49:00.0311 0x111c  wuauserv - ok
00:49:00.0331 0x111c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:49:00.0334 0x111c  WudfPf - ok
00:49:00.0363 0x111c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:49:00.0371 0x111c  WUDFRd - ok
00:49:00.0378 0x111c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:49:00.0383 0x111c  wudfsvc - ok
00:49:00.0410 0x111c  [ F22E443518BC599D12888DAF292A56D8, B83E06985639F2DD7FB675FC48794C6BB424F330C6E8F030B34F128245CCE0D1 ] XAudio          C:\Windows\system32\DRIVERS\xaudio64.sys
00:49:00.0412 0x111c  XAudio - ok
00:49:00.0439 0x111c  [ 963C27034BBA4AC52A13F7A3C657C708, BE104B9E4978F16A023364621CFFAE95BC629A18AA82B2DA890E5DC18ADADDE1 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio64.exe
00:49:00.0456 0x111c  XAudioService - ok
00:49:00.0462 0x111c  ================ Scan global ===============================
00:49:00.0485 0x111c  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
00:49:00.0529 0x111c  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
00:49:00.0571 0x111c  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
00:49:00.0617 0x111c  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
00:49:00.0634 0x111c  [ Global ] - ok
00:49:00.0634 0x111c  ================ Scan MBR ==================================
00:49:00.0648 0x111c  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:49:00.0855 0x111c  \Device\Harddisk0\DR0 - ok
00:49:00.0855 0x111c  ================ Scan VBR ==================================
00:49:00.0858 0x111c  [ A652C5458732C58E8C6C1211798360B7 ] \Device\Harddisk0\DR0\Partition1
00:49:00.0885 0x111c  \Device\Harddisk0\DR0\Partition1 - ok
00:49:00.0888 0x111c  [ 2C49354797EA6D00CF996E4AB65E5F20 ] \Device\Harddisk0\DR0\Partition2
00:49:00.0921 0x111c  \Device\Harddisk0\DR0\Partition2 - ok
00:49:00.0922 0x111c  ================ Scan generic autorun ======================
00:49:00.0922 0x111c  Windows Defender - ok
00:49:01.0144 0x111c  [ B226E09227FA658298B980AA4BB37621, A07C6803396934CBB3443EA743B8E8ADEE1C921F3AF2A3444437B152D914B2D2 ] C:\Windows\RAVCpl64.exe
00:49:01.0330 0x111c  RtHDVCpl - ok
00:49:01.0344 0x111c  Skytel - ok
00:49:01.0379 0x111c  [ 186C9D39541CC0DFFCC454F79AA0B0BF, 71D333B9037362650E5E4DBF4EFA3CFD49034C53F27C7FFDE8DE6149ADB6471D ] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
00:49:01.0382 0x111c  PDVDDXSrv - ok
00:49:01.0428 0x111c  [ D658AB1B55127D18DCFBCAC8CAAEA522, 9FB818F3899542CB7F1B979644423A66842D98D1762B1C38AE04AEE23320DA8E ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
00:49:01.0431 0x111c  HP Software Update - ok
00:49:01.0504 0x111c  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:49:01.0546 0x111c  Sidebar - ok
00:49:01.0551 0x111c  WindowsWelcomeCenter - ok
00:49:01.0599 0x111c  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:49:01.0625 0x111c  Sidebar - ok
00:49:01.0629 0x111c  WindowsWelcomeCenter - ok
00:49:01.0630 0x111c  WMPNSCFG - ok
00:49:01.0691 0x111c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
00:49:01.0692 0x111c  swg - ok
00:49:01.0801 0x111c  [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
00:49:01.0874 0x111c  SpybotSD TeaTimer - ok
00:49:02.0128 0x111c  [ 61E3B5BEE1C10954F53DC07282F2A61C, 9B092FE63CAECDAD165B702D45B79D5D06DC879C11FEFFCE62B431712C50A1F2 ] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
00:49:02.0297 0x111c  Logitech Vid - ok
00:49:02.0376 0x111c  [ B60F618B09FDC751902B7486F3A26E92, BDF0C33960C98445018CF48F78D66F643E5AA1EDBF7E0265CE10C75F828E85AF ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
00:49:02.0379 0x111c  iCloudServices - ok
00:49:02.0397 0x111c  [ 6162D3FEBC87474D447D8240D2862B24, 2B3D924D4027BA83AD083244B08E9D7B0A4E763D0FE3A7F9FC936D95F0A7DC96 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
00:49:02.0399 0x111c  ApplePhotoStreams - ok
00:49:02.0401 0x111c  pleUserlink - ok
00:49:02.0415 0x111c  DisplaySwitch - ok
00:49:02.0466 0x111c  [ CFA567D7EA43EEC53E7866C78CDE15A5, DB85601D4BD61C771D9EA663569CDFC9D085008CDAE1637C07B64B8DB9A9D7B0 ] C:\Program Files (x86)\Quicken\bagent.exe
00:49:02.0485 0x111c  QuickenScheduledUpdates - ok
00:49:02.0486 0x111c  WMPNSCFG - ok
00:49:02.0582 0x111c  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
00:49:02.0630 0x111c  Sidebar - ok
00:49:02.0649 0x111c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
00:49:02.0650 0x111c  swg - ok
00:49:02.0651 0x111c  WMPNSCFG - ok
00:49:02.0658 0x111c  [ B60F618B09FDC751902B7486F3A26E92, BDF0C33960C98445018CF48F78D66F643E5AA1EDBF7E0265CE10C75F828E85AF ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
00:49:02.0660 0x111c  iCloudServices - ok
00:49:02.0666 0x111c  [ 6162D3FEBC87474D447D8240D2862B24, 2B3D924D4027BA83AD083244B08E9D7B0A4E763D0FE3A7F9FC936D95F0A7DC96 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
00:49:02.0668 0x111c  ApplePhotoStreams - ok
00:49:02.0732 0x111c  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
00:49:02.0764 0x111c  Sidebar - ok
00:49:02.0774 0x111c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
00:49:02.0775 0x111c  swg - ok
00:49:02.0842 0x111c  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
00:49:02.0875 0x111c  Sidebar - ok
00:49:02.0883 0x111c  [ B60F618B09FDC751902B7486F3A26E92, BDF0C33960C98445018CF48F78D66F643E5AA1EDBF7E0265CE10C75F828E85AF ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
00:49:02.0885 0x111c  iCloudServices - ok
00:49:02.0892 0x111c  [ 6162D3FEBC87474D447D8240D2862B24, 2B3D924D4027BA83AD083244B08E9D7B0A4E763D0FE3A7F9FC936D95F0A7DC96 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
00:49:02.0894 0x111c  ApplePhotoStreams - ok
00:49:02.0909 0x111c  [ 8E773D9B51E5B04F0C1C96229DCECBEA, D0738A78153D94C813A99C47AD632458B9AF654D5FF1B35619E0A588AA6F3782 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
00:49:02.0911 0x111c  com.apple.dav.bookmarks.daemon - ok
00:49:02.0924 0x111c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
00:49:02.0925 0x111c  swg - ok
00:49:03.0111 0x111c  [ 61E3B5BEE1C10954F53DC07282F2A61C, 9B092FE63CAECDAD165B702D45B79D5D06DC879C11FEFFCE62B431712C50A1F2 ] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
00:49:03.0223 0x111c  Logitech Vid - ok
00:49:03.0295 0x111c  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
00:49:03.0323 0x111c  Sidebar - ok
00:49:03.0394 0x111c  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
00:49:03.0422 0x111c  Sidebar - ok
00:49:03.0425 0x111c  Waiting for KSN requests completion. In queue: 34
00:49:04.0425 0x111c  Waiting for KSN requests completion. In queue: 34
00:49:05.0425 0x111c  Waiting for KSN requests completion. In queue: 34
00:49:06.0425 0x111c  Waiting for KSN requests completion. In queue: 34
00:49:07.0494 0x111c  AV detected via SS2: Lavasoft Ad-Aware, C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWSC.EXE ( 10.4.49.4168 ), 0x40000 ( disabled : updated )
00:49:07.0496 0x111c  AV detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51000 ( enabled : updated )
00:49:07.0498 0x111c  FW detected via SS2: Lavasoft Ad-Aware, C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWSC.EXE ( 10.4.49.4168 ), 0x40010 ( disabled )
00:49:07.0499 0x111c  FW detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51010 ( enabled )
00:49:09.0995 0x111c  ============================================================
00:49:09.0995 0x111c  Scan finished
00:49:09.0995 0x111c  ============================================================
00:49:10.0004 0x14f8  Detected object count: 0
00:49:10.0004 0x14f8  Actual detected object count: 0



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 AM

Posted 21 October 2014 - 07:52 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 indiana27

indiana27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 22 October 2014 - 11:07 PM

Hi, I tried as instructed above last night, however Combofix.exe didn't appear to be able to run correctly.

 

Combofix.exe (or windows) was displaying messages with extensions 3xe.  I don't recall the specific messages as I didn't take notes (will next time).

 

Combofix.exe also stated that it was making a restore point, however I gave up after 15-20 minutes.

 

I have Nortons 360 and disabled "Smart Firewall", "Antivirus Auto Protect" and "Antispyware" until next reboot.  I could see that Notons was still running in process explorer however and it wouldn't let me kill it.

 

Questions:

 

1) The computer is running pretty slow in "Normal" startup as requested above.  Do I need to stay in "Normal" startup to run Combofix or can I return to the "Selective Startup" setting?

 

2) Are the "3xe" extensions messages that I mentioned about expected?

 

3) How long does a restore point take?  Did I wait long enough?

 

4) Is there any guidance in deactivating Nortons 360 as required?  I will research for sure, however if there are known steps, that I haven't come accross that you have a link to, that would be great.

 

I will obviously keep at this however I wanted to state that I'm working on this and it may take some time to run Combfox.exe as requested above.

 

Thanks, Brian


Edited by indiana27, 22 October 2014 - 11:21 PM.


#8 indiana27

indiana27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 24 October 2014 - 09:12 PM

I believe I finally got Combofix to run.  I had a few virus scanners running (see below).  I still recieved the following errors during the initial run, but Combfox did find something in the "Amy" account, reboot and save a log (3 code boxes below).

 

The "Amy" account did have something weird with it months ago where it would randomaly send the user to unintended websites, so this makes sense.  However it didn't list anything with the "Brian" account as I expected to find.  I suspect there is more yet to be done.

Virus Protection Running:
1) Ad-Aware AntiVrus (AdAware.exe)
2) Ad-Aware Browsing Production and Anti-Phishing (adawarebp.exe)
3) HitmanPro Scheuler (hmpsched.exe)
4) Norton 360 (n360.exe; two running)
5) GFI Software Anti Malware Service (SBAMSvc.exe)
6) Spybot Security Integration (SDWinSec.exe)
7) Macafee Security Scanner Scheduler (SSScheduler.exe)

Steps Taken:
1) Killed all in task manager except norton 360
2) Disabled several areas in nortons
3) Ran Combfix.exe
4) Disabled ad-aware in services
5) Disabled firewall in services
6) Ran Combfix.exe a 2nd time

Here are the messages I got when running Combofix.  Do I need to re-run Combofix?  I re-ran Combofix a 2nd time and didn't get the warning, but did get the first "NirCmd" message after the "Stage 2" message displayed in Combofix.

[Window Title]
Microsoft Windows

[Main Instruction]
NirCmd has stopped working

[Content]
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

[Close program]

<<< above message was repeated 2-3 times >>>

[Window Title]
Microsoft Windows

[Main Instruction]
setpath.3XE has stopped working

[Content]
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

[Close program]

[Window Title]
Microsoft Windows

[Main Instruction]
rmbr.3XE has stopped working

[Content]
Windows is collecting more information about the problem.  This might take several minutes...

[Cancel]

[Window Title]
Microsoft Windows

[Main Instruction]
Handle viewer has stopped working

[Content]
Windows is collecting more information about the problem.  This might take several minutes...

[Cancel]

---------------------------
Warning !!
---------------------------
ComboFix has detected the following real time scanner(s) to be active:antispyware:  Norton 360Antivirus and intrusion prevention programs are known to interferewith ComboFix's running. This may lead to unpredictable results orpossible machine damage.Please disable these scanners before clicking 'OK'.
---------------------------
OK   
---------------------------
ComboFix 14-10-21.01 - AmyA 10/24/2014  20:59:26.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6142.3101 [GMT -4:00]
Running from: c:\downloads\Software\Malware\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\1E3.tmp
c:\users\Amy\AppData\Roaming\Start
c:\users\Amy\AppData\Roaming\Start\temp_BCECE583\flash.9.0.159.0.ocx
c:\users\Amy\AppData\Roaming\Start\temp_BCECE583\ScreenCapture.mfx
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-25 to 2014-10-25  )))))))))))))))))))))))))))))))
.
.
2014-10-25 01:35 . 2014-10-25 01:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-25 01:35 . 2014-10-25 01:35	--------	d-----w-	c:\users\Brian\AppData\Local\temp
2014-10-25 01:34 . 2014-10-25 01:34	--------	d-----w-	c:\users\Amy\AppData\Local\temp
2014-10-25 01:33 . 2014-10-25 01:40	--------	d-----w-	c:\users\AmyA\AppData\Local\temp
2014-10-25 01:33 . 2014-10-25 01:33	--------	d-----w-	c:\users\Deanna\AppData\Local\temp
2014-10-25 01:33 . 2014-10-25 01:33	--------	d-----w-	c:\users\Cara\AppData\Local\temp
2014-10-25 01:33 . 2014-10-25 01:33	--------	d-----w-	c:\users\BrianA\AppData\Local\temp
2014-10-24 15:04 . 2014-10-24 15:04	--------	d-----w-	c:\users\AmyA\AppData\Local\IsolatedStorage
2014-10-20 04:02 . 2014-10-20 04:11	--------	d-----w-	C:\FRST
2014-10-20 03:55 . 2014-10-20 03:55	--------	d-----w-	c:\users\AmyA\AppData\Local\LogiShrd
2014-10-20 03:54 . 2014-10-20 03:54	--------	d-----w-	c:\users\AmyA\AppData\Local\Logitech® Webcam Software
2014-10-20 03:53 . 2014-10-20 03:53	--------	d-----w-	c:\users\AmyA\AppData\Roaming\ATI
2014-10-20 03:53 . 2014-10-20 03:53	--------	d-----w-	c:\users\AmyA\AppData\Local\ATI
2014-10-19 22:30 . 2014-10-23 13:09	--------	d-----w-	c:\users\AmyA\AppData\Local\Adobe
2014-10-17 03:07 . 2014-10-17 03:07	--------	d-----w-	c:\users\AmyA\AppData\Roaming\TextPad
2014-10-16 07:21 . 2014-09-17 06:57	76800	----a-w-	c:\windows\system32\packager.dll
2014-10-16 07:21 . 2014-09-16 16:56	66560	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-16 07:20 . 2014-09-27 23:41	2782208	----a-w-	c:\windows\system32\win32k.sys
2014-10-16 07:13 . 2014-06-15 22:18	1131664	----a-w-	c:\windows\SysWow64\dfshim.dll
2014-10-16 07:13 . 2014-06-15 22:18	1943696	----a-w-	c:\windows\system32\dfshim.dll
2014-10-16 07:13 . 2014-06-13 18:22	81560	----a-w-	c:\windows\SysWow64\mscories.dll
2014-10-16 07:13 . 2014-06-13 18:22	156824	----a-w-	c:\windows\SysWow64\mscorier.dll
2014-10-16 07:13 . 2014-06-13 17:36	73880	----a-w-	c:\windows\system32\mscories.dll
2014-10-16 07:13 . 2014-06-13 17:36	156312	----a-w-	c:\windows\system32\mscorier.dll
2014-10-16 07:12 . 2014-09-04 23:38	198656	----a-w-	c:\windows\system32\drivers\fastfat.sys
2014-10-15 11:42 . 2014-09-20 00:15	183000	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2014-10-10 18:06 . 2014-10-10 18:06	--------	d-----w-	c:\program files\iPod
2014-10-10 18:06 . 2014-10-10 18:07	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-10 18:06 . 2014-10-10 18:07	--------	d-----w-	c:\program files\iTunes
2014-09-28 03:06 . 2014-09-28 03:08	--------	d-----w-	c:\users\Briani
2014-09-27 19:32 . 2014-09-27 20:33	--------	d-----w-	c:\users\Brian\AppData\Local\adawarebp
2014-09-25 17:06 . 2014-09-25 17:09	--------	d-----w-	c:\users\AmyA\AppData\Local\Windows Live
2014-09-25 14:16 . 2014-09-25 14:16	--------	d-----w-	c:\users\AmyA\AppData\Local\adawarebp
2014-09-25 10:54 . 2014-09-25 10:54	--------	d-----w-	c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 07:01 . 2006-11-02 12:35	103265616	----a-w-	c:\windows\system32\mrt.exe
2014-09-28 03:27 . 2014-09-23 02:15	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-24 07:49 . 2012-04-05 13:16	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 07:49 . 2011-05-16 13:47	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 06:40 . 2014-09-24 07:00	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 06:24 . 2014-09-24 07:00	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-08-28 10:47 . 2012-07-16 03:31	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 02:20 . 2014-09-23 02:38	37592	----a-w-	c:\windows\system32\drivers\N360x64\1506000.020\srtspx64.sys
2014-08-26 02:20 . 2014-09-23 02:38	876248	----a-w-	c:\windows\system32\drivers\N360x64\1506000.020\srtsp64.sys
2014-08-23 01:05 . 2014-08-28 07:00	304128	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-23 00:42 . 2014-08-28 07:00	390144	----a-w-	c:\windows\system32\gdi32.dll
2014-08-06 19:48 . 2014-09-23 02:38	266968	----a-w-	c:\windows\system32\drivers\N360x64\1506000.020\ironx64.sys
2014-07-28 18:52 . 2014-07-28 18:52	6112072	----a-w-	c:\windows\system32\usbaaplrc.dll
2014-07-28 18:52 . 2014-07-28 18:52	54784	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-10-02 59720]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-23 39408]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe;c:\windows\SYSNATIVE\AERTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-17 19:42	1089352	----a-w-	c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:49]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 07:33]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 07:33]
.
2014-10-25 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-03-07 15:02]
.
2014-10-25 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-11-23 11:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
FF - ProfilePath - c:\users\AmyA\AppData\Roaming\Mozilla\Firefox\Profiles\bkzd1a0o.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Skytel - Skytel.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GreenPrint\Azara]
@Denied: (A D 2 3 4 5 6) (Everyone)
@="c:\\ProgramData\\GreenPrint\\Common\\Data\\TPDC-148497.XML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files (x86)\MediaMall\MediaMallServer.exe
c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\MediaMall\MediaMallServer.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
.
**************************************************************************
.
Completion time: 2014-10-24  21:52:31 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-25 01:52
.
Pre-Run: 185,309,650,944 bytes free
Post-Run: 185,570,095,104 bytes free
.
- - End Of File - - 03649E8D6EDD03F710CC7FF38855AD4E
5C616939100B85E558DA92B899A0FC36


Edited by indiana27, 24 October 2014 - 09:19 PM.


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:40 AM

Posted 29 October 2014 - 02:55 AM

Hi indiana27,

 

Marius is not available at the moment, so I will work with you from now on. Please post back with a fresh FRST logfile and tell me how the system is running.


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 indiana27

indiana27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 29 October 2014 - 07:49 AM

Hi Schrauber, thanks for the assistance.  I have listed logs as requested below.  As an FYI, last night I had the intrusion detections popup on from Norton's on the AmyA account.  I'm not certain but I may have killed it (with process explorer) before it spawned other issues on this account (like Brian and BrianA accounts).  The issue hasn't resurfaced since, but I haven't rebooted yet either.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014
Ran by AmyA (administrator) on INDIANA on 29-10-2014 08:36:43
Running from C:\Downloads\Software
Loaded Profiles: AmyA & Briani (Available profiles: Brian & Amy & Cara & Deanna & AmyA & BrianA & Briani)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GreenPrint Technologies LLC.) C:\Program Files\GreenPrint\gpsrht01.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(GreenPrint Technologies LLC.) C:\Program Files\GreenPrint\gpsrdg01.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Sysinternals - www.sysinternals.com) C:\share\z_work\z_work_laptop\downloads\Process Explorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\share\z_work\z_work_laptop\downloads\Process Explorer\procexp64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6431232 2008-07-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3581106983-3228185147-2497233209-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3581106983-3228185147-2497233209-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3581106983-3228185147-2497233209-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3581106983-3228185147-2497233209-1006\...\MountPoints2: {21cbf4af-b8c6-11dd-81e6-806e6f6e6963} - E:\AUTORUN.EXE
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
GroupPolicyUsers\S-1-5-21-3581106983-3228185147-2497233209-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3581106983-3228185147-2497233209-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAC5F9E071ED5CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {AA299E98-6FB5-409F-99D3-D30D749F4864} https://support.infinitesolutionsllc.com/inc/kaxRemote.dll
DPF: HKLM-x32 {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/MeetUploader_200909.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\AmyA\AppData\Roaming\Mozilla\Firefox\Profiles\bkzd1a0o.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-27]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-24]
CHR Extension: (Google Docs) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-24]
CHR Extension: (Google Drive) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (YouTube) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-24]
CHR Extension: (Google Search) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-24]
CHR Extension: (Mafia Wars) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpaajdmciceaicpamnglddkegaelimni [2014-09-24]
CHR Extension: (Google Sheets) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-24]
CHR Extension: (Norton Identity Safe) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-24]
CHR Extension: (Spockholm Mafia Toolbar) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmnlgpakocffbjcgfibfdmgmfhjgepni [2014-09-24]
CHR Extension: (Mafia Wars Addon) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2014-09-24]
CHR Extension: (Google Wallet) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-24]
CHR Extension: (Gmail) - C:\Users\AmyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited)
R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-18] (Andrea Electronics Corporation)
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
R2 GreenPrint; C:\Program Files\GreenPrint\GPSRHT01.exe [434728 2009-10-27] (GreenPrint Technologies LLC.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-23] (SurfRight B.V.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2062200 2012-04-14] (MediaMall Technologies, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-18] (GFI Software)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141028.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141028.016\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141028.016\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2008-07-21] (Windows (R) Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 22:42 - 2014-10-27 22:42 - 00000849 _____ () C:\Users\Brian\Desktop\Process Explorer - Shortcut.lnk
2014-10-27 22:42 - 2014-10-27 22:42 - 00000658 _____ () C:\Users\Brian\Desktop\Music - Shortcut.lnk
2014-10-27 12:24 - 2014-10-27 12:24 - 00150084 _____ () C:\Users\AmyA\Downloads\fota2014directions.xps
2014-10-27 12:24 - 2014-10-27 12:24 - 00150084 _____ () C:\Users\AmyA\Downloads\fota2014directions(1).xps
2014-10-26 14:33 - 2014-10-26 14:33 - 01366954 _____ () C:\Users\AmyA\Downloads\1412083393wpdm_1.zip
2014-10-24 21:52 - 2014-10-24 21:52 - 00019279 _____ () C:\ComboFix.txt
2014-10-24 11:08 - 2014-10-24 11:08 - 92196864 _____ () C:\Users\AmyA\Desktop\QDATA_home-2014-10-24.QDF-backup
2014-10-24 11:04 - 2014-10-24 11:04 - 00000000 ____D () C:\Users\AmyA\AppData\Local\IsolatedStorage
2014-10-22 23:48 - 2014-10-22 23:49 - 00808352 _____ () C:\Windows\Minidump\Mini102214-01.dmp
2014-10-21 23:50 - 2014-10-21 23:50 - 00001161 _____ () C:\Users\AmyA\Desktop\procexp.exe - Shortcut.lnk
2014-10-21 23:27 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-21 23:27 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-21 23:27 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-21 23:27 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-21 23:27 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-21 23:27 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-21 23:27 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-21 23:27 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-21 23:23 - 2014-10-24 21:53 - 00000000 ____D () C:\Qoobox
2014-10-21 23:21 - 2014-10-24 21:50 - 00000000 ____D () C:\Windows\erdnt
2014-10-20 00:02 - 2014-10-29 08:36 - 00000000 ____D () C:\FRST
2014-10-19 23:55 - 2014-10-19 23:55 - 00000000 ____D () C:\Users\AmyA\AppData\Local\LogiShrd
2014-10-19 23:54 - 2014-10-19 23:54 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Logitech® Webcam Software
2014-10-19 23:53 - 2014-10-19 23:53 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\ATI
2014-10-19 23:53 - 2014-10-19 23:53 - 00000000 ____D () C:\Users\AmyA\AppData\Local\ATI
2014-10-19 18:30 - 2014-10-23 09:09 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Adobe
2014-10-19 18:25 - 2014-10-19 18:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-16 23:23 - 2014-10-16 23:30 - 00000180 _____ () C:\Users\AmyA\Downloads\TL-WDR4300_v1_140916.zip
2014-10-16 23:07 - 2014-10-16 23:07 - 00000834 _____ () C:\Users\AmyA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2014-10-16 23:07 - 2014-10-16 23:07 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\TextPad
2014-10-16 03:21 - 2014-09-17 02:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 03:21 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 03:20 - 2014-09-27 19:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 03:13 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 03:13 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 03:13 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 03:13 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 03:13 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 03:13 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 03:12 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 07:43 - 2014-09-19 20:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 07:43 - 2014-09-19 19:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 07:43 - 2014-09-19 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 07:43 - 2014-09-19 19:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 07:43 - 2014-09-19 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 07:43 - 2014-09-19 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 07:43 - 2014-09-19 19:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 07:43 - 2014-09-19 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 07:43 - 2014-09-19 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 07:43 - 2014-09-19 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 07:43 - 2014-09-19 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 07:43 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 07:43 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 07:43 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 07:43 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 07:43 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 07:43 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 07:43 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 07:43 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 07:43 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 07:43 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 07:42 - 2014-09-19 19:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 07:42 - 2014-09-19 19:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 07:42 - 2014-09-19 19:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 07:42 - 2014-09-19 19:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 07:42 - 2014-09-19 19:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 07:42 - 2014-09-19 19:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 07:42 - 2014-09-19 19:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 07:42 - 2014-09-19 19:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 07:42 - 2014-09-19 19:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 07:42 - 2014-09-19 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 07:42 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 07:42 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 07:42 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 07:42 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 07:42 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 07:42 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 07:42 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 07:42 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 07:42 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 07:42 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 07:42 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-14 22:53 - 2014-10-14 22:53 - 00001139 _____ () C:\Users\AmyA\Desktop\waiver_wire_research_2014 - Shortcut.lnk
2014-10-10 14:08 - 2014-10-10 14:08 - 00001702 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-10 14:08 - 2014-10-10 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-10 14:06 - 2014-10-10 14:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-10 14:06 - 2014-10-10 14:07 - 00000000 ____D () C:\Program Files\iTunes
2014-10-10 14:06 - 2014-10-10 14:06 - 00000000 ____D () C:\Program Files\iPod
2014-10-06 17:12 - 2014-10-06 17:12 - 00083456 _____ () C:\Users\Cara\Documents\halloween_party.pub
2014-10-06 01:03 - 2014-10-06 01:03 - 00000834 _____ () C:\Users\Briani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2014-10-06 01:03 - 2014-10-06 01:03 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\TextPad
2014-10-05 23:26 - 2014-10-05 23:26 - 00001085 _____ () C:\Users\Brian\Desktop\procexp.exe - Shortcut.lnk
2014-10-04 14:39 - 2014-10-04 14:40 - 00000018 _____ () C:\Users\Briani\Desktop\dlink.txt
2014-09-30 21:33 - 2014-09-30 21:34 - 00000000 ____D () C:\Users\Briani\AppData\Local\Adobe
2014-09-30 21:28 - 2014-09-30 21:29 - 00000193 _____ () C:\Users\Briani\Desktop\Network Security Settings.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 08:23 - 2012-03-03 22:47 - 00000000 ____D () C:\Program Files (x86)\MediaMall
2014-10-29 07:46 - 2011-11-03 12:49 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-10-29 07:41 - 2010-02-13 23:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 07:38 - 2012-04-05 09:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-29 07:23 - 2008-11-22 14:52 - 01776502 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 06:46 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-29 06:46 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-29 03:41 - 2010-02-13 23:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 03:20 - 2012-03-03 22:42 - 00000000 ____D () C:\ProgramData\MediaMall
2014-10-28 23:16 - 2013-01-18 10:47 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-10-28 23:16 - 2008-11-22 20:08 - 00000288 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-10-28 23:15 - 2010-08-12 23:30 - 00000000 ____D () C:\Users\Brian\AppData\Local\CrashDumps
2014-10-28 22:26 - 2009-01-16 23:20 - 00000000 ___RD () C:\temp
2014-10-28 03:42 - 2014-09-23 21:47 - 00002033 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 22:47 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 22:44 - 2006-11-02 11:42 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-25 22:56 - 2014-09-05 13:14 - 00000000 ____D () C:\Users\AmyA\AppData\Local\CrashDumps
2014-10-24 22:00 - 2014-09-25 13:06 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Windows Live
2014-10-24 21:52 - 2014-04-22 15:41 - 00000000 ____D () C:\Users\dub_cm_auto
2014-10-24 21:52 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2014-10-24 21:41 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-24 21:38 - 2008-01-20 23:26 - 00885394 _____ () C:\Windows\PFRO.log
2014-10-23 00:50 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 23:48 - 2011-08-15 19:30 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 23:48 - 2011-08-15 19:29 - 784389526 _____ () C:\Windows\MEMORY.DMP
2014-10-19 23:50 - 2012-04-26 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-19 18:30 - 2014-08-26 09:39 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\Adobe
2014-10-18 03:55 - 2010-11-14 19:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-18 03:36 - 2010-02-13 23:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 03:36 - 2010-02-13 23:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 12:09 - 2014-08-26 09:34 - 00000000 ____D () C:\Users\AmyA\AppData\Local\VirtualStore
2014-10-16 12:03 - 2014-09-22 11:54 - 00005632 _____ () C:\Users\AmyA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-16 03:44 - 2006-11-02 11:21 - 00424888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:18 - 2010-02-26 17:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 03:11 - 2013-07-12 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:01 - 2006-11-02 08:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-13 14:53 - 2014-09-03 10:18 - 00000000 ____D () C:\Users\AmyA\AppData\Local\Apple
2014-10-10 13:59 - 2014-08-26 09:33 - 00000000 ____D () C:\Users\AmyA
2014-10-10 08:59 - 2014-09-27 23:08 - 00006836 _____ () C:\Users\Briani\AppData\Local\d3d9caps.dat
2014-10-08 22:24 - 2014-09-28 12:07 - 00000000 ____D () C:\Users\Briani\AppData\Local\CrashDumps
2014-10-05 23:57 - 2009-01-16 22:13 - 00000000 ____D () C:\Users\Brian\AppData\Local\Google
2014-10-04 13:22 - 2009-05-15 14:04 - 00000000 ____D () C:\Users\Amy\AppData\Local\Google
2014-10-03 18:55 - 2014-09-18 09:43 - 00000000 ____D () C:\Users\AmyA\AppData\Roaming\vlc
2014-09-30 21:33 - 2014-09-28 00:36 - 00000000 ____D () C:\Users\Briani\AppData\Roaming\Adobe
2014-09-30 21:10 - 2014-09-27 23:07 - 00000000 ____D () C:\Users\Briani\AppData\Local\VirtualStore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-28 23:24

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014
Ran by AmyA at 2014-10-29 08:37:42
Running from C:\Downloads\Software
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3ivx MPEG-4 5.0.3 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware Antivirus (HKLM-x32\...\{2819e172-81d5-4113-88bd-4605b02344e0}) (Version: 10.4.49.4168 - Lavasoft)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.82 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Any Video Converter 3.3.0 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
ccc-core-static (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Draft Predictor 2012 (HKLM-x32\...\{A65656AA-3EAA-499D-9666-01B9348FD15F}) (Version: 12.3.0.0 - Bert Software)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FFLM version 14.00 (HKLM-x32\...\FFLM2005_is1) (Version: 6.00 - Sideline Software, Inc.)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoZone iSync (HKLM-x32\...\GoZone iSync) (Version: 1.0.91 - Virgin HealthMiles)
GreenPrint (HKLM\...\{2C49B82D-E23D-4258-9CBC-79CCB8E5FF17}) (Version: 2.1.1 - GreenPrint Technologies)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{F4330A8B-3610-4483-975E-69789B70A764}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{7C1C9924-3755-483C-87B1-8371B7454B1A}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Gallery Upload Software (HKLM-x32\...\com.kodakgallery.AirUploader) (Version: 2.09 - Kodak Imaging Network, Inc.)
KODAK Gallery Upload Software (x32 Version: 2.09 - Kodak Imaging Network, Inc.) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{1C89932F-1D9D-4776-AD7A-9156FF792539}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Picaboo 2.5 (HKLM-x32\...\{8C525C3E-00C9-4A77-9F76-D22939DB53C0}) (Version: 2.5 - Picaboo)
PlayOn (HKLM-x32\...\{CE89E33D-1E0A-43DA-8126-3C5725BE19E1}) (Version: 3.4.37 - MediaMall Technologies, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version:  - )
Quicken 2008 (HKLM-x32\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.5.3 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM-x32\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0512.1133.18639 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}) (Version: 2.0.4521 - Sling Media)
SlingPlayer (x32 Version: 2.0.4521 - Sling Media) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Strawberry Shortcake - Amazing Cookie Party (HKLM-x32\...\Strawberry Shortcake - Amazing Cookie Party) (Version:  - )
TextPad 4.7 (HKLM-x32\...\{B510A987-487E-4C66-9F4F-D386AC275715}) (Version: 4.7.2 - Helios)
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TweetDeck (HKLM-x32\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.37.6 - TweetDeck Inc)
TweetDeck (x32 Version: 0.37.6 - TweetDeck Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
VueScan (HKLM-x32\...\VueScan) (Version:  - )
WebSlingPlayer ActiveX (HKLM-x32\...\{2DC0661C-FF81-4358-9F33-76EA6CAB6BF6}) (Version: 1.5.15770 - Sling Media)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-10-2014 05:09:09 Scheduled Checkpoint
08-10-2014 05:45:46 Scheduled Checkpoint
09-10-2014 05:59:32 Scheduled Checkpoint
10-10-2014 04:03:35 Scheduled Checkpoint
10-10-2014 17:59:12 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
12-10-2014 06:57:44 Scheduled Checkpoint
14-10-2014 04:45:04 Scheduled Checkpoint
15-10-2014 04:00:02 Scheduled Checkpoint
16-10-2014 07:00:21 Windows Update
17-10-2014 04:05:20 Scheduled Checkpoint
19-10-2014 23:56:49 Scheduled Checkpoint
22-10-2014 13:53:01 Scheduled Checkpoint
23-10-2014 05:56:18 Scheduled Checkpoint
24-10-2014 04:00:01 Scheduled Checkpoint
25-10-2014 03:42:01 Scheduled Checkpoint
26-10-2014 07:23:28 Scheduled Checkpoint
28-10-2014 03:40:28 Scheduled Checkpoint
29-10-2014 07:43:57 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2014-10-24 21:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0665C984-1839-446F-829C-BD9937A54844} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1EF10F81-9692-414E-B6EC-919E8E7B82CF} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {244E75DE-F20E-4942-A366-7AF8C1BEAAD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2FD4BB79-4879-48F6-A781-33ABBC4EFB28} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {4583D4CB-2352-4931-98BC-DD2CF3DBD810} - System32\Tasks\{2C154528-14FC-467A-B9BD-7576353B5AAA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {4EF7478B-7034-46AA-9760-BF601E71631E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {515B9730-07D5-4F16-BD74-FFD825A2BC41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6788A5A8-36D1-462C-B510-BDC9AA8F35C9} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-03-07] ()
Task: {6EA2E590-EF03-4F84-9B98-F64D4775CB84} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2012-12-14] (Lavasoft Limited)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {874F3090-F9E3-4B84-BDBE-A690E33C9FFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {9DB4DE2F-4AEA-4FB1-8AE6-8E7C78B185AB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0620D67-7D06-4F82-B7A7-0A558C151C75} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {A4FBB120-642C-4984-9A41-2CB9DC85905F} - System32\Tasks\reboot => c:\temp\reboot.bat
Task: {B0D0A107-109D-4125-A9DE-65B476AE599E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B33851B4-53FD-4EA5-8B37-142B98C66885} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {B38A0BA0-9F90-4FA9-B261-1BD05F9A0C2C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EAE4DDB0-731F-48B3-A2D6-09C942D7D003} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe

==================== Loaded Modules (whitelisted) =============

2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2008-11-22 22:23 - 2008-07-24 07:49 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-09 22:57 - 2010-04-09 22:57 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-09 22:57 - 2010-04-09 22:57 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-04-09 17:16 - 2011-04-09 17:16 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-01-18 10:50 - 2014-06-20 06:08 - 00192376 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-01-18 10:50 - 2014-06-20 06:08 - 00180088 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2011-09-02 16:24 - 2011-09-02 16:24 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: FlipShareServer => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3581106983-3228185147-2497233209-500 - Administrator - Disabled)
Amy (S-1-5-21-3581106983-3228185147-2497233209-1001 - Administrator - Enabled) => C:\Users\Amy
AmyA (S-1-5-21-3581106983-3228185147-2497233209-1004 - Administrator - Enabled) => C:\Users\AmyA
Brian (S-1-5-21-3581106983-3228185147-2497233209-1000 - Administrator - Enabled) => C:\Users\Brian
BrianA (S-1-5-21-3581106983-3228185147-2497233209-1005 - Administrator - Enabled) => C:\Users\BrianA
Briani (S-1-5-21-3581106983-3228185147-2497233209-1006 - Administrator - Enabled) => C:\Users\Briani
Cara (S-1-5-21-3581106983-3228185147-2497233209-1002 - Limited - Enabled) => C:\Users\Cara
Deanna (S-1-5-21-3581106983-3228185147-2497233209-1003 - Limited - Enabled) => C:\Users\Deanna
Guest (S-1-5-21-3581106983-3228185147-2497233209-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 07:29:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16584 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 52d4
Start Time: 01cff36adb81bef0
Termination Time: 11

Error: (10/29/2014 03:43:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0d750bdc-4233-4eda-853c-96373466bee8}

Error: (10/28/2014 11:15:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 11.4.0.18, time stamp 0x54045c47, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x3fed0cc0,
process id 0x3be0, application start time 0xiTunes.exe0.

Error: (10/28/2014 11:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x001501e2,
process id 0x26c8, application start time 0xdllhost.exe0.

Error: (10/28/2014 11:04:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BRIAN\MUSIC\ITUNES\ITUNES MEDIA\DOWNLOADS\PODCASTS\THE DRIVE BLOCK  - WEEKLY PREVIEW SH.TMP\DOWNLOAD.MP3> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (10/28/2014 11:02:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BRIAN\MUSIC\ITUNES\ITUNES MEDIA\DOWNLOADS\PODCASTS\TRAINING CAMP TALK _ THE AUDIBLE LIV.TMP\DOWNLOAD.MP3> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2014 11:40:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {65395978-942a-4840-8bab-71f88a1ed8be}

Error: (10/27/2014 10:47:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 10:43:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 10:34:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/28/2014 10:53:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/28/2014 00:36:02 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/28/2014 00:35:45 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/28/2014 00:35:42 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/28/2014 00:35:17 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/27/2014 10:55:41 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/27/2014 10:55:36 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/27/2014 10:50:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intuit Update Service v4%%1053

Error: (10/27/2014 10:50:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Intuit Update Service v4

Error: (10/27/2014 10:47:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: MediaMall Server101Restart the service


Microsoft Office Sessions:
=========================
Error: (08/08/2014 09:41:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2354 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (08/07/2014 00:24:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 448 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (08/05/2014 11:49:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4537 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (04/18/2014 09:08:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 367 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/11/2014 00:36:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 755 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (02/05/2014 05:48:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1234 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (12/03/2013 00:38:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 977 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (11/09/2013 06:09:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 226 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 00:19:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2013 10:49:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 4882 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-29 08:37:08.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:37:07.873
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:37:07.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:37:07.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:36:53.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:36:53.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:36:52.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:36:52.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:36:52.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 08:36:51.706
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 51%
Total physical RAM: 6142.26 MB
Available physical RAM: 2969.3 MB
Total Pagefile: 12489.53 MB
Available Pagefile: 9612.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WinVista) (Fixed) (Total:683.57 GB) (Free:174.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.69 GB) NTFS
Drive e: (CD165A4) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: B0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:40 AM

Posted 29 October 2014 - 02:22 PM

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 indiana27

indiana27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 29 October 2014 - 04:06 PM

I ran adwCleaner "as admin".  The file wasn't generated automatically.  However I clicked the "Report" button and it gave me a notepad report as below.  Upon further review, it saves it to "C:\AdwCleaner\".

# AdwCleaner v4.002 - Report created 29/10/2014 at 16:57:37
# Updated 27/10/2014 by Xplode
# Database : 2014-10-26.6
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : AmyA - INDIANA
# Running from : C:\Downloads\Software\Malware\adwcleaner_4.002.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v33.0 (x86 en-US)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [8503 octets] - [22/09/2014 23:45:36]
AdwCleaner[R1].txt - [1296 octets] - [23/09/2014 16:55:35]
AdwCleaner[R2].txt - [1416 octets] - [23/09/2014 17:07:40]
AdwCleaner[R3].txt - [1536 octets] - [23/09/2014 17:18:26]
AdwCleaner[R4].txt - [1894 octets] - [24/09/2014 19:57:48]
AdwCleaner[R5].txt - [2870 octets] - [27/09/2014 13:14:47]
AdwCleaner[R6].txt - [1579 octets] - [29/10/2014 16:57:37]
AdwCleaner[S0].txt - [8419 octets] - [22/09/2014 23:49:14]
AdwCleaner[S1].txt - [1359 octets] - [23/09/2014 16:58:41]
AdwCleaner[S2].txt - [1479 octets] - [23/09/2014 17:09:58]
AdwCleaner[S3].txt - [1957 octets] - [24/09/2014 20:00:39]
AdwCleaner[S4].txt - [2819 octets] - [27/09/2014 13:17:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1939 octets] ##########



#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:40 AM

Posted 30 October 2014 - 01:14 AM

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 indiana27

indiana27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 30 October 2014 - 07:25 AM

When re-running adwcleaner, different results were scanned and cleaned(deleted).  (see 1st report below).  After reboot, I ran adwcleaner again and it found the original registry keys.  I also cleaned(deleted) them as well.  (see 2nd report below).  Should I run and clean again?

# AdwCleaner v4.002 - Report created 30/10/2014 at 07:51:58
# DB v
# Updated 27/10/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : AmyA - INDIANA
# Running from : C:\Downloads\Software\Malware\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\addthis.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adobe.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\betrad.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\billmelater.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bing.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bleepingcomputer.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cbssports.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\disqus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\doubleclick.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dvtps.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ehow.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fitday.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\go.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\google.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hollywoodlife.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\imdb.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\imrworldwide.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\majorgeeks.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\malwaretips.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\microsoft.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\msn.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myfantasyleague.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nbc.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\newegg.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nfl.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\norton360online.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\photobucket.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\rfihub.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\rotoworld.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\serverfault.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoprunner.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sling.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slingbox.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thepetitionsite.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timewarnercable.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tomshardware.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tp-link.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tv.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\visa.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\weather.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wikipedia.org
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yahoo.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yimg.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\youtube.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v33.0 (x86 en-US)

[6civdfu0.default] - Line Deleted : # Mozilla User Preferences
[6civdfu0.default] - Line Deleted : 
[6civdfu0.default] - Line Deleted : /* Do not edit this file.
[6civdfu0.default] - Line Deleted :  *
[6civdfu0.default] - Line Deleted :  * If you make changes to this file while the application is running,
[6civdfu0.default] - Line Deleted :  * the changes will be overwritten when the application exits.
[6civdfu0.default] - Line Deleted :  *
[6civdfu0.default] - Line Deleted :  * To make a manual change to preferences, you can visit the URL about:config
[6civdfu0.default] - Line Deleted :  */
[6civdfu0.default] - Line Deleted : 
[6civdfu0.default] - Line Deleted : user_pref("TFC.anonymous", 0);
[6civdfu0.default] - Line Deleted : user_pref("TFC.password", "20815d3a-9608-4224-9380-c2e534982930");
[6civdfu0.default] - Line Deleted : user_pref("TFC.tabTwoPointOh", 1);
[6civdfu0.default] - Line Deleted : user_pref("TFC.userID", 11046523);
[6civdfu0.default] - Line Deleted : user_pref("accessibility.typeaheadfind.flashBar", 0);
[6civdfu0.default] - Line Deleted : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1408926617);
[6civdfu0.default] - Line Deleted : user_pref("app.update.lastUpdateTime.background-update-timer", 1408972041);
[6civdfu0.default] - Line Deleted : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1408926497);
[6civdfu0.default] - Line Deleted : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1409007471);
[6civdfu0.default] - Line Deleted : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1408926737);
[6civdfu0.default] - Line Deleted : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1409007350);
[6civdfu0.default] - Line Deleted : user_pref("browser.bookmarks.restore_default_bookmarks", false);
[6civdfu0.default] - Line Deleted : user_pref("browser.cache.disk.capacity", 358400);
[6civdfu0.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.first_run", false);
[6civdfu0.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.use_old_max", false);
[6civdfu0.default] - Line Deleted : user_pref("browser.cache.disk.smart_size_cached_value", 358400);
[6civdfu0.default] - Line Deleted : user_pref("browser.cache.frecency_experiment", 4);
[6civdfu0.default] - Line Deleted : user_pref("browser.download.importedFromSqlite", true);
[6civdfu0.default] - Line Deleted : user_pref("browser.download.panel.firstSessionCompleted", true);
[6civdfu0.default] - Line Deleted : user_pref("browser.download.panel.shown", true);
[6civdfu0.default] - Line Deleted : user_pref("browser.download.save_converter_index", 2);
[6civdfu0.default] - Line Deleted : user_pref("browser.feeds.showFirstRunUI", false);
[6civdfu0.default] - Line Deleted : user_pref("browser.migration.version", 22);
[6civdfu0.default] - Line Deleted : user_pref("browser.newtabpage.storageVersion", 1);
[6civdfu0.default] - Line Deleted : user_pref("browser.pagethumbnails.storage_version", 3);
[6civdfu0.default] - Line Deleted : user_pref("browser.places.smartBookmarksVersion", 7);
[6civdfu0.default] - Line Deleted : user_pref("browser.preferences.advanced.selectedTabIndex", 1);
[6civdfu0.default] - Line Deleted : user_pref("browser.rights.3.shown", true);
[6civdfu0.default] - Line Deleted : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140716183446");
[6civdfu0.default] - Line Deleted : user_pref("browser.shell.checkDefaultBrowser", false);
[6civdfu0.default] - Line Deleted : user_pref("browser.slowStartup.averageTime", 15854);
[6civdfu0.default] - Line Deleted : user_pref("browser.slowStartup.samples", 1);
[6civdfu0.default] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.facebook.com/");
[6civdfu0.default] - Line Deleted : user_pref("browser.startup.homepage_override.buildID", "20140716183446");
[6civdfu0.default] - Line Deleted : user_pref("browser.startup.homepage_override.mstone", "31.0");
[6civdfu0.default] - Line Deleted : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":0,\"bookmarks\":1,\"addons\":4}");
[6civdfu0.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.260", "");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionFailureTime", "1389629013026");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1409116820953");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1409116823245");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1409203223245");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.healthreport.service.firstRun", true);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 1);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1365513707050");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1365514009958");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-implicit-time-elapsed");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.policy.firstRunTime", "1365426533474");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.current.activeTicks", 10);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.current.clean", true);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.current.firstPaint", 15760);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.current.main", 12749);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.current.sessionRestored", 15878);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.current.startTime", "1409116743848");
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.current.totalTime", 107);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.currentIndex", 717);
[6civdfu0.default] - Line Deleted : user_pref("datareporting.sessions.prunedIndex", 716);
[6civdfu0.default] - Line Deleted : user_pref("dom.mozApps.used", true);
[6civdfu0.default] - Line Deleted : user_pref("dom.w3c_touch_events.expose", false);
[6civdfu0.default] - Line Deleted : user_pref("extensions.blocklist.pingCountTotal", 295);
[6civdfu0.default] - Line Deleted : user_pref("extensions.blocklist.pingCountVersion", 12);
[6civdfu0.default] - Line Deleted : user_pref("extensions.databaseSchema", 16);
[6civdfu0.default] - Line Deleted : user_pref("extensions.enabledAddons", "dexoixhhou%40dexoixhhou.org:2.9.2.1,%7B253352DF-FF62-B37B-D52D-74EA99A610F1%7D:1.0.3,tabforacause%40tabforacause.org:5.5,%7BBBDA0591-3099-440a-AA10-41764D9DB4DB%[...]
[6civdfu0.default] - Line Deleted : user_pref("extensions.getAddons.databaseSchema", 5);
[6civdfu0.default] - Line Deleted : user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
[6civdfu0.default] - Line Deleted : user_pref("extensions.lastAppVersion", "31.0");
[6civdfu0.default] - Line Deleted : user_pref("extensions.lastPlatformVersion", "31.0");
[6civdfu0.default] - Line Deleted : user_pref("extensions.pendingOperations", false);
[6civdfu0.default] - Line Deleted : user_pref("extensions.shownSelectionUI", true);
[6civdfu0.default] - Line Deleted : user_pref("extensions.ui.dictionary.hidden", true);
[6civdfu0.default] - Line Deleted : user_pref("extensions.ui.lastCategory", "addons://discover/");
[6civdfu0.default] - Line Deleted : user_pref("extensions.ui.locale.hidden", true);
[6civdfu0.default] - Line Deleted : user_pref("font.internaluseonly.changed", false);
[6civdfu0.default] - Line Deleted : user_pref("gecko.buildID", "20140716183446");
[6civdfu0.default] - Line Deleted : user_pref("gecko.mstone", "31.0");
[6civdfu0.default] - Line Deleted : user_pref("idle.lastDailyNotification", 1408971811);
[6civdfu0.default] - Line Deleted : user_pref("intl.charsetmenu.browser.cache", "windows-1250, windows-1252, ISO-8859-1, UTF-8");
[6civdfu0.default] - Line Deleted : user_pref("network.cookie.prefsMigrated", true);
[6civdfu0.default] - Line Deleted : user_pref("pdfjs.migrationVersion", 2);
[6civdfu0.default] - Line Deleted : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
[6civdfu0.default] - Line Deleted : user_pref("pdfjs.previousHandler.preferredAction", 4);
[6civdfu0.default] - Line Deleted : user_pref("places.database.lastMaintenance", 1409116821);
[6civdfu0.default] - Line Deleted : user_pref("places.history.expiration.transient_current_max_pages", 104858);
[6civdfu0.default] - Line Deleted : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
[6civdfu0.default] - Line Deleted : user_pref("plugin.importedState", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_bgcolor", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_bgimages", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_colorspace", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_command", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_downloadfonts", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_duplex", 3145789);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_bottom", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_left", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_right", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_top", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_evenpages", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footercenter", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footerleft", "&PT");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footerright", "&D");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headercenter", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headerleft", "&T");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headerright", "&U");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_in_color", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_bottom", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_left", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_right", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_top", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_oddpages", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_orientation", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_page_delay", 50);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_data", 1);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_height", " 11.00");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_name", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_type", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_unit", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_width", "  8.50");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_plex_name", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution", 6619239);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution_name", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_reversed", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_scaling", "  1.00");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_shrink_to_fit", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_to_file", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_to_filename", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_bottom", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_left", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_right", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_top", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_bgcolor", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_bgimages", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_colorspace", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_command", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_duplex", 3145789);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_left", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_right", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_top", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_evenpages", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footercenter", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footerleft", "&PT");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footerright", "&D");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headercenter", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headerleft", "&T");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headerright", "&U");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_in_color", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_left", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_right", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_top", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_oddpages", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_orientation", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_page_delay", 50);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_data", 1);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_height", " 11.00");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_name", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_width", "  8.50");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_plex_name", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_resolution", 6619239);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_resolution_name", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_reversed", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_scaling", "  1.00");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit", true);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_to_file", false);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_to_filename", "");
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right", 0);
[6civdfu0.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top", 0);
[6civdfu0.default] - Line Deleted : user_pref("print_printer", "HP Photosmart Plus B210 series (Network)");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_bgcolor", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_bgimages", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_colorspace", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_command", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_downloadfonts", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_duplex", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_bottom", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_left", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_right", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_top", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_evenpages", true);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_footercenter", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_footerleft", "&PT");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_footerright", "&D");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_headercenter", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_headerleft", "&T");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_headerright", "&U");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_in_color", true);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_bottom", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_left", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_right", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_top", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_oddpages", true);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_orientation", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_page_delay", 50);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_data", 1);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_height", " 11.00");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_name", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_type", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_unit", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_width", "  8.50");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_plex_name", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution_name", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_reversed", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_scaling", "  1.00");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_shrink_to_fit", true);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_to_file", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_to_filename", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_bottom", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_left", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_right", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_top", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_bgcolor", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_bgimages", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_colorspace", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_command", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_downloadfonts", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_edge_bottom", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_edge_left", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_edge_right", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_edge_top", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_evenpages", true);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_footercenter", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_footerleft", "&PT");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_footerright", "&D");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_headercenter", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_headerleft", "&T");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_headerright", "&U");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_in_color", true);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_margin_bottom", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_margin_left", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_margin_right", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_margin_top", "0.5");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_oddpages", true);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_orientation", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_page_delay", 50);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_paper_data", 1);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_paper_height", " 11.00");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_paper_name", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_paper_size_type", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_paper_size_unit", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_paper_width", "  8.50");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_plex_name", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_resolution_name", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_reversed", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_scaling", "  1.00");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit", true);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_to_file", false);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_to_filename", "");
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right", 0);
[6civdfu0.default] - Line Deleted : user_pref("printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top", 0);
[6civdfu0.default] - Line Deleted : user_pref("privacy.cpd.offlineApps", true);
[6civdfu0.default] - Line Deleted : user_pref("privacy.cpd.siteSettings", true);
[6civdfu0.default] - Line Deleted : user_pref("privacy.sanitize.migrateFx3Prefs", true);
[6civdfu0.default] - Line Deleted : user_pref("privacy.sanitize.timeSpan", 0);
[6civdfu0.default] - Line Deleted : user_pref("security.warn_viewing_mixed", false);
[6civdfu0.default] - Line Deleted : user_pref("services.sync.clients.lastSync", "0");
[6civdfu0.default] - Line Deleted : user_pref("services.sync.clients.lastSyncLocal", "0");
[6civdfu0.default] - Line Deleted : user_pref("services.sync.declinedEngines", "");
[6civdfu0.default] - Line Deleted : user_pref("services.sync.globalScore", 0);
[6civdfu0.default] - Line Deleted : user_pref("services.sync.migrated", true);
[6civdfu0.default] - Line Deleted : user_pref("services.sync.nextSync", 0);
[6civdfu0.default] - Line Deleted : user_pref("services.sync.tabs.lastSync", "0");
[6civdfu0.default] - Line Deleted : user_pref("services.sync.tabs.lastSyncLocal", "0");
[6civdfu0.default] - Line Deleted : user_pref("spellchecker.dictionary", "en-US");
[6civdfu0.default] - Line Deleted : user_pref("storage.vacuum.last.index", 1);
[6civdfu0.default] - Line Deleted : user_pref("storage.vacuum.last.places.sqlite", 1407247202);
[6civdfu0.default] - Line Deleted : user_pref("toolkit.startup.last_success", 1409116756);
[6civdfu0.default] - Line Deleted : user_pref("toolkit.telemetry.previousBuildID", "20140716183446");
[6civdfu0.default] - Line Deleted : user_pref("toolkit.telemetry.prompted", 2);
[6civdfu0.default] - Line Deleted : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1402241282);
[6civdfu0.default] - Line Deleted : user_pref("xpinstall.whitelist.add", "");
[6civdfu0.default] - Line Deleted : user_pref("xpinstall.whitelist.add.180", "");
[6civdfu0.default] - Line Deleted : user_pref("xpinstall.whitelist.add.36", "");
[bkzd1a0o.default] - Line Deleted : # Mozilla User Preferences
[bkzd1a0o.default] - Line Deleted : 
[bkzd1a0o.default] - Line Deleted : /* Do not edit this file.
[bkzd1a0o.default] - Line Deleted :  *
[bkzd1a0o.default] - Line Deleted :  * If you make changes to this file while the application is running,
[bkzd1a0o.default] - Line Deleted :  * the changes will be overwritten when the application exits.
[bkzd1a0o.default] - Line Deleted :  *
[bkzd1a0o.default] - Line Deleted :  * To make a manual change to preferences, you can visit the URL about:config
[bkzd1a0o.default] - Line Deleted :  */
[bkzd1a0o.default] - Line Deleted : 
[bkzd1a0o.default] - Line Deleted : user_pref("accessibility.typeaheadfind.flashBar", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1414636831);
[bkzd1a0o.default] - Line Deleted : user_pref("app.update.lastUpdateTime.background-update-timer", 1414668526);
[bkzd1a0o.default] - Line Deleted : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1414668166);
[bkzd1a0o.default] - Line Deleted : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1414668286);
[bkzd1a0o.default] - Line Deleted : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1414636711);
[bkzd1a0o.default] - Line Deleted : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1414668406);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.bookmarks.restore_default_bookmarks", false);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.cache.disk.capacity", 358400);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.first_run", false);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.use_old_max", false);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.cache.disk.smart_size_cached_value", 358400);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.cache.frecency_experiment", 1);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.download.importedFromSqlite", true);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.download.lastDir", "C:\\Users\\AmyA\\Downloads");
[bkzd1a0o.default] - Line Deleted : user_pref("browser.download.panel.shown", true);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.migration.version", 22);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.newtabpage.enhanced", true);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.newtabpage.storageVersion", 1);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.pagethumbnails.storage_version", 3);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.places.smartBookmarksVersion", 7);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.rights.3.shown", true);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20141011015303");
[bkzd1a0o.default] - Line Deleted : user_pref("browser.shell.checkDefaultBrowser", false);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.slowStartup.averageTime", 5109);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.slowStartup.samples", 4);
[bkzd1a0o.default] - Line Deleted : user_pref("browser.startup.homepage_override.buildID", "20141011015303");
[bkzd1a0o.default] - Line Deleted : user_pref("browser.startup.homepage_override.mstone", "33.0");
[bkzd1a0o.default] - Line Deleted : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":0}");
[bkzd1a0o.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.260", "");
[bkzd1a0o.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.340", "");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionFailureTime", "1411403046222");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1414615721356");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1414615734129");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1414702134129");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.healthreport.service.firstRun", true);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 2);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1409665419445");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1409763334716");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-info-bar-dismissed");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.policy.firstRunTime", "1409060206952");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.current.activeTicks", 72);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.current.clean", true);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.current.firstPaint", 3152);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.current.main", 955);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.current.sessionRestored", 3429);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.current.startTime", "1414668044499");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.current.totalTime", 719);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.currentIndex", 106);
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.previous.102", "{\"s\":1414615656889,\"a\":27,\"t\":272,\"c\":true,\"m\":360,\"fp\":1901,\"sr\":2155}");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.previous.103", "{\"s\":1414626649790,\"a\":27,\"t\":189,\"c\":true,\"m\":336,\"fp\":1846,\"sr\":2209}");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.previous.104", "{\"s\":1414636590183,\"a\":59,\"t\":351,\"c\":true,\"m\":473,\"fp\":2073,\"sr\":2337}");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.previous.105", "{\"s\":1414636943138,\"a\":3,\"t\":25,\"c\":true,\"m\":11440,\"fp\":12985,\"sr\":13542}");
[bkzd1a0o.default] - Line Deleted : user_pref("datareporting.sessions.prunedIndex", 101);
[bkzd1a0o.default] - Line Deleted : user_pref("dom.mozApps.used", true);
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.blocklist.pingCountTotal", 26);
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.blocklist.pingCountVersion", 6);
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.databaseSchema", 16);
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0");
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.getAddons.cache.lastUpdate", 1414636832);
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.getAddons.databaseSchema", 5);
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.lastAppVersion", "33.0");
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.lastPlatformVersion", "33.0");
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.pendingOperations", false);
[bkzd1a0o.default] - Line Deleted : user_pref("extensions.shownSelectionUI", true);
[bkzd1a0o.default] - Line Deleted : user_pref("gecko.buildID", "20141011015303");
[bkzd1a0o.default] - Line Deleted : user_pref("gecko.mstone", "33.0");
[bkzd1a0o.default] - Line Deleted : user_pref("idle.lastDailyNotification", 1414553270);
[bkzd1a0o.default] - Line Deleted : user_pref("media.gmp-gmpopenh264.lastUpdate", 1414206503);
[bkzd1a0o.default] - Line Deleted : user_pref("media.gmp-gmpopenh264.version", "1.1");
[bkzd1a0o.default] - Line Deleted : user_pref("media.gmp-manager.lastCheck", 1414615719);
[bkzd1a0o.default] - Line Deleted : user_pref("network.cookie.prefsMigrated", true);
[bkzd1a0o.default] - Line Deleted : user_pref("pdfjs.migrationVersion", 2);
[bkzd1a0o.default] - Line Deleted : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
[bkzd1a0o.default] - Line Deleted : user_pref("pdfjs.previousHandler.preferredAction", 4);
[bkzd1a0o.default] - Line Deleted : user_pref("places.database.lastMaintenance", 1414615723);
[bkzd1a0o.default] - Line Deleted : user_pref("places.history.expiration.transient_current_max_pages", 104858);
[bkzd1a0o.default] - Line Deleted : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
[bkzd1a0o.default] - Line Deleted : user_pref("plugin.importedState", true);
[bkzd1a0o.default] - Line Deleted : user_pref("plugin.state.java", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_bgcolor", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_bgimages", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_colorspace", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_command", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_downloadfonts", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_duplex", 1515870810);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_bottom", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_left", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_right", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_top", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_evenpages", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footercenter", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footerleft", "&PT");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footerright", "&D");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headercenter", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headerleft", "&T");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headerright", "&U");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_in_color", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_bottom", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_left", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_right", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_top", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_oddpages", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_orientation", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_page_delay", 50);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_data", 1);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_height", " 11.00");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_name", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_type", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_unit", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_width", "  8.50");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_plex_name", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution", 1515870810);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution_name", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_reversed", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_scaling", "  0.97");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_shrink_to_fit", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_to_file", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_to_filename", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_bottom", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_left", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_right", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_top", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_bgcolor", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_bgimages", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_colorspace", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_command", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_duplex", 1515870810);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_left", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_right", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_top", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_evenpages", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footercenter", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footerleft", "&PT");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footerright", "&D");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headercenter", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headerleft", "&T");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headerright", "&U");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_in_color", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_left", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_right", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_top", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_oddpages", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_orientation", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_page_delay", 50);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_data", 1);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_height", " 11.00");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_name", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_width", "  8.50");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_plex_name", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_resolution", 1515870810);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_resolution_name", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_reversed", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_scaling", "  0.97");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_to_file", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_to_filename", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_bgcolor", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_bgimages", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_evenpages", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_footercenter", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_footerleft", "&PT");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_footerright", "&D");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_headercenter", "");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_headerleft", "&T");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_headerright", "&U");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_in_color", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_margin_bottom", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_margin_left", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_margin_right", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_margin_top", "0.5");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_oddpages", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_orientation", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_reversed", false);
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_scaling", "  0.90");
[bkzd1a0o.default] - Line Deleted : user_pref("print.printer_Quicken_PDF_Printer.print_shrink_to_fit", true);
[bkzd1a0o.default] - Line Deleted : user_pref("print_printer", "Microsoft XPS Document Writer");
[bkzd1a0o.default] - Line Deleted : user_pref("privacy.sanitize.migrateFx3Prefs", true);
[bkzd1a0o.default] - Line Deleted : user_pref("services.sync.clients.lastSync", "0");
[bkzd1a0o.default] - Line Deleted : user_pref("services.sync.clients.lastSyncLocal", "0");
[bkzd1a0o.default] - Line Deleted : user_pref("services.sync.declinedEngines", "");
[bkzd1a0o.default] - Line Deleted : user_pref("services.sync.globalScore", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("services.sync.migrated", true);
[bkzd1a0o.default] - Line Deleted : user_pref("services.sync.nextSync", 0);
[bkzd1a0o.default] - Line Deleted : user_pref("services.sync.tabs.lastSync", "0");
[bkzd1a0o.default] - Line Deleted : user_pref("services.sync.tabs.lastSyncLocal", "0");
[bkzd1a0o.default] - Line Deleted : user_pref("signon.importedFromSqlite", true);
[bkzd1a0o.default] - Line Deleted : user_pref("spellchecker.dictionary", "en-US");
[bkzd1a0o.default] - Line Deleted : user_pref("storage.vacuum.last.index", 1);
[bkzd1a0o.default] - Line Deleted : user_pref("storage.vacuum.last.places.sqlite", 1414255868);
[bkzd1a0o.default] - Line Deleted : user_pref("toolkit.startup.last_success", 1414668045);
[bkzd1a0o.default] - Line Deleted : user_pref("toolkit.telemetry.previousBuildID", "20141011015303");
[sppg0hdl.default] - Line Deleted : # Mozilla User Preferences
[sppg0hdl.default] - Line Deleted : 
[sppg0hdl.default] - Line Deleted : /* Do not edit this file.
[sppg0hdl.default] - Line Deleted :  *
[sppg0hdl.default] - Line Deleted :  * If you make changes to this file while the application is running,
[sppg0hdl.default] - Line Deleted :  * the changes will be overwritten when the application exits.
[sppg0hdl.default] - Line Deleted :  *
[sppg0hdl.default] - Line Deleted :  * To make a manual change to preferences, you can visit the URL about:config
[sppg0hdl.default] - Line Deleted :  */
[sppg0hdl.default] - Line Deleted : 
[sppg0hdl.default] - Line Deleted : user_pref("accessibility.typeaheadfind.flashBar", 0);
[sppg0hdl.default] - Line Deleted : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1412737375);
[sppg0hdl.default] - Line Deleted : user_pref("app.update.lastUpdateTime.background-update-timer", 1412737615);
[sppg0hdl.default] - Line Deleted : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1412737255);
[sppg0hdl.default] - Line Deleted : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1412737015);
[sppg0hdl.default] - Line Deleted : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1412737135);
[sppg0hdl.default] - Line Deleted : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1412737495);
[sppg0hdl.default] - Line Deleted : user_pref("browser.bookmarks.restore_default_bookmarks", false);
[sppg0hdl.default] - Line Deleted : user_pref("browser.cache.disk.capacity", 358400);
[sppg0hdl.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.first_run", false);
[sppg0hdl.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.use_old_max", false);
[sppg0hdl.default] - Line Deleted : user_pref("browser.cache.disk.smart_size_cached_value", 358400);
[sppg0hdl.default] - Line Deleted : user_pref("browser.cache.frecency_experiment", 3);
[sppg0hdl.default] - Line Deleted : user_pref("browser.download.importedFromSqlite", true);
[sppg0hdl.default] - Line Deleted : user_pref("browser.download.panel.firstSessionCompleted", true);
[sppg0hdl.default] - Line Deleted : user_pref("browser.download.panel.shown", true);
[sppg0hdl.default] - Line Deleted : user_pref("browser.feeds.showFirstRunUI", false);
[sppg0hdl.default] - Line Deleted : user_pref("browser.migration.version", 22);
[sppg0hdl.default] - Line Deleted : user_pref("browser.newtabpage.storageVersion", 1);
[sppg0hdl.default] - Line Deleted : user_pref("browser.pagethumbnails.storage_version", 3);
[sppg0hdl.default] - Line Deleted : user_pref("browser.places.smartBookmarksVersion", 7);
[sppg0hdl.default] - Line Deleted : user_pref("browser.preferences.advanced.selectedTabIndex", 0);
[sppg0hdl.default] - Line Deleted : user_pref("browser.rights.3.shown", true);
[sppg0hdl.default] - Line Deleted : user_pref("browser.search.defaultenginename", "Bing");
[sppg0hdl.default] - Line Deleted : user_pref("browser.search.selectedEngine", "Bing");
[sppg0hdl.default] - Line Deleted : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140923175406");
[sppg0hdl.default] - Line Deleted : user_pref("browser.shell.checkDefaultBrowser", false);
[sppg0hdl.default] - Line Deleted : user_pref("browser.slowStartup.averageTime", 2583);
[sppg0hdl.default] - Line Deleted : user_pref("browser.slowStartup.samples", 1);
[sppg0hdl.default] - Line Deleted : user_pref("browser.startup.homepage_override.buildID", "20140923175406");
[sppg0hdl.default] - Line Deleted : user_pref("browser.startup.homepage_override.mstone", "32.0.3");
[sppg0hdl.default] - Line Deleted : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":4}");
[sppg0hdl.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.260", "");
[sppg0hdl.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.340", "");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionFailureTime", "1400378796147");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1412736958793");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1412736964998");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1412823364998");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.healthreport.service.firstRun", true);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 1);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1365250371111");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1365250676374");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-implicit-time-elapsed");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.policy.firstRunTime", "1365197517631");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.current.activeTicks", 4);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.current.clean", true);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.current.firstPaint", 2512);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.current.main", 547);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.current.sessionRestored", 2753);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.current.startTime", "1412739248664");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.current.totalTime", 49);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.currentIndex", 1866);
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.previous.1864", "{\"s\":1412736893467,\"a\":9,\"t\":1172,\"c\":true,\"m\":457,\"fp\":3397,\"sr\":3517}");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.previous.1865", "{\"s\":1412738907356,\"a\":20,\"t\":320,\"c\":true,\"m\":423,\"fp\":2512,\"sr\":2613}");
[sppg0hdl.default] - Line Deleted : user_pref("datareporting.sessions.prunedIndex", 1863);
[sppg0hdl.default] - Line Deleted : user_pref("devtools.telemetry.tools.opened.version", "{\"DEVTOOLS_INSPECTOR_OPENED_PER_USER_FLAG\":\"24.0\",\"DEVTOOLS_RULEVIEW_OPENED_PER_USER_FLAG\":\"24.0\"}");
[sppg0hdl.default] - Line Deleted : user_pref("devtools.toolbox.selectedTool", "inspector");
[sppg0hdl.default] - Line Deleted : user_pref("devtools.toolsidebar-width.inspector", 0);
[sppg0hdl.default] - Line Deleted : user_pref("dom.mozApps.used", true);
[sppg0hdl.default] - Line Deleted : user_pref("dom.w3c_touch_events.expose", false);
[sppg0hdl.default] - Line Deleted : user_pref("experiments.activeExperiment", false);
[sppg0hdl.default] - Line Deleted : user_pref("extensions.blocklist.pingCountTotal", 593);
[sppg0hdl.default] - Line Deleted : user_pref("extensions.blocklist.pingCountVersion", 2);
[sppg0hdl.default] - Line Deleted : user_pref("extensions.databaseSchema", 16);
[sppg0hdl.default] - Line Deleted : user_pref("extensions.enabledAddons", "%7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.7.158,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3");
[sppg0hdl.default] - Line Deleted : user_pref("extensions.getAddons.cache.lastUpdate", 1412737376);
[sppg0hdl.default] - Line Deleted : user_pref("extensions.getAddons.databaseSchema", 5);
[sppg0hdl.default] - Line Deleted : user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
[sppg0hdl.default] - Line Deleted : user_pref("extensions.lastAppVersion", "32.0.3");
[sppg0hdl.default] - Line Deleted : user_pref("extensions.lastPlatformVersion", "32.0.3");
[sppg0hdl.default] - Line Deleted : user_pref("extensions.pendingOperations", false);
[sppg0hdl.default] - Line Deleted : user_pref("extensions.shownSelectionUI", true);
[sppg0hdl.default] - Line Deleted : user_pref("gecko.buildID", "20140923175406");
[sppg0hdl.default] - Line Deleted : user_pref("gecko.mstone", "32.0.3");
[sppg0hdl.default] - Line Deleted : user_pref("gfx.blacklist.suggested-driver-version", "10.6");
[sppg0hdl.default] - Line Deleted : user_pref("idle.lastDailyNotification", 1412739129);
[sppg0hdl.default] - Line Deleted : user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, windows-1252, windows-1254, UTF-8, windows-1251");
[sppg0hdl.default] - Line Deleted : user_pref("network.cookie.prefsMigrated", true);
[sppg0hdl.default] - Line Deleted : user_pref("pdfjs.migrationVersion", 2);
[sppg0hdl.default] - Line Deleted : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
[sppg0hdl.default] - Line Deleted : user_pref("pdfjs.previousHandler.preferredAction", 4);
[sppg0hdl.default] - Line Deleted : user_pref("places.database.lastMaintenance", 1412739129);
[sppg0hdl.default] - Line Deleted : user_pref("places.history.expiration.transient_current_max_pages", 104858);
[sppg0hdl.default] - Line Deleted : user_pref("places.history.expiration.transient_optimal_database_size", 167772160);
[sppg0hdl.default] - Line Deleted : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
[sppg0hdl.default] - Line Deleted : user_pref("plugin.importedState", true);
[sppg0hdl.default] - Line Deleted : user_pref("plugin.state.java", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_bgcolor", false);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_bgimages", false);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_colorspace", "");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_command", "");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_downloadfonts", false);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_duplex", 1083339776);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_bottom", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_left", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_right", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_top", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_evenpages", true);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footercenter", "");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footerleft", "&PT");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footerright", "&D");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headercenter", "");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headerleft", "&T");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headerright", "&U");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_in_color", true);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_bottom", "0.5");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_left", "0.5");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_right", "0.5");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_top", "0.5");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_oddpages", true);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_orientation", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_page_delay", 50);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_data", 1);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_height", " 11.00");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_name", "");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_type", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_unit", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_width", "  8.50");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_plex_name", "");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution_name", "");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_reversed", false);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_scaling", "  1.00");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_shrink_to_fit", true);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_to_file", false);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_to_filename", "");
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_bottom", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_left", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_right", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_top", 0);
[sppg0hdl.default] - Line Deleted : user_pref("print_printer", "HP Photosmart Plus B210 series (Network)");
[sppg0hdl.default] - Line Deleted : user_pref("privacy.cpd.offlineApps", true);
[sppg0hdl.default] - Line Deleted : user_pref("privacy.cpd.siteSettings", true);
[sppg0hdl.default] - Line Deleted : user_pref("privacy.sanitize.migrateFx3Prefs", true);
[sppg0hdl.default] - Line Deleted : user_pref("privacy.sanitize.timeSpan", 0);
[sppg0hdl.default] - Line Deleted : user_pref("security.warn_viewing_mixed", false);
[sppg0hdl.default] - Line Deleted : user_pref("services.sync.clients.lastSync", "0");
[sppg0hdl.default] - Line Deleted : user_pref("services.sync.clients.lastSyncLocal", "0");
[sppg0hdl.default] - Line Deleted : user_pref("services.sync.globalScore", 0);
[sppg0hdl.default] - Line Deleted : user_pref("services.sync.migrated", true);
[sppg0hdl.default] - Line Deleted : user_pref("services.sync.nextSync", 0);
[sppg0hdl.default] - Line Deleted : user_pref("services.sync.tabs.lastSync", "0");
[sppg0hdl.default] - Line Deleted : user_pref("services.sync.tabs.lastSyncLocal", "0");
[sppg0hdl.default] - Line Deleted : user_pref("signon.importedFromSqlite", true);
[sppg0hdl.default] - Line Deleted : user_pref("spellchecker.dictionary", "en-US");
[sppg0hdl.default] - Line Deleted : user_pref("storage.vacuum.last.index", 0);
[sppg0hdl.default] - Line Deleted : user_pref("storage.vacuum.last.places.sqlite", 1412739130);
[sppg0hdl.default] - Line Deleted : user_pref("toolkit.startup.last_success", 1412739249);
[sppg0hdl.default] - Line Deleted : user_pref("toolkit.telemetry.enabled", true);
[sppg0hdl.default] - Line Deleted : user_pref("toolkit.telemetry.previousBuildID", "20140923175406");
[sppg0hdl.default] - Line Deleted : user_pref("toolkit.telemetry.prompted", 2);
[sppg0hdl.default] - Line Deleted : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1401761576);
[sppg0hdl.default] - Line Deleted : user_pref("xpinstall.whitelist.add", "");
[sppg0hdl.default] - Line Deleted : user_pref("xpinstall.whitelist.add.180", "");
[sppg0hdl.default] - Line Deleted : user_pref("xpinstall.whitelist.add.36", "");
[d94x7i76.default] - Line Deleted : # Mozilla User Preferences
[d94x7i76.default] - Line Deleted : 
[d94x7i76.default] - Line Deleted : /* Do not edit this file.
[d94x7i76.default] - Line Deleted :  *
[d94x7i76.default] - Line Deleted :  * If you make changes to this file while the application is running,
[d94x7i76.default] - Line Deleted :  * the changes will be overwritten when the application exits.
[d94x7i76.default] - Line Deleted :  *
[d94x7i76.default] - Line Deleted :  * To make a manual change to preferences, you can visit the URL about:config
[d94x7i76.default] - Line Deleted :  */
[d94x7i76.default] - Line Deleted : 
[d94x7i76.default] - Line Deleted : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1411522400);
[d94x7i76.default] - Line Deleted : user_pref("app.update.lastUpdateTime.background-update-timer", 1411522160);
[d94x7i76.default] - Line Deleted : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1411522520);
[d94x7i76.default] - Line Deleted : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1411561901);
[d94x7i76.default] - Line Deleted : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1411522280);
[d94x7i76.default] - Line Deleted : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1411522040);
[d94x7i76.default] - Line Deleted : user_pref("browser.bookmarks.restore_default_bookmarks", false);
[d94x7i76.default] - Line Deleted : user_pref("browser.cache.disk.capacity", 358400);
[d94x7i76.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.first_run", false);
[d94x7i76.default] - Line Deleted : user_pref("browser.cache.frecency_experiment", 4);
[d94x7i76.default] - Line Deleted : user_pref("browser.customizemode.tip0.shown", true);
[d94x7i76.default] - Line Deleted : user_pref("browser.download.importedFromSqlite", true);
[d94x7i76.default] - Line Deleted : user_pref("browser.migration.version", 22);
[d94x7i76.default] - Line Deleted : user_pref("browser.newtabpage.storageVersion", 1);
[d94x7i76.default] - Line Deleted : user_pref("browser.pagethumbnails.storage_version", 3);
[d94x7i76.default] - Line Deleted : user_pref("browser.places.smartBookmarksVersion", 7);
[d94x7i76.default] - Line Deleted : user_pref("browser.rights.3.shown", true);
[d94x7i76.default] - Line Deleted : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140923175406");
[d94x7i76.default] - Line Deleted : user_pref("browser.shell.checkDefaultBrowser", false);
[d94x7i76.default] - Line Deleted : user_pref("browser.slowStartup.averageTime", 0);
[d94x7i76.default] - Line Deleted : user_pref("browser.slowStartup.samples", 0);
[d94x7i76.default] - Line Deleted : user_pref("browser.startup.homepage_override.buildID", "20140923175406");
[d94x7i76.default] - Line Deleted : user_pref("browser.startup.homepage_override.mstone", "32.0.3");
[d94x7i76.default] - Line Deleted : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":2}");
[d94x7i76.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.260", "");
[d94x7i76.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.340", "");
[d94x7i76.default] - Line Deleted : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1411608199560");
[d94x7i76.default] - Line Deleted : user_pref("datareporting.healthreport.service.firstRun", true);
[d94x7i76.default] - Line Deleted : user_pref("datareporting.policy.firstRunTime", "1411521799559");
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.current.activeTicks", 2);
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.current.clean", true);
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.current.firstPaint", 1672);
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.current.main", 323);
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.current.sessionRestored", 3178);
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.current.startTime", "1411875904341");
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.current.totalTime", 63);
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.currentIndex", 5);
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.previous.0", "{\"s\":1411521792833,\"a\":176,\"t\":3699,\"c\":true,\"m\":324,\"fp\":874,\"sr\":12948}");
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.previous.1", "{\"s\":1411528274489,\"a\":8,\"t\":309,\"c\":true,\"m\":1321,\"fp\":2444,\"sr\":2585}");
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.previous.2", "{\"s\":1411531090242,\"a\":11,\"t\":83,\"c\":true,\"m\":1512,\"fp\":2805,\"sr\":3089}");
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.previous.3", "{\"s\":1411561779603,\"a\":70,\"t\":1187,\"c\":true,\"m\":877,\"fp\":3480,\"sr\":3596}");
[d94x7i76.default] - Line Deleted : user_pref("datareporting.sessions.previous.4", "{\"s\":1411563109639,\"a\":15,\"t\":116,\"c\":true,\"m\":515,\"fp\":2081,\"sr\":2183}");
[d94x7i76.default] - Line Deleted : user_pref("extensions.blocklist.pingCountTotal", 2);
[d94x7i76.default] - Line Deleted : user_pref("extensions.blocklist.pingCountVersion", -1);
[d94x7i76.default] - Line Deleted : user_pref("extensions.databaseSchema", 16);
[d94x7i76.default] - Line Deleted : user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3");
[d94x7i76.default] - Line Deleted : user_pref("extensions.getAddons.cache.lastUpdate", 1411875907);
[d94x7i76.default] - Line Deleted : user_pref("extensions.getAddons.databaseSchema", 5);
[d94x7i76.default] - Line Deleted : user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
[d94x7i76.default] - Line Deleted : user_pref("extensions.lastAppVersion", "32.0.3");
[d94x7i76.default] - Line Deleted : user_pref("extensions.lastPlatformVersion", "32.0.3");
[d94x7i76.default] - Line Deleted : user_pref("extensions.pendingOperations", false);
[d94x7i76.default] - Line Deleted : user_pref("extensions.shownSelectionUI", true);
[d94x7i76.default] - Line Deleted : user_pref("gecko.buildID", "20140923175406");
[d94x7i76.default] - Line Deleted : user_pref("gecko.mstone", "32.0.3");
[d94x7i76.default] - Line Deleted : user_pref("network.cookie.prefsMigrated", true);
[d94x7i76.default] - Line Deleted : user_pref("pdfjs.migrationVersion", 2);
[d94x7i76.default] - Line Deleted : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
[d94x7i76.default] - Line Deleted : user_pref("pdfjs.previousHandler.preferredAction", 4);
[d94x7i76.default] - Line Deleted : user_pref("places.history.expiration.transient_current_max_pages", 104858);
[d94x7i76.default] - Line Deleted : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
[d94x7i76.default] - Line Deleted : user_pref("plugin.importedState", true);
[d94x7i76.default] - Line Deleted : user_pref("plugin.state.java", 0);
[d94x7i76.default] - Line Deleted : user_pref("privacy.sanitize.migrateFx3Prefs", true);
[d94x7i76.default] - Line Deleted : user_pref("signon.importedFromSqlite", true);
[d94x7i76.default] - Line Deleted : user_pref("spellchecker.dictionary", "en-US");
[d94x7i76.default] - Line Deleted : user_pref("toolkit.startup.last_success", 1411875904);
[d94x7i76.default] - Line Deleted : user_pref("toolkit.telemetry.previousBuildID", "20140923175406");
[nd22e9kb.default] - Line Deleted : # Mozilla User Preferences
[nd22e9kb.default] - Line Deleted : 
[nd22e9kb.default] - Line Deleted : /* Do not edit this file.
[nd22e9kb.default] - Line Deleted :  *
[nd22e9kb.default] - Line Deleted :  * If you make changes to this file while the application is running,
[nd22e9kb.default] - Line Deleted :  * the changes will be overwritten when the application exits.
[nd22e9kb.default] - Line Deleted :  *
[nd22e9kb.default] - Line Deleted :  * To make a manual change to preferences, you can visit the URL about:config
[nd22e9kb.default] - Line Deleted :  */
[nd22e9kb.default] - Line Deleted : 
[nd22e9kb.default] - Line Deleted : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1413038150);
[nd22e9kb.default] - Line Deleted : user_pref("app.update.lastUpdateTime.background-update-timer", 1413038270);
[nd22e9kb.default] - Line Deleted : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1413037789);
[nd22e9kb.default] - Line Deleted : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1413259414);
[nd22e9kb.default] - Line Deleted : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1413038030);
[nd22e9kb.default] - Line Deleted : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1413037669);
[nd22e9kb.default] - Line Deleted : user_pref("browser.bookmarks.restore_default_bookmarks", false);
[nd22e9kb.default] - Line Deleted : user_pref("browser.cache.disk.capacity", 358400);
[nd22e9kb.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.first_run", false);
[nd22e9kb.default] - Line Deleted : user_pref("browser.cache.frecency_experiment", 3);
[nd22e9kb.default] - Line Deleted : user_pref("browser.download.importedFromSqlite", true);
[nd22e9kb.default] - Line Deleted : user_pref("browser.migration.version", 22);
[nd22e9kb.default] - Line Deleted : user_pref("browser.newtabpage.storageVersion", 1);
[nd22e9kb.default] - Line Deleted : user_pref("browser.pagethumbnails.storage_version", 3);
[nd22e9kb.default] - Line Deleted : user_pref("browser.places.smartBookmarksVersion", 7);
[nd22e9kb.default] - Line Deleted : user_pref("browser.rights.3.shown", true);
[nd22e9kb.default] - Line Deleted : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140923175406");
[nd22e9kb.default] - Line Deleted : user_pref("browser.shell.checkDefaultBrowser", false);
[nd22e9kb.default] - Line Deleted : user_pref("browser.slowStartup.averageTime", 0);
[nd22e9kb.default] - Line Deleted : user_pref("browser.slowStartup.samples", 0);
[nd22e9kb.default] - Line Deleted : user_pref("browser.startup.homepage_override.buildID", "20140923175406");
[nd22e9kb.default] - Line Deleted : user_pref("browser.startup.homepage_override.mstone", "32.0.3");
[nd22e9kb.default] - Line Deleted : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":3}");
[nd22e9kb.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.260", "");
[nd22e9kb.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.340", "");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1411965325601");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.healthreport.service.firstRun", true);
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1413259357105");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.policy.firstRunTime", "1411878925600");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.current.activeTicks", 23);
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.current.clean", true);
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.current.firstPaint", 2060);
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.current.main", 238);
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.current.sessionRestored", 2176);
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.current.startTime", "1413259293576");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.current.totalTime", 124);
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.currentIndex", 34);
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.13", "{\"s\":1412300462533,\"a\":39,\"t\":674,\"c\":true,\"m\":352,\"fp\":1282,\"sr\":1539}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.14", "{\"s\":1412333403316,\"a\":58,\"t\":721,\"c\":true,\"m\":2142,\"fp\":6285,\"sr\":6829}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.15", "{\"s\":1412446136144,\"a\":87,\"t\":931,\"c\":true,\"m\":901,\"fp\":3377,\"sr\":3540}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.16", "{\"s\":1412477218009,\"a\":47,\"t\":578,\"c\":true,\"m\":210,\"fp\":1880,\"sr\":2012}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.17", "{\"s\":1412503367252,\"a\":49,\"t\":700,\"c\":true,\"m\":413,\"fp\":1769,\"sr\":2017}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.18", "{\"s\":1412552716257,\"a\":59,\"t\":549,\"c\":true,\"m\":848,\"fp\":3178,\"sr\":3454}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.19", "{\"s\":1412553315274,\"a\":10,\"t\":56,\"c\":true,\"m\":583,\"fp\":2124,\"sr\":2448}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.20", "{\"s\":1412595681338,\"a\":70,\"t\":1086,\"c\":true,\"m\":885,\"fp\":4341,\"sr\":5269}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.21", "{\"s\":1412631177004,\"a\":18,\"t\":131,\"c\":true,\"m\":1512,\"fp\":2974,\"sr\":3342}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.22", "{\"s\":1412643206319,\"a\":11,\"t\":204,\"c\":false,\"m\":503,\"fp\":1975,\"sr\":2253}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.23", "{\"s\":1412739377639,\"a\":10,\"t\":102,\"c\":true,\"m\":334,\"fp\":2796,\"sr\":2900}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.24", "{\"s\":1412739484768,\"a\":44,\"t\":668,\"c\":true,\"m\":262,\"fp\":1759,\"sr\":1860}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.25", "{\"s\":1412820999763,\"a\":42,\"t\":661,\"c\":true,\"m\":744,\"fp\":2319,\"sr\":2613}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.26", "{\"s\":1412858135809,\"a\":7,\"t\":60,\"c\":true,\"m\":393,\"fp\":1666,\"sr\":1917}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.27", "{\"s\":1412858238857,\"a\":59,\"t\":974,\"c\":true,\"m\":435,\"fp\":1808,\"sr\":2048}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.28", "{\"s\":1412900612628,\"a\":12,\"t\":7392,\"c\":true,\"m\":2619,\"fp\":6231,\"sr\":6685}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.29", "{\"s\":1412908055178,\"a\":61,\"t\":486,\"c\":true,\"m\":374,\"fp\":1980,\"sr\":2278}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.30", "{\"s\":1412945981310,\"a\":4,\"t\":60,\"c\":true,\"m\":481,\"fp\":1815,\"sr\":2070}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.31", "{\"s\":1412946063404,\"a\":50,\"t\":874,\"c\":true,\"m\":188,\"fp\":1514,\"sr\":1788}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.32", "{\"s\":1412994099637,\"a\":28,\"t\":812,\"c\":true,\"m\":492,\"fp\":2526,\"sr\":2636}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.previous.33", "{\"s\":1413037548344,\"a\":78,\"t\":1025,\"c\":true,\"m\":407,\"fp\":1929,\"sr\":2035}");
[nd22e9kb.default] - Line Deleted : user_pref("datareporting.sessions.prunedIndex", 12);
[nd22e9kb.default] - Line Deleted : user_pref("extensions.blocklist.pingCountTotal", 10);
[nd22e9kb.default] - Line Deleted : user_pref("extensions.blocklist.pingCountVersion", 10);
[nd22e9kb.default] - Line Deleted : user_pref("extensions.databaseSchema", 16);
[nd22e9kb.default] - Line Deleted : user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3");
[nd22e9kb.default] - Line Deleted : user_pref("extensions.getAddons.cache.lastUpdate", 1413038150);
[nd22e9kb.default] - Line Deleted : user_pref("extensions.getAddons.databaseSchema", 5);
[nd22e9kb.default] - Line Deleted : user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
[nd22e9kb.default] - Line Deleted : user_pref("extensions.lastAppVersion", "32.0.3");
[nd22e9kb.default] - Line Deleted : user_pref("extensions.lastPlatformVersion", "32.0.3");
[nd22e9kb.default] - Line Deleted : user_pref("extensions.pendingOperations", false);
[nd22e9kb.default] - Line Deleted : user_pref("extensions.shownSelectionUI", true);
[nd22e9kb.default] - Line Deleted : user_pref("gecko.buildID", "20140923175406");
[nd22e9kb.default] - Line Deleted : user_pref("gecko.mstone", "32.0.3");
[nd22e9kb.default] - Line Deleted : user_pref("idle.lastDailyNotification", 1412901100);
[nd22e9kb.default] - Line Deleted : user_pref("network.cookie.prefsMigrated", true);
[nd22e9kb.default] - Line Deleted : user_pref("pdfjs.migrationVersion", 2);
[nd22e9kb.default] - Line Deleted : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
[nd22e9kb.default] - Line Deleted : user_pref("pdfjs.previousHandler.preferredAction", 4);
[nd22e9kb.default] - Line Deleted : user_pref("places.database.lastMaintenance", 1412901101);
[nd22e9kb.default] - Line Deleted : user_pref("places.history.expiration.transient_current_max_pages", 104858);
[nd22e9kb.default] - Line Deleted : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
[nd22e9kb.default] - Line Deleted : user_pref("plugin.importedState", true);
[nd22e9kb.default] - Line Deleted : user_pref("plugin.state.java", 0);
[nd22e9kb.default] - Line Deleted : user_pref("privacy.sanitize.migrateFx3Prefs", true);
[nd22e9kb.default] - Line Deleted : user_pref("signon.importedFromSqlite", true);
[nd22e9kb.default] - Line Deleted : user_pref("spellchecker.dictionary", "en-US");
[nd22e9kb.default] - Line Deleted : user_pref("storage.vacuum.last.index", 1);
[nd22e9kb.default] - Line Deleted : user_pref("storage.vacuum.last.places.sqlite", 1412165152);
[nd22e9kb.default] - Line Deleted : user_pref("toolkit.startup.last_success", 1413259293);
[nd22e9kb.default] - Line Deleted : user_pref("toolkit.telemetry.previousBuildID", "20140923175406");
[ojlqlf1z.default] - Line Deleted : # Mozilla User Preferences
[ojlqlf1z.default] - Line Deleted : 
[ojlqlf1z.default] - Line Deleted : /* Do not edit this file.
[ojlqlf1z.default] - Line Deleted :  *
[ojlqlf1z.default] - Line Deleted :  * If you make changes to this file while the application is running,
[ojlqlf1z.default] - Line Deleted :  * the changes will be overwritten when the application exits.
[ojlqlf1z.default] - Line Deleted :  *
[ojlqlf1z.default] - Line Deleted :  * To make a manual change to preferences, you can visit the URL about:config
[ojlqlf1z.default] - Line Deleted :  */
[ojlqlf1z.default] - Line Deleted : 
[ojlqlf1z.default] - Line Deleted : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1410722581);
[ojlqlf1z.default] - Line Deleted : user_pref("app.update.lastUpdateTime.background-update-timer", 1410722341);
[ojlqlf1z.default] - Line Deleted : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1410722701);
[ojlqlf1z.default] - Line Deleted : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1411254193);
[ojlqlf1z.default] - Line Deleted : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1410722461);
[ojlqlf1z.default] - Line Deleted : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1411254313);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.bookmarks.restore_default_bookmarks", false);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.cache.disk.capacity", 358400);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.first_run", false);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.cache.disk.smart_size.use_old_max", false);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.cache.disk.smart_size_cached_value", 358400);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.cache.frecency_experiment", 1);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.download.importedFromSqlite", true);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.download.panel.firstSessionCompleted", true);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.download.panel.shown", true);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.migration.version", 22);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.newtabpage.storageVersion", 1);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.pagethumbnails.storage_version", 3);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.places.smartBookmarksVersion", 7);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.rights.3.shown", true);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140917194002");
[ojlqlf1z.default] - Line Deleted : user_pref("browser.shell.checkDefaultBrowser", false);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.slowStartup.averageTime", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.slowStartup.samples", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.startup.homepage_override.buildID", "20140917194002");
[ojlqlf1z.default] - Line Deleted : user_pref("browser.startup.homepage_override.mstone", "32.0.2");
[ojlqlf1z.default] - Line Deleted : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":0}");
[ojlqlf1z.default] - Line Deleted : user_pref("browser.tabs.warnOnClose", false);
[ojlqlf1z.default] - Line Deleted : user_pref("browser.uitour.whitelist.add.260", "");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.healthreport.currentDaySubmissionFailureCount", 1);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionFailureTime", "1411253927221");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1411253915159");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1410722054363");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1411254827221");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.healthreport.service.firstRun", true);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 1);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1387834092001");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1387834096375");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-info-bar-dismissed");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.policy.firstRunTime", "1383091096639");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.current.activeTicks", 2);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.current.clean", true);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.current.firstPaint", 1045);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.current.main", 320);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.current.sessionRestored", 1305);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.current.startTime", "1411256182970");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.current.totalTime", 8);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.currentIndex", 148);
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.previous.144", "{\"s\":1411253851813,\"a\":3,\"t\":75,\"c\":true,\"m\":273,\"fp\":1168,\"sr\":1264}");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.previous.145", "{\"s\":1411253959510,\"a\":1,\"t\":2,\"c\":true,\"m\":354,\"fp\":-1,\"sr\":-1}");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.previous.146", "{\"s\":1411253963286,\"a\":9,\"t\":55,\"c\":true,\"m\":203,\"fp\":880,\"sr\":1141}");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.previous.147", "{\"s\":1411254072592,\"a\":52,\"t\":260,\"c\":true,\"m\":241,\"fp\":938,\"sr\":1174}");
[ojlqlf1z.default] - Line Deleted : user_pref("datareporting.sessions.prunedIndex", 143);
[ojlqlf1z.default] - Line Deleted : user_pref("devtools.telemetry.tools.opened.version", "{\"DEVTOOLS_WEBCONSOLE_OPENED_PER_USER_FLAG\":\"28.0\",\"DEVTOOLS_INSPECTOR_OPENED_PER_USER_FLAG\":\"28.0\",\"DEVTOOLS_RULEVIEW_OPENED_PER_USER_FL[...]
[ojlqlf1z.default] - Line Deleted : user_pref("devtools.toolbox.selectedTool", "inspector");
[ojlqlf1z.default] - Line Deleted : user_pref("devtools.toolsidebar-width.inspector", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("dom.mozApps.used", true);
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.blocklist.pingCountTotal", 49);
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.blocklist.pingCountVersion", -1);
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.databaseSchema", 16);
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2");
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.getAddons.cache.lastUpdate", 1410722582);
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.getAddons.databaseSchema", 5);
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.lastAppVersion", "32.0.2");
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.lastPlatformVersion", "32.0.2");
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.pendingOperations", false);
[ojlqlf1z.default] - Line Deleted : user_pref("extensions.shownSelectionUI", true);
[ojlqlf1z.default] - Line Deleted : user_pref("gecko.buildID", "20140917194002");
[ojlqlf1z.default] - Line Deleted : user_pref("gecko.mstone", "32.0.2");
[ojlqlf1z.default] - Line Deleted : user_pref("idle.lastDailyNotification", 1411253918);
[ojlqlf1z.default] - Line Deleted : user_pref("intl.charsetmenu.browser.cache", "windows-1252, UTF-8");
[ojlqlf1z.default] - Line Deleted : user_pref("network.cookie.prefsMigrated", true);
[ojlqlf1z.default] - Line Deleted : user_pref("pdfjs.migrationVersion", 2);
[ojlqlf1z.default] - Line Deleted : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
[ojlqlf1z.default] - Line Deleted : user_pref("pdfjs.previousHandler.preferredAction", 4);
[ojlqlf1z.default] - Line Deleted : user_pref("places.database.lastMaintenance", 1411253916);
[ojlqlf1z.default] - Line Deleted : user_pref("places.history.expiration.transient_current_max_pages", 104858);
[ojlqlf1z.default] - Line Deleted : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
[ojlqlf1z.default] - Line Deleted : user_pref("plugin.importedState", true);
[ojlqlf1z.default] - Line Deleted : user_pref("plugin.state.java", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_bgcolor", false);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_bgimages", false);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_colorspace", "");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_command", "");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_downloadfonts", false);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_duplex", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_bottom", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_left", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_right", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_edge_top", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_evenpages", true);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footercenter", "");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footerleft", "&PT");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_footerright", "&D");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headercenter", "");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headerleft", "&T");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_headerright", "&U");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_in_color", true);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_bottom", "0.5");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_left", "0.5");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_right", "0.5");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_margin_top", "0.5");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_oddpages", true);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_orientation", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_page_delay", 50);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_data", 1);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_height", " 11.00");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_name", "");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_type", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_size_unit", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_paper_width", "  8.50");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_plex_name", "");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution", -1);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_resolution_name", "");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_reversed", false);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_scaling", "  1.00");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_shrink_to_fit", true);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_to_file", false);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_to_filename", "");
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_bottom", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_left", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_right", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print.printer_HP_Photosmart_Plus_B210_series_(Network).print_unwriteable_margin_top", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("print_printer", "HP Photosmart Plus B210 series (Network)");
[ojlqlf1z.default] - Line Deleted : user_pref("privacy.sanitize.migrateFx3Prefs", true);
[ojlqlf1z.default] - Line Deleted : user_pref("signon.importedFromSqlite", true);
[ojlqlf1z.default] - Line Deleted : user_pref("storage.vacuum.last.index", 0);
[ojlqlf1z.default] - Line Deleted : user_pref("storage.vacuum.last.places.sqlite", 1411253920);
[ojlqlf1z.default] - Line Deleted : user_pref("toolkit.startup.last_success", 1411256183);
[ojlqlf1z.default] - Line Deleted : user_pref("toolkit.telemetry.previousBuildID", "20140917194002");
[ojlqlf1z.default] - Line Deleted : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1399755279);
[ojlqlf1z.default] - Line Deleted : user_pref("xpinstall.whitelist.add", "");
[ojlqlf1z.default] - Line Deleted : user_pref("xpinstall.whitelist.add.180", "");
[ojlqlf1z.default] - Line Deleted : user_pref("xpinstall.whitelist.add.36", "");

-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [8503 octets] - [22/09/2014 23:45:36]
AdwCleaner[R1].txt - [1296 octets] - [23/09/2014 16:55:35]
AdwCleaner[R2].txt - [1416 octets] - [23/09/2014 17:07:40]
AdwCleaner[R3].txt - [1536 octets] - [23/09/2014 17:18:26]
AdwCleaner[R4].txt - [1894 octets] - [24/09/2014 19:57:48]
AdwCleaner[R5].txt - [2870 octets] - [27/09/2014 13:14:47]
AdwCleaner[R6].txt - [2027 octets] - [29/10/2014 16:57:37]
AdwCleaner[R7].txt - [110692 octets] - [30/10/2014 07:50:00]
AdwCleaner[S0].txt - [8419 octets] - [22/09/2014 23:49:14]
AdwCleaner[S1].txt - [1359 octets] - [23/09/2014 16:58:41]
AdwCleaner[S2].txt - [1479 octets] - [23/09/2014 17:09:58]
AdwCleaner[S3].txt - [1957 octets] - [24/09/2014 20:00:39]
AdwCleaner[S4].txt - [2819 octets] - [27/09/2014 13:17:51]
AdwCleaner[S5].txt - [112684 octets] - [30/10/2014 07:51:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [112746 octets] ##########

# AdwCleaner v4.002 - Report created 30/10/2014 at 08:05:09
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : AmyA - INDIANA
# Running from : C:\Downloads\Software\Malware\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v33.0 (x86 en-US)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [8503 octets] - [22/09/2014 23:45:36]
AdwCleaner[R1].txt - [1296 octets] - [23/09/2014 16:55:35]
AdwCleaner[R2].txt - [1416 octets] - [23/09/2014 17:07:40]
AdwCleaner[R3].txt - [1536 octets] - [23/09/2014 17:18:26]
AdwCleaner[R4].txt - [1894 octets] - [24/09/2014 19:57:48]
AdwCleaner[R5].txt - [2870 octets] - [27/09/2014 13:14:47]
AdwCleaner[R6].txt - [2027 octets] - [29/10/2014 16:57:37]
AdwCleaner[R7].txt - [110692 octets] - [30/10/2014 07:50:00]
AdwCleaner[R8].txt - [2211 octets] - [30/10/2014 08:01:20]
AdwCleaner[S0].txt - [8419 octets] - [22/09/2014 23:49:14]
AdwCleaner[S1].txt - [1359 octets] - [23/09/2014 16:58:41]
AdwCleaner[S2].txt - [1479 octets] - [23/09/2014 17:09:58]
AdwCleaner[S3].txt - [1957 octets] - [24/09/2014 20:00:39]
AdwCleaner[S4].txt - [2819 octets] - [27/09/2014 13:17:51]
AdwCleaner[S5].txt - [112828 octets] - [30/10/2014 07:51:58]
AdwCleaner[S6].txt - [2127 octets] - [30/10/2014 08:05:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2187 octets] ##########



#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:40 AM

Posted 30 October 2014 - 01:08 PM

No need to, just run the onlinscan now :)


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users