Jump to content


Photo
- - - - -

Yet another WhiteSmoke infection


  • This topic is locked This topic is locked
29 replies to this topic

#1 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 22 June 2012 - 06:07 PM

Whitesmoke toolbar showing up on Firefox.

Here is the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by John at 18:49:00 on 2012-06-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.979 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live

\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Apple Computer] rundll32.exe "c:\users\john\appdata\local\dfx\apple computer\ryspolxg.dll",CreateInstance
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\john\appdata\local\temp\{1f622389-e184-41f9-

b1df-77198c1e351c}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: samsung.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
TCP: Interfaces\{9320F265-75F3-49E1-8F5C-85C423F568FD} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733} : DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\7596C6C69616D637 : DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\7657563747 : DhcpNameServer = 10.12.10.1 10.21.35.10 10.18.35.10
TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\8416E637 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\extensions\devicedetection@logitech.com\plugins

\npLogitechDeviceDetection.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-21 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-3 337880]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2011-4-3 1984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-3 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-3 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-25 44768]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2011-8-23 11392]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-28 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-22 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-22 8456]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-1-21 33792]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-4-3 81168]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-2-8 20080]
S3 PS3 Media Server;PS3 Media Server; [x]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-8-14 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-8-14 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-8-14 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-8-14 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-8-14 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-8-14 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-8-14 115752]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-22 14:24:39 -------- d-----w- c:\users\john\appdata\roaming\SUPERAntiSpyware.com
2012-06-22 14:24:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-22 14:24:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-22 10:51:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6186e0e-a18a-4034-820d-

3c8e137af848}\offreg.dll
2012-06-22 10:50:04 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6186e0e-a18a-4034-820d-

3c8e137af848}\mpengine.dll
2012-06-22 10:47:09 -------- d-----w- c:\users\john\appdata\local\{5C63912F-64A9-4357-A592-D3B6FCDCC623}
2012-06-22 10:46:43 -------- d-----w- c:\users\john\appdata\local\{48D66B41-BBD3-48B8-AB81-66E0C5D07EDD}
2012-06-21 19:05:45 -------- d-----w- c:\users\john\appdata\local\{AD727E21-C105-46E3-BD0C-A9FBDDBFDCA3}
2012-06-21 19:05:34 -------- d-----w- c:\users\john\appdata\local\{735FCF54-B3C1-477C-A284-6E3045CFD476}
2012-06-21 14:34:04 -------- d-----w- c:\users\john\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-21 11:12:58 -------- d-----w- c:\windows\en
2012-06-21 11:06:03 -------- d-----w- c:\program files\Adobe Download Assistant
2012-06-21 11:05:30 -------- d-----w- c:\users\john\appdata\local\{3AE0167D-9012-41F3-A58A-F2FC68DEDA0A}
2012-06-21 11:04:37 -------- d-----w- c:\program files\Conduit
2012-06-21 11:04:28 -------- d-----w- c:\users\john\appdata\local\Conduit
2012-06-21 11:00:56 15712 ----a-w- c:\program files\common files\windows live\.cache\21d76b571cd4f9d02\MeshBetaRemover.exe
2012-06-21 11:00:55 537432 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\DXSETUP.exe
2012-06-21 11:00:54 89944 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\DSETUP.dll
2012-06-21 11:00:54 1801048 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\dsetup32.dll
2012-06-21 11:00:39 -------- d-----w- c:\users\john\appdata\local\{58FD684D-33C4-42FD-955A-EA9A4EFF2759}
2012-06-21 11:00:02 -------- d-----w- c:\users\john\appdata\local\{7E08D90A-6206-4B6E-A67C-F9F1A1D557BA}
2012-06-21 10:59:52 -------- d-----w- c:\users\john\appdata\local\{FDF459AA-A107-458F-BC28-BF84B1277EE0}
2012-06-21 10:53:52 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:53:52 -------- d-----w- c:\users\john\appdata\local\{9F7C556B-138A-4C08-A717-8D8B66764E3D}
2012-06-21 10:53:23 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:53:13 -------- d-----w- c:\users\john\appdata\local\{BAC24AA7-A921-4004-AF0E-03324984E623}
2012-06-21 10:52:47 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 10:52:47 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 13:37:43 -------- d-----w- c:\users\john\appdata\local\{D4FD3AB5-3316-47EA-87C9-5DDE9B1C27B0}
2012-06-20 13:37:25 -------- d-----w- c:\users\john\appdata\local\{95881B8A-0EBA-40E4-B504-D89128B130B4}
2012-06-16 02:19:26 -------- d-----w- c:\users\john\appdata\local\{49D61010-7B3F-42DB-B396-9911E33223EF}
2012-06-15 13:54:07 -------- d-----w- c:\users\john\appdata\local\{6F23AAB4-13B6-4EA6-BB4C-B4BB2942B2C0}
2012-06-15 01:04:07 -------- d-----w- c:\users\john\appdata\local\{DC1D7565-84E0-4BC2-BF99-9B8D3CEFC244}
2012-06-13 11:40:58 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 11:40:56 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 11:40:54 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 11:40:52 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 11:40:52 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 11:40:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 11:40:49 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 11:40:38 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 11:40:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 11:40:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 16:54:00 -------- d-----w- c:\users\john\appdata\local\Macromedia
2012-06-06 22:02:21 -------- d-----w- c:\users\john\appdata\local\{A23D4AC7-8DAF-4282-94BD-23391ED1229E}
2012-06-06 22:02:10 -------- d-----w- c:\users\john\appdata\local\{5ADF7BBA-1F5C-4F81-B093-42210A008A94}
2012-06-06 16:45:01 -------- d-----w- c:\users\john\appdata\local\{502BA10A-2CD7-4F9E-86C5-14532F5A0F64}
2012-06-06 16:44:49 -------- d-----w- c:\users\john\appdata\local\{2AFCFD8C-E193-4353-A5D9-7157F65D5E1D}
2012-06-03 23:55:21 -------- d-----w- c:\users\john\appdata\local\{7E6E0E4B-E1D9-4891-8A69-2D0A19F68302}
2012-06-03 23:55:08 -------- d-----w- c:\users\john\appdata\local\{973C4EE3-AEFA-4154-A1FC-51B302A0354E}
2012-05-29 01:33:32 -------- d-----w- c:\users\john\appdata\local\{07E6DAB2-8ACA-49D4-868F-AFAC19089DDA}
2012-05-28 14:05:18 -------- d-----w- c:\users\john\appdata\local\3DVIA
2012-05-28 14:04:57 -------- d-----w- c:\programdata\3DVIA
2012-05-28 14:04:56 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-05-28 14:04:55 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-05-28 14:04:51 -------- d-----w- c:\program files\Virtools
2012-05-28 13:36:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-06-11 16:52:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-24 16:57:34 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 18:49:50.72 ===============

#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 22 June 2012 - 09:10 PM

Hello and welcome to MalwareBytes forums.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Look on your Desktop. There should be a log file named ATTACH.txt.
Use NOTEPAD to open it. Copy all the contents, and Paste into your next reply.

Your log shows uTorrent, which is not recommended, since peer-to-peer filesharing is a avenue for malware to spread.
Use Control Panel's Programs and Features. Locate it. and right click on uTorrent and select Un-install.
Confirm that in your reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 22 June 2012 - 09:32 PM

Here is contents of the ATTACH.txt file:
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2010 3:10:25 PM
System Uptime: 6/22/2012 4:22:38 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Celeron® CPU 550 @ 2.00GHz | Microprocessor | 1995/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 114.626 GiB free.
D: is CDROM ()
F: is FIXED (FAT32) - 75 GiB total, 45.213 GiB free.
G: is CDROM ()
X: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP415: 6/5/2012 7:14:22 AM - Windows Update
RP416: 6/8/2012 7:36:42 AM - Windows Update
RP417: 6/12/2012 7:34:13 AM - Windows Update
RP418: 6/13/2012 10:31:51 PM - Windows Update
RP419: 6/19/2012 7:40:19 AM - Windows Update
RP420: 6/21/2012 6:52:16 AM - Windows Update
RP422: 6/21/2012 7:00:53 AM - Windows Live Essentials
RP424: 6/21/2012 7:03:21 AM - Installed DirectX
RP426: 6/21/2012 7:04:54 AM - Installed DirectX
RP428: 6/21/2012 8:18:25 AM - Windows Live Essentials
RP430: 6/21/2012 8:20:28 AM - Installed DirectX
RP432: 6/21/2012 8:21:43 AM - Installed DirectX
RP433: 6/21/2012 8:22:09 AM - WLSetup
RP435: 6/21/2012 10:40:46 AM - Removed RollerCoaster Tycoon 2 Triple Thrill Pack
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
3DVIA player 5.0.0.20
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Audacity 1.2.6
avast! Free Antivirus
calibre
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP640 series MP Drivers
Canon MP640 series User Registration
Canon Utilities My Printer
D3DX10
EASEUS Partition Master 8.0.1 Home Edition
eReg
Free M4a to MP3 Converter 7.0
Free Mp3 Wma Converter V 2.2
Free Window Registry Repair
Hamster Free EbookConverter
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
ImagXpress
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 2
Junk Mail filter update
LAME v3.98.2 for Audacity
Logitech SetPoint 6.22
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 RsFx Driver
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.49
MS Access 97 SP2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Network
OGA Notifier 2.0.0048.0
PeerBlock 1.1 (r518)
PowerISO
PS_AIO_07_D110_SW_Min
PS3 Media Server
QuickTime
RCT3 Soaked
RICOH R5U8xx Media Driver ver.3.62.02
RollerCoaster Tycoon 2 Triple Thrill Pack
RollerCoaster Tycoon® 3
Sansa Updater
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sql Server Customer Experience Improvement Program
SUPERAntiSpyware
swMSM
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
6/22/2012 6:46:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.
6/22/2012 5:35:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/22/2012 4:43:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
6/22/2012 10:14:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSLPSVC service.
6/22/2012 1:59:54 PM, Error: Service Control Manager [7000] - The DUALSHOCK3 Controller HID Minidriver (USB) Beta service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/22/2012 1:59:54 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
6/22/2012 1:59:28 PM, Error: volmgr [46] - Crash dump initialization failed!
6/21/2012 12:46:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
6/21/2012 12:38:54 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
6/17/2012 2:25:17 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.
6/16/2012 9:08:08 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer EDWIN-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD4B7C28-244C-43F0-8FA2-14EDF80. The master browser is stopping or an election is being forced.
6/15/2012 11:57:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUDITHSTUSS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD4B7C28-244C-43F0-8FA2-14E. The master browser is stopping or an election is being forced.
6/15/2012 11:08:55 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.123. The computer with the IP address 192.168.1.125 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

Utorrent has been uninstalled. Thank you for the fast reply.

#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 22 June 2012 - 09:47 PM

Turn off your antivirus program so that it does not interfere.

Step 2
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3
Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder
http://support.kaspe.../tdsskiller.exe
and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon


Step 3. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4
Please read carefully and follow these steps.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 22 June 2012 - 11:01 PM

Having an issue on step 3, getting a pop-up box that says:

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" refers to a location that is unavailable.
Followed the directions exactly,not sure what happened.

#6 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 22 June 2012 - 11:24 PM

Disregard that last post. Here is the TDSSKiller report:


00:21:00.0307 4384 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
00:21:00.0650 4384 ============================================================
00:21:00.0650 4384 Current date / time: 2012/06/23 00:21:00.0650
00:21:00.0650 4384 SystemInfo:
00:21:00.0650 4384
00:21:00.0650 4384 OS Version: 6.1.7601 ServicePack: 1.0
00:21:00.0650 4384 Product type: Workstation
00:21:00.0651 4384 ComputerName: JOHN-LAPTOP
00:21:00.0651 4384 UserName: John
00:21:00.0651 4384 Windows directory: C:\Windows
00:21:00.0651 4384 System windows directory: C:\Windows
00:21:00.0651 4384 Processor architecture: Intel x86
00:21:00.0651 4384 Number of processors: 1
00:21:00.0651 4384 Page size: 0x1000
00:21:00.0651 4384 Boot type: Normal boot
00:21:00.0651 4384 ============================================================
00:21:02.0657 4384 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:21:02.0663 4384 ============================================================
00:21:02.0663 4384 \Device\Harddisk0\DR0:
00:21:02.0664 4384 MBR partitions:
00:21:02.0664 4384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:21:02.0664 4384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
00:21:02.0664 4384 ============================================================
00:21:02.0697 4384 C: <-> \Device\Harddisk0\DR0\Partition1
00:21:02.0697 4384 ============================================================
00:21:02.0697 4384 Initialize success
00:21:02.0697 4384 ============================================================
00:21:04.0997 1652 ============================================================
00:21:04.0997 1652 Scan started
00:21:04.0997 1652 Mode: Manual;
00:21:04.0997 1652 ============================================================
00:21:05.0825 1652 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:21:05.0827 1652 !SASCORE - ok
00:21:06.0055 1652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:21:06.0057 1652 1394ohci - ok
00:21:06.0108 1652 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:21:06.0111 1652 ACPI - ok
00:21:06.0160 1652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:21:06.0161 1652 AcpiPmi - ok
00:21:06.0189 1652 adfs - ok
00:21:06.0295 1652 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:21:06.0297 1652 AdobeFlashPlayerUpdateSvc - ok
00:21:06.0375 1652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:21:06.0379 1652 adp94xx - ok
00:21:06.0419 1652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:21:06.0422 1652 adpahci - ok
00:21:06.0448 1652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:21:06.0450 1652 adpu320 - ok
00:21:06.0496 1652 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:21:06.0498 1652 AeLookupSvc - ok
00:21:06.0576 1652 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:21:06.0580 1652 AFD - ok
00:21:06.0623 1652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:21:06.0624 1652 agp440 - ok
00:21:06.0661 1652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:21:06.0663 1652 aic78xx - ok
00:21:06.0706 1652 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:21:06.0708 1652 ALG - ok
00:21:06.0725 1652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:21:06.0726 1652 aliide - ok
00:21:06.0771 1652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:21:06.0773 1652 amdagp - ok
00:21:06.0798 1652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:21:06.0800 1652 amdide - ok
00:21:06.0856 1652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:21:06.0858 1652 AmdK8 - ok
00:21:06.0880 1652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:21:06.0882 1652 AmdPPM - ok
00:21:06.0923 1652 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:21:06.0924 1652 amdsata - ok
00:21:06.0960 1652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:21:06.0962 1652 amdsbs - ok
00:21:06.0975 1652 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:21:06.0976 1652 amdxata - ok
00:21:07.0061 1652 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:21:07.0063 1652 AppID - ok
00:21:07.0101 1652 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:21:07.0104 1652 AppIDSvc - ok
00:21:07.0168 1652 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
00:21:07.0172 1652 Appinfo - ok
00:21:07.0248 1652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:21:07.0249 1652 arc - ok
00:21:07.0272 1652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:21:07.0273 1652 arcsas - ok
00:21:07.0328 1652 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
00:21:07.0329 1652 aswFsBlk - ok
00:21:07.0376 1652 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
00:21:07.0377 1652 aswMonFlt - ok
00:21:07.0434 1652 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
00:21:07.0436 1652 aswRdr - ok
00:21:07.0559 1652 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
00:21:07.0565 1652 aswSnx - ok
00:21:07.0627 1652 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
00:21:07.0630 1652 aswSP - ok
00:21:07.0667 1652 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
00:21:07.0669 1652 aswTdi - ok
00:21:07.0707 1652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:21:07.0709 1652 AsyncMac - ok
00:21:07.0745 1652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:21:07.0746 1652 atapi - ok
00:21:07.0837 1652 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:21:07.0842 1652 AudioEndpointBuilder - ok
00:21:07.0856 1652 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:21:07.0866 1652 Audiosrv - ok
00:21:07.0945 1652 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:21:07.0946 1652 avast! Antivirus - ok
00:21:08.0010 1652 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
00:21:08.0012 1652 AxInstSV - ok
00:21:08.0091 1652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:21:08.0095 1652 b06bdrv - ok
00:21:08.0162 1652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:21:08.0165 1652 b57nd60x - ok
00:21:08.0384 1652 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:21:08.0405 1652 BCM43XX - ok
00:21:08.0704 1652 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:21:08.0707 1652 BDESVC - ok
00:21:08.0778 1652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:21:08.0779 1652 Beep - ok
00:21:09.0063 1652 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
00:21:09.0070 1652 BFE - ok
00:21:09.0306 1652 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
00:21:09.0319 1652 BITS - ok
00:21:09.0347 1652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:21:09.0348 1652 blbdrive - ok
00:21:09.0412 1652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:21:09.0413 1652 bowser - ok
00:21:09.0436 1652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:21:09.0437 1652 BrFiltLo - ok
00:21:09.0539 1652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:21:09.0540 1652 BrFiltUp - ok
00:21:09.0603 1652 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:21:09.0605 1652 BridgeMP - ok
00:21:09.0670 1652 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
00:21:09.0672 1652 Browser - ok
00:21:09.0881 1652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:21:09.0884 1652 Brserid - ok
00:21:09.0906 1652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:21:09.0907 1652 BrSerWdm - ok
00:21:09.0938 1652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:21:09.0939 1652 BrUsbMdm - ok
00:21:10.0061 1652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:21:10.0062 1652 BrUsbSer - ok
00:21:10.0190 1652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:21:10.0192 1652 BTHMODEM - ok
00:21:10.0263 1652 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:21:10.0266 1652 bthserv - ok
00:21:10.0353 1652 catchme - ok
00:21:10.0480 1652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:21:10.0482 1652 cdfs - ok
00:21:10.0638 1652 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
00:21:10.0640 1652 cdrom - ok
00:21:10.0717 1652 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:21:10.0719 1652 CertPropSvc - ok
00:21:10.0750 1652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:21:10.0752 1652 circlass - ok
00:21:10.0826 1652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:21:10.0833 1652 CLFS - ok
00:21:11.0028 1652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:21:11.0030 1652 clr_optimization_v2.0.50727_32 - ok
00:21:11.0134 1652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:21:11.0137 1652 clr_optimization_v4.0.30319_32 - ok
00:21:11.0174 1652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:21:11.0175 1652 CmBatt - ok
00:21:11.0342 1652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:21:11.0343 1652 cmdide - ok
00:21:11.0406 1652 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
00:21:11.0410 1652 CNG - ok
00:21:11.0450 1652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:21:11.0452 1652 Compbatt - ok
00:21:11.0493 1652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:21:11.0496 1652 CompositeBus - ok
00:21:11.0525 1652 COMSysApp - ok
00:21:11.0553 1652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:21:11.0554 1652 crcdisk - ok
00:21:11.0658 1652 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
00:21:11.0661 1652 CryptSvc - ok
00:21:11.0741 1652 dc3d (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys
00:21:11.0743 1652 dc3d - ok
00:21:11.0816 1652 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:21:11.0824 1652 DcomLaunch - ok
00:21:11.0863 1652 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:21:11.0869 1652 defragsvc - ok
00:21:11.0918 1652 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:21:11.0920 1652 DfsC - ok
00:21:12.0003 1652 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
00:21:12.0007 1652 Dhcp - ok
00:21:12.0031 1652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:21:12.0043 1652 discache - ok
00:21:12.0104 1652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:21:12.0106 1652 Disk - ok
00:21:12.0159 1652 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
00:21:12.0163 1652 Dnscache - ok
00:21:12.0221 1652 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
00:21:12.0225 1652 dot3svc - ok
00:21:12.0307 1652 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
00:21:12.0310 1652 Dot4 - ok
00:21:12.0359 1652 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:21:12.0361 1652 Dot4Print - ok
00:21:12.0387 1652 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
00:21:12.0389 1652 dot4usb - ok
00:21:12.0437 1652 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
00:21:12.0441 1652 DPS - ok
00:21:12.0487 1652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:21:12.0489 1652 drmkaud - ok
00:21:12.0550 1652 dualshock3 (d9d593f97d2004e92e18fab0b6f7fe48) C:\Windows\system32\DRIVERS\dualshock3.sys
00:21:12.0552 1652 dualshock3 - ok
00:21:12.0653 1652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:21:12.0660 1652 DXGKrnl - ok
00:21:12.0703 1652 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:21:12.0707 1652 EapHost - ok
00:21:12.0944 1652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:21:12.0968 1652 ebdrv - ok
00:21:13.0100 1652 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
00:21:13.0106 1652 EFS - ok
00:21:13.0221 1652 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
00:21:13.0231 1652 ehRecvr - ok
00:21:13.0299 1652 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:21:13.0301 1652 ehSched - ok
00:21:13.0403 1652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:21:13.0407 1652 elxstor - ok
00:21:13.0475 1652 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
00:21:13.0483 1652 epmntdrv - ok
00:21:13.0550 1652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:21:13.0552 1652 ErrDev - ok
00:21:13.0640 1652 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
00:21:13.0643 1652 EuGdiDrv - ok
00:21:13.0741 1652 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:21:13.0745 1652 EventSystem - ok
00:21:13.0782 1652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:21:13.0784 1652 exfat - ok
00:21:13.0814 1652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:21:13.0816 1652 fastfat - ok
00:21:13.0898 1652 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
00:21:13.0905 1652 Fax - ok
00:21:13.0927 1652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:21:13.0929 1652 fdc - ok
00:21:13.0973 1652 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:21:13.0978 1652 fdPHost - ok
00:21:14.0015 1652 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:21:14.0018 1652 FDResPub - ok
00:21:14.0044 1652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:21:14.0046 1652 FileInfo - ok
00:21:14.0075 1652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:21:14.0076 1652 Filetrace - ok
00:21:14.0098 1652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:21:14.0099 1652 flpydisk - ok
00:21:14.0141 1652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:21:14.0144 1652 FltMgr - ok
00:21:14.0297 1652 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
00:21:14.0306 1652 FontCache - ok
00:21:14.0425 1652 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:21:14.0426 1652 FontCache3.0.0.0 - ok
00:21:14.0476 1652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:21:14.0477 1652 FsDepends - ok
00:21:14.0516 1652 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
00:21:14.0517 1652 Fs_Rec - ok
00:21:14.0591 1652 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:21:14.0594 1652 fvevol - ok
00:21:14.0642 1652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:21:14.0644 1652 gagp30kx - ok
00:21:14.0712 1652 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
00:21:14.0719 1652 gpsvc - ok
00:21:14.0750 1652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:21:14.0751 1652 hcw85cir - ok
00:21:14.0849 1652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
00:21:14.0852 1652 HdAudAddService - ok
00:21:14.0888 1652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:21:14.0892 1652 HDAudBus - ok
00:21:14.0910 1652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:21:14.0911 1652 HidBatt - ok
00:21:14.0950 1652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:21:14.0952 1652 HidBth - ok
00:21:14.0995 1652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:21:14.0997 1652 HidIr - ok
00:21:15.0035 1652 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
00:21:15.0038 1652 hidserv - ok
00:21:15.0094 1652 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:21:15.0096 1652 HidUsb - ok
00:21:15.0148 1652 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
00:21:15.0152 1652 hkmsvc - ok
00:21:15.0202 1652 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
00:21:15.0207 1652 HomeGroupListener - ok
00:21:15.0273 1652 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
00:21:15.0282 1652 HomeGroupProvider - ok
00:21:15.0353 1652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:21:15.0355 1652 HpSAMD - ok
00:21:15.0584 1652 HPSLPSVC (9d23402d305869844bc6004a05cc74ba) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
00:21:15.0590 1652 HPSLPSVC - ok
00:21:15.0690 1652 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:21:15.0695 1652 HTTP - ok
00:21:15.0745 1652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:21:15.0746 1652 hwpolicy - ok
00:21:15.0807 1652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:21:15.0811 1652 i8042prt - ok
00:21:15.0888 1652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:21:15.0891 1652 iaStorV - ok
00:21:16.0036 1652 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:21:16.0044 1652 idsvc - ok
00:21:16.0379 1652 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:21:16.0417 1652 igfx - ok
00:21:16.0614 1652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:21:16.0616 1652 iirsp - ok
00:21:16.0714 1652 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
00:21:16.0722 1652 IKEEXT - ok
00:21:16.0777 1652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:21:16.0780 1652 intelide - ok
00:21:16.0817 1652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:21:16.0818 1652 intelppm - ok
00:21:16.0877 1652 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:21:16.0882 1652 IPBusEnum - ok
00:21:16.0917 1652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:21:16.0919 1652 IpFilterDriver - ok
00:21:16.0996 1652 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
00:21:17.0004 1652 iphlpsvc - ok
00:21:17.0069 1652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:21:17.0070 1652 IPMIDRV - ok
00:21:17.0114 1652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:21:17.0116 1652 IPNAT - ok
00:21:17.0151 1652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:21:17.0152 1652 IRENUM - ok
00:21:17.0178 1652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:21:17.0182 1652 isapnp - ok
00:21:17.0246 1652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:21:17.0249 1652 iScsiPrt - ok
00:21:17.0289 1652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:21:17.0291 1652 kbdclass - ok
00:21:17.0341 1652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
00:21:17.0343 1652 kbdhid - ok
00:21:17.0393 1652 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:17.0399 1652 KeyIso - ok
00:21:17.0423 1652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
00:21:17.0425 1652 KSecDD - ok
00:21:17.0457 1652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
00:21:17.0459 1652 KSecPkg - ok
00:21:17.0516 1652 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:21:17.0522 1652 KtmRm - ok
00:21:17.0577 1652 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
00:21:17.0601 1652 LanmanServer - ok
00:21:17.0653 1652 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
00:21:17.0660 1652 LanmanWorkstation - ok
00:21:17.0850 1652 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
00:21:17.0853 1652 LBTServ - ok
00:21:17.0916 1652 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:21:17.0918 1652 LHidFilt - ok
00:21:18.0013 1652 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
00:21:18.0017 1652 libusb0 - ok
00:21:18.0067 1652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:21:18.0069 1652 lltdio - ok
00:21:18.0121 1652 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:21:18.0126 1652 lltdsvc - ok
00:21:18.0151 1652 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:21:18.0155 1652 lmhosts - ok
00:21:18.0206 1652 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:21:18.0208 1652 LMouFilt - ok
00:21:18.0258 1652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:21:18.0260 1652 LSI_FC - ok
00:21:18.0289 1652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:21:18.0290 1652 LSI_SAS - ok
00:21:18.0320 1652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:21:18.0322 1652 LSI_SAS2 - ok
00:21:18.0354 1652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:21:18.0356 1652 LSI_SCSI - ok
00:21:18.0380 1652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:21:18.0384 1652 luafv - ok
00:21:18.0441 1652 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
00:21:18.0443 1652 mcdbus - ok
00:21:18.0504 1652 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
00:21:18.0508 1652 Mcx2Svc - ok
00:21:18.0537 1652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:21:18.0538 1652 megasas - ok
00:21:18.0572 1652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:21:18.0575 1652 MegaSR - ok
00:21:18.0624 1652 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:21:18.0629 1652 MMCSS - ok
00:21:18.0652 1652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:21:18.0654 1652 Modem - ok
00:21:18.0693 1652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:21:18.0694 1652 monitor - ok
00:21:18.0757 1652 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys
00:21:18.0759 1652 MotioninJoyXFilter - ok
00:21:18.0819 1652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:21:18.0821 1652 mouclass - ok
00:21:18.0855 1652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:21:18.0856 1652 mouhid - ok
00:21:18.0905 1652 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:21:18.0907 1652 mountmgr - ok
00:21:18.0999 1652 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:21:19.0003 1652 MozillaMaintenance - ok
00:21:19.0066 1652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:21:19.0070 1652 mpio - ok
00:21:19.0107 1652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:21:19.0108 1652 mpsdrv - ok
00:21:19.0175 1652 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
00:21:19.0184 1652 MpsSvc - ok
00:21:19.0253 1652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:21:19.0255 1652 MRxDAV - ok
00:21:19.0327 1652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:21:19.0329 1652 mrxsmb - ok
00:21:19.0392 1652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:21:19.0395 1652 mrxsmb10 - ok
00:21:19.0426 1652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:21:19.0428 1652 mrxsmb20 - ok
00:21:19.0454 1652 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:21:19.0456 1652 msahci - ok
00:21:19.0485 1652 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:21:19.0489 1652 msdsm - ok
00:21:19.0541 1652 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:21:19.0546 1652 MSDTC - ok
00:21:19.0606 1652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:21:19.0608 1652 Msfs - ok
00:21:19.0640 1652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:21:19.0641 1652 mshidkmdf - ok
00:21:19.0660 1652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:21:19.0661 1652 msisadrv - ok
00:21:19.0723 1652 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:21:19.0727 1652 MSiSCSI - ok
00:21:19.0741 1652 msiserver - ok
00:21:19.0786 1652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:21:19.0788 1652 MSKSSRV - ok
00:21:19.0817 1652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:21:19.0818 1652 MSPCLOCK - ok
00:21:19.0834 1652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:21:19.0838 1652 MSPQM - ok
00:21:19.0892 1652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:21:19.0894 1652 MsRPC - ok
00:21:19.0944 1652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:21:19.0945 1652 mssmbios - ok
00:21:20.0288 1652 MSSQL$SQLEXPRESS - ok
00:21:20.0342 1652 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:21:20.0344 1652 MSSQLServerADHelper100 - ok
00:21:20.0428 1652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:21:20.0429 1652 MSTEE - ok
00:21:20.0573 1652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:21:20.0574 1652 MTConfig - ok
00:21:21.0027 1652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:21:21.0029 1652 Mup - ok
00:21:22.0256 1652 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
00:21:22.0264 1652 napagent - ok
00:21:22.0306 1652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:21:22.0311 1652 NativeWifiP - ok
00:21:22.0391 1652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:21:22.0397 1652 NDIS - ok
00:21:22.0433 1652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:21:22.0434 1652 NdisCap - ok
00:21:22.0469 1652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:21:22.0471 1652 NdisTapi - ok
00:21:22.0511 1652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:21:22.0512 1652 Ndisuio - ok
00:21:22.0557 1652 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:21:22.0559 1652 NdisWan - ok
00:21:22.0636 1652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:21:22.0638 1652 NDProxy - ok
00:21:22.0684 1652 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
00:21:22.0688 1652 Net Driver HPZ12 - ok
00:21:22.0745 1652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:21:22.0747 1652 NetBIOS - ok
00:21:22.0805 1652 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:21:22.0808 1652 NetBT - ok
00:21:22.0850 1652 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:22.0854 1652 Netlogon - ok
00:21:22.0936 1652 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:21:22.0947 1652 Netman - ok
00:21:22.0997 1652 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:21:23.0005 1652 netprofm - ok
00:21:23.0140 1652 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:21:23.0142 1652 NetTcpPortSharing - ok
00:21:23.0206 1652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:21:23.0208 1652 nfrd960 - ok
00:21:23.0278 1652 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
00:21:23.0289 1652 NlaSvc - ok
00:21:23.0316 1652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:21:23.0317 1652 Npfs - ok
00:21:23.0335 1652 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:21:23.0341 1652 nsi - ok
00:21:23.0366 1652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:21:23.0367 1652 nsiproxy - ok
00:21:23.0495 1652 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:21:23.0505 1652 Ntfs - ok
00:21:23.0566 1652 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
00:21:23.0568 1652 NuidFltr - ok
00:21:23.0593 1652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:21:23.0597 1652 Null - ok
00:21:23.0644 1652 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:21:23.0648 1652 nvraid - ok
00:21:23.0674 1652 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:21:23.0676 1652 nvstor - ok
00:21:23.0733 1652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:21:23.0735 1652 nv_agp - ok
00:21:23.0854 1652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:21:23.0858 1652 odserv - ok
00:21:23.0897 1652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:21:23.0899 1652 ohci1394 - ok
00:21:23.0952 1652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:21:23.0953 1652 ose - ok
00:21:24.0009 1652 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:21:24.0016 1652 p2pimsvc - ok
00:21:24.0061 1652 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:21:24.0069 1652 p2psvc - ok
00:21:24.0164 1652 papycpu (8051a829dc5544c55fb647447c4b0286) C:\Windows\system32\drivers\papycpu.sys
00:21:24.0166 1652 papycpu - ok
00:21:24.0251 1652 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\Windows\System32\DRIVERS\papycpu2.sys
00:21:24.0252 1652 papycpu2 - ok
00:21:24.0273 1652 papyjoy (a4b3fb04a3f6367bc264e8addcae2a48) C:\Windows\system32\drivers\papyjoy.sys
00:21:24.0274 1652 papyjoy - ok
00:21:24.0320 1652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:21:24.0321 1652 Parport - ok
00:21:24.0361 1652 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
00:21:24.0363 1652 partmgr - ok
00:21:24.0386 1652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:21:24.0387 1652 Parvdm - ok
00:21:24.0495 1652 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
00:21:24.0496 1652 pbfilter - ok
00:21:24.0542 1652 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:21:24.0550 1652 PcaSvc - ok
00:21:24.0607 1652 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:21:24.0610 1652 pci - ok
00:21:24.0635 1652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:21:24.0637 1652 pciide - ok
00:21:24.0675 1652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:21:24.0678 1652 pcmcia - ok
00:21:24.0703 1652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:21:24.0710 1652 pcw - ok
00:21:24.0767 1652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:21:24.0773 1652 PEAUTH - ok
00:21:24.0952 1652 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
00:21:24.0972 1652 pla - ok
00:21:25.0162 1652 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
00:21:25.0170 1652 PlugPlay - ok
00:21:25.0221 1652 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
00:21:25.0224 1652 Pml Driver HPZ12 - ok
00:21:25.0272 1652 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:21:25.0277 1652 PNRPAutoReg - ok
00:21:25.0322 1652 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:21:25.0329 1652 PNRPsvc - ok
00:21:25.0410 1652 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
00:21:25.0412 1652 Point32 - ok
00:21:25.0483 1652 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
00:21:25.0489 1652 PolicyAgent - ok
00:21:25.0546 1652 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
00:21:25.0555 1652 Power - ok
00:21:25.0603 1652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:21:25.0605 1652 PptpMiniport - ok
00:21:25.0626 1652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:21:25.0627 1652 Processor - ok
00:21:25.0686 1652 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
00:21:25.0692 1652 ProfSvc - ok
00:21:25.0740 1652 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:25.0745 1652 ProtectedStorage - ok
00:21:25.0828 1652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:21:25.0831 1652 Psched - ok
00:21:25.0948 1652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:21:25.0960 1652 ql2300 - ok
00:21:26.0113 1652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:21:26.0115 1652 ql40xx - ok
00:21:26.0176 1652 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:21:26.0184 1652 QWAVE - ok
00:21:26.0205 1652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:21:26.0207 1652 QWAVEdrv - ok
00:21:26.0294 1652 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
00:21:26.0296 1652 RapiMgr - ok
00:21:26.0323 1652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:21:26.0325 1652 RasAcd - ok
00:21:26.0377 1652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:21:26.0379 1652 RasAgileVpn - ok
00:21:26.0407 1652 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:21:26.0413 1652 RasAuto - ok
00:21:26.0439 1652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:21:26.0442 1652 Rasl2tp - ok
00:21:26.0531 1652 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
00:21:26.0539 1652 RasMan - ok
00:21:26.0561 1652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:21:26.0563 1652 RasPppoe - ok
00:21:26.0591 1652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:21:26.0593 1652 RasSstp - ok
00:21:26.0651 1652 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:21:26.0655 1652 rdbss - ok
00:21:26.0682 1652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:21:26.0683 1652 rdpbus - ok
00:21:26.0722 1652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:21:26.0724 1652 RDPCDD - ok
00:21:26.0765 1652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:21:26.0766 1652 RDPENCDD - ok
00:21:26.0795 1652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:21:26.0797 1652 RDPREFMP - ok
00:21:26.0839 1652 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
00:21:26.0842 1652 RDPWD - ok
00:21:26.0898 1652 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:21:26.0901 1652 rdyboost - ok
00:21:26.0948 1652 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:21:26.0955 1652 RemoteAccess - ok
00:21:27.0015 1652 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:21:27.0021 1652 RemoteRegistry - ok
00:21:27.0080 1652 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:21:27.0082 1652 rimmptsk - ok
00:21:27.0141 1652 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:21:27.0143 1652 rimsptsk - ok
00:21:27.0195 1652 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:21:27.0197 1652 rismxdp - ok
00:21:27.0227 1652 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:21:27.0233 1652 RpcEptMapper - ok
00:21:27.0280 1652 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:21:27.0284 1652 RpcLocator - ok
00:21:27.0347 1652 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:21:27.0355 1652 RpcSs - ok
00:21:27.0410 1652 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
00:21:27.0413 1652 RsFx0102 - ok
00:21:27.0484 1652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:21:27.0486 1652 rspndr - ok
00:21:27.0534 1652 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
00:21:27.0536 1652 s0016bus - ok
00:21:27.0579 1652 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
00:21:27.0581 1652 s0016mdfl - ok
00:21:27.0636 1652 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
00:21:27.0641 1652 s0016mdm - ok
00:21:27.0699 1652 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
00:21:27.0701 1652 s0016mgmt - ok
00:21:27.0757 1652 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
00:21:27.0758 1652 s0016nd5 - ok
00:21:27.0818 1652 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
00:21:27.0820 1652 s0016obex - ok
00:21:27.0902 1652 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
00:21:27.0904 1652 s0016unic - ok
00:21:27.0970 1652 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys
00:21:27.0972 1652 s616bus - ok
00:21:27.0994 1652 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys
00:21:27.0995 1652 s616mdfl - ok
00:21:28.0031 1652 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys
00:21:28.0033 1652 s616mdm - ok
00:21:28.0060 1652 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\Windows\system32\DRIVERS\s616mgmt.sys
00:21:28.0062 1652 s616mgmt - ok
00:21:28.0092 1652 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys
00:21:28.0093 1652 s616nd5 - ok
00:21:28.0126 1652 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys
00:21:28.0128 1652 s616obex - ok
00:21:28.0164 1652 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys
00:21:28.0166 1652 s616unic - ok
00:21:28.0219 1652 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:28.0225 1652 SamSs - ok
00:21:28.0329 1652 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:21:28.0330 1652 SASDIFSV - ok
00:21:28.0405 1652 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:21:28.0407 1652 SASKUTIL - ok
00:21:28.0477 1652 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:21:28.0479 1652 sbp2port - ok
00:21:28.0533 1652 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:21:28.0539 1652 SCardSvr - ok
00:21:28.0590 1652 SCDEmu (52402149e66200c2c2bda115bca757d6) C:\Windows\system32\drivers\SCDEmu.sys
00:21:28.0594 1652 SCDEmu - ok
00:21:28.0636 1652 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:21:28.0638 1652 scfilter - ok
00:21:28.0817 1652 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
00:21:28.0830 1652 Schedule - ok
00:21:28.0886 1652 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:21:28.0888 1652 SCPolicySvc - ok
00:21:28.0954 1652 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
00:21:28.0956 1652 sdbus - ok
00:21:29.0017 1652 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
00:21:29.0024 1652 SDRSVC - ok
00:21:29.0116 1652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:21:29.0119 1652 secdrv - ok
00:21:29.0233 1652 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:21:29.0239 1652 seclogon - ok
00:21:29.0297 1652 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
00:21:29.0353 1652 SENS - ok
00:21:29.0404 1652 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:21:29.0412 1652 SensrSvc - ok
00:21:29.0464 1652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:21:29.0466 1652 Serenum - ok
00:21:29.0518 1652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:21:29.0520 1652 Serial - ok
00:21:29.0584 1652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:21:29.0600 1652 sermouse - ok
00:21:29.0701 1652 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
00:21:29.0733 1652 SessionEnv - ok
00:21:29.0793 1652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
00:21:29.0796 1652 sffdisk - ok
00:21:29.0832 1652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:21:29.0834 1652 sffp_mmc - ok
00:21:29.0866 1652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:21:29.0882 1652 sffp_sd - ok
00:21:29.0931 1652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:21:29.0933 1652 sfloppy - ok
00:21:30.0028 1652 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:21:30.0033 1652 SharedAccess - ok
00:21:30.0201 1652 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
00:21:30.0235 1652 ShellHWDetection - ok
00:21:30.0296 1652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:21:30.0298 1652 sisagp - ok
00:21:30.0349 1652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:21:30.0351 1652 SiSRaid2 - ok
00:21:30.0377 1652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:21:30.0381 1652 SiSRaid4 - ok
00:21:30.0410 1652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:21:30.0414 1652 Smb - ok
00:21:30.0465 1652 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:21:30.0471 1652 SNMPTRAP - ok
00:21:30.0490 1652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:21:30.0492 1652 spldr - ok
00:21:30.0556 1652 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
00:21:30.0564 1652 Spooler - ok
00:21:30.0806 1652 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
00:21:30.0835 1652 sppsvc - ok
00:21:30.0985 1652 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
00:21:30.0993 1652 sppuinotify - ok
00:21:31.0139 1652 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
00:21:31.0150 1652 SQLAgent$SQLEXPRESS - ok
00:21:31.0227 1652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:21:31.0231 1652 srv - ok
00:21:31.0279 1652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:21:31.0288 1652 srv2 - ok
00:21:31.0353 1652 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:21:31.0356 1652 SrvHsfHDA - ok
00:21:31.0443 1652 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:21:31.0452 1652 SrvHsfV92 - ok
00:21:31.0513 1652 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:21:31.0519 1652 SrvHsfWinac - ok
00:21:31.0551 1652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:21:31.0553 1652 srvnet - ok
00:21:31.0601 1652 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:21:31.0608 1652 SSDPSRV - ok
00:21:31.0632 1652 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:21:31.0641 1652 SstpSvc - ok
00:21:31.0731 1652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:21:31.0733 1652 stexstor - ok
00:21:31.0868 1652 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
00:21:31.0883 1652 StiSvc - ok
00:21:31.0931 1652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:21:31.0932 1652 swenum - ok
00:21:31.0969 1652 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:21:31.0977 1652 swprv - ok
00:21:32.0105 1652 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
00:21:32.0119 1652 SysMain - ok
00:21:32.0164 1652 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
00:21:32.0173 1652 TabletInputService - ok
00:21:32.0245 1652 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
00:21:32.0253 1652 TapiSrv - ok
00:21:32.0274 1652 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:21:32.0281 1652 TBS - ok
00:21:32.0466 1652 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
00:21:32.0476 1652 Tcpip - ok
00:21:32.0508 1652 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
00:21:32.0518 1652 TCPIP6 - ok
00:21:32.0573 1652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:21:32.0575 1652 tcpipreg - ok
00:21:32.0637 1652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:21:32.0639 1652 TDPIPE - ok
00:21:32.0672 1652 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
00:21:32.0674 1652 TDTCP - ok
00:21:32.0717 1652 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:21:32.0721 1652 tdx - ok
00:21:32.0767 1652 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:21:32.0771 1652 TermDD - ok
00:21:32.0841 1652 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
00:21:32.0851 1652 TermService - ok
00:21:32.0884 1652 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
00:21:32.0893 1652 Themes - ok
00:21:32.0945 1652 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:21:32.0949 1652 THREADORDER - ok
00:21:32.0994 1652 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:21:33.0001 1652 TrkWks - ok
00:21:33.0077 1652 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
00:21:33.0079 1652 TrustedInstaller - ok
00:21:33.0110 1652 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:21:33.0112 1652 tssecsrv - ok
00:21:33.0147 1652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:21:33.0149 1652 TsUsbFlt - ok
00:21:33.0219 1652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:21:33.0224 1652 tunnel - ok
00:21:33.0275 1652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:21:33.0277 1652 uagp35 - ok
00:21:33.0343 1652 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:21:33.0346 1652 udfs - ok
00:21:33.0402 1652 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
00:21:33.0415 1652 UI0Detect - ok
00:21:33.0460 1652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:21:33.0462 1652 uliagpkx - ok
00:21:33.0520 1652 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
00:21:33.0524 1652 umbus - ok
00:21:33.0542 1652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:21:33.0544 1652 UmPass - ok
00:21:33.0656 1652 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
00:21:33.0669 1652 upnphost - ok
00:21:33.0729 1652 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
00:21:33.0731 1652 usbaudio - ok
00:21:33.0780 1652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:21:33.0782 1652 usbccgp - ok
00:21:33.0827 1652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:21:33.0829 1652 usbcir - ok
00:21:33.0874 1652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
00:21:33.0876 1652 usbehci - ok
00:21:33.0948 1652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:21:33.0951 1652 usbhub - ok
00:21:33.0997 1652 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
00:21:33.0999 1652 usbohci - ok
00:21:34.0021 1652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:21:34.0025 1652 usbprint - ok
00:21:34.0079 1652 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:21:34.0081 1652 usbscan - ok
00:21:34.0129 1652 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:21:34.0131 1652 USBSTOR - ok
00:21:34.0173 1652 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:21:34.0180 1652 usbuhci - ok
00:21:34.0233 1652 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
00:21:34.0235 1652 usb_rndisx - ok
00:21:34.0281 1652 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
00:21:34.0288 1652 UxSms - ok
00:21:34.0326 1652 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:34.0330 1652 VaultSvc - ok
00:21:34.0379 1652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:21:34.0381 1652 vdrvroot - ok
00:21:34.0459 1652 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
00:21:34.0468 1652 vds - ok
00:21:34.0525 1652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:21:34.0526 1652 vga - ok
00:21:34.0545 1652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:21:34.0547 1652 VgaSave - ok
00:21:34.0617 1652 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:21:34.0620 1652 vhdmp - ok
00:21:34.0656 1652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:21:34.0660 1652 viaagp - ok
00:21:34.0690 1652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:21:34.0694 1652 ViaC7 - ok
00:21:34.0720 1652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:21:34.0722 1652 viaide - ok
00:21:34.0744 1652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:21:34.0746 1652 volmgr - ok
00:21:34.0789 1652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:21:34.0794 1652 volmgrx - ok
00:21:34.0836 1652 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:21:34.0839 1652 volsnap - ok
00:21:34.0884 1652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:21:34.0886 1652 vsmraid - ok
00:21:35.0011 1652 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
00:21:35.0025 1652 VSS - ok
00:21:35.0055 1652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
00:21:35.0057 1652 vwifibus - ok
00:21:35.0096 1652 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
00:21:35.0099 1652 vwififlt - ok
00:21:35.0151 1652 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
00:21:35.0153 1652 vwifimp - ok
00:21:35.0236 1652 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
00:21:35.0245 1652 W32Time - ok
00:21:35.0286 1652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:21:35.0288 1652 WacomPen - ok
00:21:35.0339 1652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:21:35.0342 1652 WANARP - ok
00:21:35.0354 1652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:21:35.0356 1652 Wanarpv6 - ok
00:21:35.0519 1652 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
00:21:35.0530 1652 WatAdminSvc - ok
00:21:35.0648 1652 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
00:21:35.0663 1652 wbengine - ok
00:21:35.0702 1652 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
00:21:35.0717 1652 WbioSrvc - ok
00:21:35.0807 1652 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
00:21:35.0811 1652 WcesComm - ok
00:21:35.0884 1652 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
00:21:35.0892 1652 wcncsvc - ok
00:21:35.0912 1652 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
00:21:35.0919 1652 WcsPlugInService - ok
00:21:35.0991 1652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:21:35.0993 1652 Wd - ok
00:21:36.0045 1652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:21:36.0050 1652 Wdf01000 - ok
00:21:36.0070 1652 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:21:36.0080 1652 WdiServiceHost - ok
00:21:36.0091 1652 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:21:36.0100 1652 WdiSystemHost - ok
00:21:36.0156 1652 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
00:21:36.0166 1652 WebClient - ok
00:21:36.0192 1652 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
00:21:36.0202 1652 Wecsvc - ok
00:21:36.0233 1652 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
00:21:36.0240 1652 wercplsupport - ok
00:21:36.0284 1652 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
00:21:36.0291 1652 WerSvc - ok
00:21:36.0343 1652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:21:36.0346 1652 WfpLwf - ok
00:21:36.0372 1652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:21:36.0374 1652 WIMMount - ok
00:21:36.0539 1652 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:21:36.0545 1652 WinDefend - ok
00:21:36.0571 1652 WinHttpAutoProxySvc - ok
00:21:36.0669 1652 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
00:21:36.0672 1652 Winmgmt - ok
00:21:36.0786 1652 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
00:21:36.0802 1652 WinRM - ok
00:21:36.0907 1652 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
00:21:36.0909 1652 WinUsb - ok
00:21:37.0006 1652 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
00:21:37.0020 1652 Wlansvc - ok
00:21:37.0122 1652 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:21:37.0124 1652 wlcrasvc - ok
00:21:37.0304 1652 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:21:37.0317 1652 wlidsvc - ok
00:21:37.0477 1652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:21:37.0478 1652 WmiAcpi - ok
00:21:37.0572 1652 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
00:21:37.0575 1652 wmiApSrv - ok
00:21:37.0757 1652 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:21:37.0766 1652 WMPNetworkSvc - ok
00:21:37.0800 1652 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
00:21:37.0807 1652 WPCSvc - ok
00:21:37.0863 1652 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
00:21:37.0873 1652 WPDBusEnum - ok
00:21:37.0954 1652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:21:37.0956 1652 ws2ifsl - ok
00:21:37.0987 1652 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
00:21:37.0995 1652 wscsvc - ok
00:21:38.0049 1652 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:21:38.0051 1652 WSDPrintDevice - ok
00:21:38.0076 1652 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
00:21:38.0078 1652 WSDScan - ok
00:21:38.0093 1652 WSearch - ok
00:21:38.0250 1652 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
00:21:38.0275 1652 wuauserv - ok
00:21:38.0437 1652 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:21:38.0440 1652 WudfPf - ok
00:21:38.0477 1652 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:21:38.0479 1652 WUDFRd - ok
00:21:38.0538 1652 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
00:21:38.0546 1652 wudfsvc - ok
00:21:38.0590 1652 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
00:21:38.0600 1652 WwanSvc - ok
00:21:38.0688 1652 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
00:21:38.0690 1652 xusb21 - ok
00:21:38.0762 1652 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
00:21:38.0770 1652 yukonw7 - ok
00:21:38.0864 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:21:39.0084 1652 \Device\Harddisk0\DR0 - ok
00:21:39.0093 1652 Boot (0x1200) (70409ae6fda6998c556926a11c1486d4) \Device\Harddisk0\DR0\Partition0
00:21:39.0094 1652 \Device\Harddisk0\DR0\Partition0 - ok
00:21:39.0112 1652 Boot (0x1200) (6ad65bcc9aeff9679cbf3165053cbc05) \Device\Harddisk0\DR0\Partition1
00:21:39.0114 1652 \Device\Harddisk0\DR0\Partition1 - ok
00:21:39.0120 1652 ============================================================
00:21:39.0120 1652 Scan finished
00:21:39.0120 1652 ============================================================
00:21:39.0142 3740 Detected object count: 0
00:21:39.0142 3740 Actual detected object count: 0

#7 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 June 2012 - 05:59 AM

I'd like to have you post a copy of the last MBAM scan log.

Please close any of your open windows/programs and exit; saving any open work you have.

Download OTL by OldTimer to your Desktop: http://oldtimer.geekstogo.com/OTL.exe

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on
For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    CLEARALLRESTOREPOINTS

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#8 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 23 June 2012 - 06:45 AM

Here is the MBAM scan log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHN-LAPTOP [administrator]

6/22/2012 11:06:59 PM
mbam-log-2012-06-22 (23-06-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246388
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here are the OTL logs:

OTL logfile created on: 6/23/2012 7:22:05 AM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\John\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.73% Memory free
3.98 Gb Paging File | 2.82 Gb Available in Paging File | 70.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 117.40 Gb Free Space | 50.43% Space Free | Partition Type: NTFS

Computer Name: JOHN-LAPTOP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 07:13:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/09 02:06:48 | 000,312,376 | ---- | M] (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/08/23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2007/05/31 17:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 07:15:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:14:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/10 08:35:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/10 08:34:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 08:34:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 08:34:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 08:34:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/12/12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PS3 Media Server)
SRV - [2012/06/11 12:52:48 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/08 07:20:34 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/28 01:20:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2)
SRV - [1998/10/06 14:36:26 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papycpu.sys -- (papycpu)
SRV - [1998/10/06 14:36:26 | 000,001,888 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\John\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/09 02:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/08 23:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/06 23:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/22 13:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2)
DRV - [1998/10/06 14:36:26 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papycpu.sys -- (papycpu)
DRV - [1998/10/06 14:36:26 | 000,001,888 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3198785
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...v2&a=DgVhNP4M09
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/25 20:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/09 07:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/14 07:26:05 | 000,000,000 | ---D | M]

[2010/02/03 16:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/06/22 17:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions
[2012/06/22 17:36:26 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
[2011/08/10 07:47:02 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\DeviceDetection@logitech.com
[2012/03/31 00:04:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\vshare@toolbar
[2012/06/21 07:08:04 | 000,000,917 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\conduit.xml
[2011/04/08 18:57:14 | 000,002,183 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\MyStart Search.xml
[2012/01/01 15:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/18 15:18:25 | 000,087,923 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FFNMK6OX.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2009/07/13 19:11:12 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FFNMK6OX.DEFAULT\EXTENSIONS\ZERWSJEKUJ@ZERWSJEKUJ.ORG.XPI
[2012/05/08 07:20:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/20 07:55:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/02/13 07:24:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/13 07:24:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/22 19:34:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: samsung.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9320F265-75F3-49E1-8F5C-85C423F568FD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

CLEARALLRESTOREPOINTS
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 07:13:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/06/23 06:55:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5A48421F-6030-41E4-8433-7B8FC3AB4491}
[2012/06/23 06:55:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DD62C071-3690-4A98-A5E8-3531DDCCB656}
[2012/06/22 22:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/22 22:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/22 19:40:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/22 19:20:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/22 19:20:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/22 19:20:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/22 19:18:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 19:18:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 18:54:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C102EDD6-7E68-4F02-B79A-5216D1B99905}
[2012/06/22 18:54:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EE5852A8-91C2-43CC-81BB-0DB6FB55D284}
[2012/06/22 18:39:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/06/22 10:24:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/22 10:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/22 10:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/22 10:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/22 06:47:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5C63912F-64A9-4357-A592-D3B6FCDCC623}
[2012/06/22 06:46:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{48D66B41-BBD3-48B8-AB81-66E0C5D07EDD}
[2012/06/21 15:05:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AD727E21-C105-46E3-BD0C-A9FBDDBFDCA3}
[2012/06/21 15:05:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{735FCF54-B3C1-477C-A284-6E3045CFD476}
[2012/06/21 10:44:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/06/21 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/21 07:12:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/21 07:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/06/21 07:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/06/21 07:05:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3AE0167D-9012-41F3-A58A-F2FC68DEDA0A}
[2012/06/21 07:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/06/21 07:04:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Conduit
[2012/06/21 07:00:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{58FD684D-33C4-42FD-955A-EA9A4EFF2759}
[2012/06/21 07:00:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7E08D90A-6206-4B6E-A67C-F9F1A1D557BA}
[2012/06/21 06:59:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDF459AA-A107-458F-BC28-BF84B1277EE0}
[2012/06/21 06:53:53 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 06:53:52 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 06:53:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{9F7C556B-138A-4C08-A717-8D8B66764E3D}
[2012/06/21 06:53:23 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 06:53:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 06:53:23 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 06:53:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BAC24AA7-A921-4004-AF0E-03324984E623}
[2012/06/21 06:52:47 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 06:52:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/20 09:37:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D4FD3AB5-3316-47EA-87C9-5DDE9B1C27B0}
[2012/06/20 09:37:25 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{95881B8A-0EBA-40E4-B504-D89128B130B4}
[2012/06/15 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{49D61010-7B3F-42DB-B396-9911E33223EF}
[2012/06/15 09:54:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6F23AAB4-13B6-4EA6-BB4C-B4BB2942B2C0}
[2012/06/14 21:04:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DC1D7565-84E0-4BC2-BF99-9B8D3CEFC244}
[2012/06/13 22:33:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 22:33:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 22:33:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 22:33:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 22:33:22 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 22:33:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 22:33:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 07:40:54 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 07:40:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/13 07:40:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/13 07:40:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/11 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Macromedia
[2012/06/09 07:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/09 07:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/09 07:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/06 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A23D4AC7-8DAF-4282-94BD-23391ED1229E}
[2012/06/06 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5ADF7BBA-1F5C-4F81-B093-42210A008A94}
[2012/06/06 12:45:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{502BA10A-2CD7-4F9E-86C5-14532F5A0F64}
[2012/06/06 12:44:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2AFCFD8C-E193-4353-A5D9-7157F65D5E1D}
[2012/06/03 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7E6E0E4B-E1D9-4891-8A69-2D0A19F68302}
[2012/06/03 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{973C4EE3-AEFA-4154-A1FC-51B302A0354E}
[2012/05/28 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{07E6DAB2-8ACA-49D4-868F-AFAC19089DDA}
[2012/05/28 10:05:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\3DVIA
[2012/05/28 10:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\3DVIA
[2012/05/28 10:04:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012/05/28 10:04:55 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/05/28 10:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Virtools
[2012/05/28 09:36:31 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/06/23 07:23:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 07:13:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/06/23 06:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 06:19:51 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 06:19:51 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 22:19:11 | 000,000,894 | ---- | M] () -- C:\Users\John\Desktop\NTREGOPT.lnk
[2012/06/22 22:19:11 | 000,000,875 | ---- | M] () -- C:\Users\John\Desktop\ERUNT.lnk
[2012/06/22 19:34:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/22 18:39:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/06/22 17:43:58 | 000,689,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/22 17:43:58 | 000,131,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/22 13:59:25 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 10:24:17 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/21 10:44:02 | 000,001,001 | ---- | M] () -- C:\Users\John\Desktop\Free Window Registry Repair.lnk
[2012/06/21 08:20:57 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 07:26:06 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/14 07:12:02 | 002,333,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/11 12:52:48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/11 12:52:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/09 07:59:36 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/05/24 12:57:34 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys

========== Files Created - No Company Name ==========

[2012/06/22 22:19:11 | 000,000,894 | ---- | C] () -- C:\Users\John\Desktop\NTREGOPT.lnk
[2012/06/22 22:19:11 | 000,000,875 | ---- | C] () -- C:\Users\John\Desktop\ERUNT.lnk
[2012/06/22 19:20:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/22 19:20:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/22 19:20:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/22 19:20:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/22 19:20:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 10:24:17 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/21 10:44:02 | 000,001,001 | ---- | C] () -- C:\Users\John\Desktop\Free Window Registry Repair.lnk
[2012/06/21 08:20:57 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 07:06:05 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/06/14 07:26:06 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/09 07:59:36 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/28 09:36:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/02/29 08:58:55 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/02/26 17:39:41 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012/02/18 12:45:00 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/30 14:52:38 | 000,000,292 | ---- | C] () -- C:\Users\John\AppData\Local\HamsterBookConverter.cfg
[2011/08/23 11:19:30 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2011/05/06 11:27:49 | 000,173,045 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/05/06 11:27:49 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/04/22 10:50:30 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/04/22 10:50:30 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/04/22 10:50:30 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/04/22 10:50:30 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/04/22 10:50:30 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/04/03 12:06:22 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu.sys
[2011/02/27 07:32:18 | 000,000,036 | ---- | C] () -- C:\Users\John\AppData\Local\housecall.guid.cache
[2011/01/21 11:34:03 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010/08/14 11:10:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/25 13:09:42 | 000,000,192 | ---- | C] () -- C:\Users\John\AppData\Roaming\default.rss
[2010/05/20 08:07:21 | 000,004,608 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 08:52:05 | 000,002,682 | ---- | C] () -- C:\Users\John\.recently-used.xbel

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >
[2010/04/14 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Adobe
[2012/01/08 18:59:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon
[2011/11/05 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Apple Computer
[2012/02/29 09:14:16 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Atari
[2011/10/30 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre
[2011/10/20 07:55:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Catalina Marketing Corp
[2012/06/21 10:34:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/02/18 01:15:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2012/02/26 17:40:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FreeAudioPack
[2010/02/15 08:52:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gtk-2.0
[2011/12/04 16:31:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HandBrake
[2010/02/03 16:10:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Identities
[2012/01/08 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit
[2011/05/12 17:34:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2011/05/12 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Logishrd
[2011/05/12 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Logitech
[2010/02/03 16:48:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Macromedia
[2010/02/10 10:04:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MAGIX
[2010/04/14 08:00:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2009/07/14 03:48:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2012/06/11 12:54:00 | 000,000,000 | --SD | M] -- C:\Users\John\AppData\Roaming\Microsoft
[2011/12/26 10:55:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mjusbsp
[2011/02/27 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Motacore
[2010/02/03 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla
[2012/04/22 17:02:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mp3tag
[2010/06/25 09:45:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nero
[2011/05/20 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PMS
[2011/04/16 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\rockbox.org
[2010/04/30 08:28:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SanDisk
[2010/04/27 18:08:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sibelius Software
[2010/08/14 11:45:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony
[2012/06/22 10:24:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/11 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Unity
[2012/06/22 22:28:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2012/02/18 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\vlc
[2012/01/20 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer
[2010/02/04 09:18:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WinRAR
[2010/02/10 10:39:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Xara
[2010/06/04 20:08:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >
[2012/06/21 07:04:37 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\John\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/06/21 14:55:12 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011/10/20 07:54:54 | 000,485,576 | ---- | M] (Catalina Marketing Corp. ) -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
[2011/08/23 16:01:22 | 000,446,384 | ---- | M] (magicJack L.P.) -- C:\Users\John\AppData\Roaming\mjusbsp\magicJackSplash.exe
[2011/04/16 18:29:32 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
[2011/04/16 18:29:45 | 000,582,536 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
[2010/04/30 08:28:19 | 000,354,744 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe

< %SYSTEMDRIVE%\*.exe >

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:6B9ADB51
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Extras.txt:

OTL Extras logfile created on: 6/23/2012 7:22:05 AM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\John\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.73% Memory free
3.98 Gb Paging File | 2.82 Gb Available in Paging File | 70.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 117.40 Gb Free Space | 50.43% Space Free | Partition Type: NTFS

Computer Name: JOHN-LAPTOP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB61A2E-17F2-4268-A071-8D364C14BEB1}" = rport=137 | protocol=17 | dir=out | app=system |
"{12924728-534B-4B67-968A-F12EAF756087}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{12A37AFC-02C1-465D-9956-2B23C651AE6C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15F3C870-08F4-4D1D-8965-D11584308933}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{20634523-7618-4F2F-ABE9-4C35C56D399D}" = lport=139 | protocol=6 | dir=in | app=system |
"{22596AD2-6E7A-4828-BE38-B22A5642B84C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24C75EBD-593E-4594-ABAB-2919AA81FE77}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D31B0BC-1971-488E-99DA-20C5F40048B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EEBFE73-283C-4DF2-B8B4-28145FAB3650}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{397D001D-CFB6-4349-B0FE-11BF72BC2F08}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BCACCDE-21F3-482D-B317-6296858595BD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4BE09B40-3644-4F66-97B5-836D66686842}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65480BD0-8C03-4F9C-B0D1-16A6FCB88D4B}" = rport=445 | protocol=6 | dir=out | app=system |
"{687FD186-19A5-4EAE-B5DE-89A2C93F4101}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{693B70A6-C5FB-4CF7-A218-412178332F9B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{733253C8-428E-47BA-BD12-5BF497D7E980}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7758C9D7-229D-48B6-B2DF-A71574B98E5E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7781EFBE-3838-4CBD-9BA8-FB91E4BCC475}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{78CADCE6-EAAE-476E-A1A9-F4C4435E933B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7BD9CF99-E0B8-49DB-A3AC-5DCD6139B16F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FB8F152-AA56-406D-A684-6CCECEE99289}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B51958D-542C-43E1-BB61-4F97129762D4}" = lport=445 | protocol=6 | dir=in | app=system |
"{AEAC5E37-985A-4BE2-B82E-B7A33AD6B265}" = lport=138 | protocol=17 | dir=in | app=system |
"{B35833C5-3E19-4D08-ADF8-00AE55026E48}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B62BB39C-4CAF-4D55-9122-B4E48ABE9D9F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B69DBB31-14BA-4AD4-B849-E49FDC15566D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B94038DE-59BD-4E6D-9CF4-F9191ED57886}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C2895181-7A17-429D-A4CD-5B2612946D15}" = lport=137 | protocol=17 | dir=in | app=system |
"{CFFA2A4E-CC84-49DE-B285-916148226026}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{D943EEFE-05A8-4C1D-88E3-4AE3FFCC1890}" = rport=138 | protocol=17 | dir=out | app=system |
"{DFBF32A4-8DEA-43A9-A6C1-A8D6CAC60CDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3DE20EC-EF30-44F5-9B62-98D8ADEF8210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9F104F5-1D91-496A-8D1F-953D7A1914E4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{ED48C23A-71BA-49D7-90EF-6586467FB1F4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF3B9682-AF05-4F2E-9BEC-024AF0D7F70C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F668BD21-1CCB-40D4-AA37-8206F4A84DBE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F78880CD-2B63-4526-92CE-392DD8570964}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC44DA34-1573-4217-AAAE-5D99805D1320}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006ADD75-1BDF-446D-8417-7F23F2E9C68F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B1FAE33-6F4D-497C-9DD7-0D884357F5F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{102E1B8B-68A8-4E19-90D3-2D2B3A5BBDDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12849527-FB07-49EF-9E78-4B4B73B159E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{196ABC68-7CEE-4E47-AFCA-CD50793E9ECE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1A19BE57-C9B9-448E-A39A-1982691D7868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C9202CC-6374-4627-86AE-C32AF6D1DA55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25A1BED6-20DF-4453-948E-517FEA09A00F}" = protocol=6 | dir=out | app=system |
"{25A86C24-DFC1-403F-BC97-9FB706C5844C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{2C905FFA-2539-485C-B911-601B917D8C1A}" = dir=in | app=c:\users\john\appdata\local\temp\7zs4a6e\setup\hpznui01.exe |
"{3DF6EF5A-96FD-4189-B05D-4D5DF9DDB1FD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4A336C2C-9355-4FD2-9E65-7ACEAAFECABC}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{50487E0E-ED1A-493F-81DD-EAEF9DC25664}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{56449E41-0183-4782-90DE-CFC013828A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{565382B7-1D25-4917-9B80-B0E40A3DFF93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5738892E-0993-4437-ACC8-E92C053A4598}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7544AE55-4D97-49E6-9C06-83EF120A2F4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{815FEC47-0F71-4A94-84DB-88A0B9DD2427}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8580551F-CD95-4028-A1C8-6BD70AC438EA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C6D7755-9598-4D33-87B9-BEC73975D081}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{902FC235-477D-4C00-9C5D-32402471CC62}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A01B9B16-6A85-42F6-ABB5-CC8F56F97725}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A2F449B3-7F16-4FEA-BEE4-F546CD966A04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ADBFAD63-B978-473D-BED9-B50434498AC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF7354FC-5620-4AFA-B396-A0CBA14D8ADE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B07F8039-68DF-4C30-B039-ACCA0C4CCD36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3AF6F71-E513-4EE4-AFEA-2FD96F5650F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4813AFF-DC03-4A0E-B76F-544890BDF098}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B55B2F14-70F2-440C-AEEA-C8E0444497F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCB90CC7-B060-45B7-A459-A1738FC95E09}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C58E5E66-2F60-4112-8D65-E5B9F9D9B511}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CA690D68-1106-4914-8210-90FB70B365FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D78264EB-A609-471F-8988-9376F3CEF9C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8A69F15-7FB2-499C-97E0-E59549AACF93}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC258C8D-518C-4239-B9A4-62F28B4958CA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0F3D55DA-C02F-487C-BEAC-E0D661482EDE}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{1D6679DD-8A68-45B4-ABFD-6A749F743E6F}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe |
"TCP Query User{1FCA0CDE-A37B-4474-A20A-7607152068C0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{239CC2A4-477F-4F21-8ADF-6D8E23E8ACEC}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{5331F0D6-1B86-45E0-A58F-035C32EB5F47}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{6952C296-8750-4F62-B326-620A34B51131}C:\users\john\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\filehunter\pumpa.exe |
"TCP Query User{6FA424B1-E1D6-41E6-94DF-FB273F4D96D4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{725D4E3E-393A-4259-8468-560C446C3AA3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{74DDE5F9-D683-498D-82DA-179A3E86D5EE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{81527746-8CC7-4319-B90D-605676C3B4C3}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{90BB588E-6643-4A3A-8EEF-E2CD35F35D16}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{A4060B52-7F17-4E25-82DA-BD9215AA0163}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{ADAC2A9F-FA61-4E44-AC29-DED27B11EACA}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{C55BD324-655F-40C7-8FD0-486F2FB96769}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{29D9251E-3773-4FF5-844C-23B322361FB6}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{32659803-A203-4BBA-81D7-86232AD99819}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5817C7ED-903A-412E-B6F4-E37209086496}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{8A9BA07C-21DC-4953-9DFC-CE2FA79A6931}C:\users\john\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\filehunter\pumpa.exe |
"UDP Query User{8F1A29B4-CC2C-432C-BCEC-AFA7654CAF29}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9196BE39-2A41-449B-8EB8-58781D2D5D1F}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{9DFD12E7-41C8-4F7C-86AB-F52AFB7E3F82}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe |
"UDP Query User{A26A6700-F239-41D5-975C-7603CBECFC93}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{A41C37DB-EC87-4E8C-9D7D-CE60EDBB91AD}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{B4509093-B4E1-4D9B-9493-2B79BE1C734D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C5DA069F-11A4-4F54-B7E3-6DBCC6DE7970}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CB83A25C-4CB1-46BD-AB73-72964EA0D79C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E350C6D5-EEBB-444E-8E47-FE0E62AA36F5}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{FDA93628-718C-46CE-81DA-0B93CEA828A4}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4C5D15D2-5351-4F05-A96E-56C20554F977}" = RollerCoaster Tycoon 2 Triple Thrill Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5425D07-D972-47DA-8133-4D33876D44A4}" = calibre
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}" = 3DVIA player 5.0.0.20
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Canon MP640 series User Registration" = Canon MP640 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"ERUNT_is1" = ERUNT 1.1j
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Free Window Registry Repair" = Free Window Registry Repair
"HDMI" = Intel® Graphics Media Accelerator Driver
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MS Access 97 SP2" = MS Access 97 SP2
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"PS3 Media Server" = PS3 Media Server
"sp6" = Logitech SetPoint 6.22
"TVWiz" = Intel® TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 4:09:19 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b6c Start
Time: 01cc2f85d3c1a40a Termination Time: 36 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 29ba8a59-9b79-11e0-aec0-001d094ccc0d

Error - 7/5/2011 10:38:09 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 5.0.0.4183 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: afc Start
Time: 01cc3b2082a8584b Termination Time: 22 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 5ea8981f-a714-11e0-be03-001d094ccc0d

Error - 8/16/2011 6:39:56 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 5.0.0.4183 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10bc Start
Time: 01cc5c00b6e453d7 Termination Time: 16 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 102f57c8-c7f4-11e0-beaf-001d094ccc0d

Error - 9/14/2011 6:44:46 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 6.0.2.4262 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 964 Start
Time: 01cc72cb27c4f9fc Termination Time: 42 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 8ad72fd4-debe-11e0-93dd-001d094ccc0d

Error - 9/25/2011 7:03:18 PM | Computer Name = John-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: Dwm.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc225 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0824548b Faulting process id: 0x5ac Faulting application
start time: 0x01cc79dba962cac3 Faulting application path: C:\Windows\system32\Dwm.exe
Faulting
module path: unknown Report Id: 8deeb71c-e7ca-11e0-960e-001d094ccc0d

Error - 9/26/2011 2:52:26 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002
Description = The program IncMail.exe version 6.2.9.5006 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2674 Start
Time: 01cc7c688513a843 Termination Time: 200 Application Path: C:\Program Files\IncrediMail\Bin\IncMail.exe

Report
Id: a62be079-e870-11e0-960e-001d094ccc0d

Error - 10/5/2011 12:07:38 PM | Computer Name = John-Laptop | Source = Windows Search Service | ID = 3100
Description =

Error - 10/16/2011 1:49:12 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10a8 Start
Time: 01cc8c2ba1895dc1 Termination Time: 38 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 22b9ac5e-f81f-11e0-8510-001d094ccc0d

Error - 10/30/2011 2:58:38 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002
Description = The program Hamster.EBookConverter.exe version 1.0.0.13 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1b58 Start
Time: 01cc973516c3d134 Termination Time: 99 Application Path: C:\Program Files\Hamster
Soft\Free eBbook Converter\Hamster.EBookConverter.exe Report Id:

Error - 10/31/2011 7:06:34 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1124 Start
Time: 01cc97bcd4d63460 Termination Time: 43 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 5dea47d1-03b0-11e1-ac3d-001d094ccc0d

[ OSession Events ]
Error - 7/7/2010 11:13:51 PM | Computer Name = John-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5635
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/22/2012 7:22:54 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/22/2012 7:28:20 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/22/2012 7:34:33 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/22/2012 10:16:30 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 6/22/2012 10:16:33 PM | Computer Name = John-Laptop | Source = DCOM | ID = 10010
Description =

Error - 6/22/2012 10:21:27 PM | Computer Name = John-Laptop | Source = bowser | ID = 8003
Description =

Error - 6/22/2012 10:33:30 PM | Computer Name = John-Laptop | Source = bowser | ID = 8003
Description =

Error - 6/22/2012 11:29:59 PM | Computer Name = John-Laptop | Source = BROWSER | ID = 8032
Description =

Error - 6/23/2012 6:49:13 AM | Computer Name = John-Laptop | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 6/23/2012 6:54:46 AM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RapiMgr service.


< End of report >

#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 June 2012 - 07:15 AM

Close any open programs you started.
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the Codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q="
    
    :files
    recycler /alldrives
    C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
    C:\Program Files\Conduit
    C:\Users\John\AppData\Local\Conduit
    C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\conduit.xml
    
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    
    
  • Return to OTL. Right click in the Posted Image window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open. :excl:
  • Using your mouse, click on the red-lettered button Posted Image.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

AND tell me, How is the system now ?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#10 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 23 June 2012 - 07:47 AM

The Whitesmoke toolbar is gone, but all yahoo search results are still being redirected to garbage sites.

Here is the OTL log:

All processes killed
========== OTL ==========
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
========== FILES ==========
recycler not found in C:\
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\lib folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults\preferences folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\skin folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\sl folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\lib folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\core folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest scheduled to be moved on reboot.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\script folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\404 folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg scheduled to be moved on reboot.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\js folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js\resources folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\images folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\css folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js\resources folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features scheduled to be moved on reboot.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\api folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\res folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\img folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\css folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox folder moved successfully.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} scheduled to be moved on reboot.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\John\AppData\Local\Conduit folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\conduit.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: HomeGroupUser$
->Temp folder emptied: 0 bytes

User: John
->Temp folder emptied: 53 bytes
->Temporary Internet Files folder emptied: 7413195 bytes
->Java cache emptied: 4151062 bytes
->FireFox cache emptied: 106861506 bytes
->Flash cache emptied: 57180 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9544 bytes
RecycleBin emptied: 2162306 bytes

Total Files Cleaned = 115.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: John
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.52.0 log created on 06232012_083545

#11 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 June 2012 - 08:01 AM

You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for member jwill80 only. If you are a casual viewer, do NOT try this on your system!
If you are not jwill80 and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1
If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system


Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.


A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

I will need to review the CF log and then see what we need to do next.

Meantime, very carefully, use each of your browsers (one at a time). Test each briefly. Tell me which ones, if any, have an issue.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#12 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 23 June 2012 - 09:14 AM

Combofix log: (For some reason the first scan i did the log file was not there? Removed combofix and re-installed and re-ran.)

ComboFix 12-06-23.05 - John 06/23/2012 9:55.3.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1043 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-23 12:35 . 2012-06-23 12:35 -------- d-----w- C:\_OTL
2012-06-23 02:19 . 2012-06-23 02:19 -------- d-----w- c:\program files\ERUNT
2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-22 10:50 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6186E0E-A18A-4034-820D-3C8E137AF848}\mpengine.dll
2012-06-21 14:34 . 2012-06-21 14:34 -------- d-----w- c:\users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-21 11:12 . 2012-06-21 11:12 -------- d-----w- c:\windows\en
2012-06-21 11:06 . 2012-06-21 11:06 -------- d-----w- c:\program files\Adobe Download Assistant
2012-06-21 11:05 . 2012-06-21 11:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-06-21 11:00 . 2012-06-21 11:00 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\21d76b571cd4f9d02\MeshBetaRemover.exe
2012-06-21 11:00 . 2012-06-21 11:00 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\DXSETUP.exe
2012-06-21 11:00 . 2012-06-21 11:00 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\dsetup32.dll
2012-06-21 11:00 . 2012-06-21 11:00 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\DSETUP.dll
2012-06-21 10:53 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:53 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:53 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:53 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:52 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:52 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 11:40 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 11:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 11:40 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 11:40 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 11:40 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 11:40 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 11:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 11:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 11:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 11:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 16:54 . 2012-06-11 16:54 -------- d-----w- c:\users\John\AppData\Local\Macromedia
2012-05-28 14:05 . 2012-05-28 14:05 -------- d-----w- c:\users\John\AppData\Local\3DVIA
2012-05-28 14:04 . 2012-05-28 14:04 -------- d-----w- c:\programdata\3DVIA
2012-05-28 14:04 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-05-28 14:04 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-05-28 14:04 . 2012-05-28 14:04 -------- d-----w- c:\program files\Virtools
2012-05-28 13:36 . 2012-06-11 16:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 16:52 . 2011-06-30 11:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-24 16:57 . 2011-06-19 12:18 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 19:56 . 2011-08-03 13:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39 . 2012-05-09 14:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 14:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 14:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 11:20 . 2011-05-14 11:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-4 576000]
RollerCoaster Tycoon 3 Registration.lnk - c:\users\John\AppData\Local\Temp\{1F622389-E184-41F9-B1DF-77198C1E351C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 40448]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 PS3 Media Server;PS3 Media Server; [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [1998-10-06 1984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 16:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
mStart Page = hxxp://www.yahoo.com
Trusted Zone: samsung.com\www
TCP: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2576205366-1716655206-47981548-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17779F89-A00E-3A6E-0B2F-FCB54DCDB749}*]
"hadmngcdieachhmd"=hex:6a,61,69,68,67,63,68,64,6c,6c,63,68,61,66,64,64,6a,69,
6c,66,00,00
"iajkddfkoanghocppe"=hex:6a,61,69,68,67,63,68,64,6c,6c,63,68,61,66,64,64,6a,69,
6c,66,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-23 10:08:27
ComboFix-quarantined-files.txt 2012-06-23 14:08
ComboFix2.txt 2012-06-23 13:44
ComboFix3.txt 2012-06-22 23:39
.
Pre-Run: 134,139,621,376 bytes free
Post-Run: 134,079,725,568 bytes free
.
- - End Of File - - 8E276692C8D34823905188EA7BAEB752

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 June 2012 - 09:28 AM

Note of caution: If you ever run into a hitch, STOP and ask for help from me. Do not run tools repeatedly, please.

Get me a copy of contents of ComboFix-quarantined-files.txt
iirc, it should be in C:\qoobox

and tell me, if you had recently run Combofix on your own, before asking for help ?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#14 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 23 June 2012 - 10:11 AM

Sorry about running it again. Next time i have trouble i will ask for help. And yes i did run it yesterday, was trying to see what i could do to fix it, but was obvious pretty quickly that I was in over my head and needed help.

Here are the contents of that txt file.

2012-06-23 13:40:58 . 2012-06-23 13:40:58 139 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-uTorrent.reg.dat
2012-06-22 23:38:51 . 2012-06-22 23:38:51 1,276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Microsoft SQL Server 10.reg.dat
2012-06-22 23:37:01 . 2012-06-22 23:37:01 198 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Apple Computer.reg.dat
2012-06-22 23:36:58 . 2012-06-22 23:36:58 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2012-06-22 23:36:52 . 2012-06-22 23:36:52 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{cce665dd-f6dd-4808-968e-eaec971f70ef}.reg.dat
2012-06-22 23:30:09 . 2012-06-23 14:00:42 20,303 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-06-22 23:20:44 . 2012-06-23 13:55:18 257 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-06-18 02:28:00 . 2012-06-18 02:28:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\Users\John\AppData\Local\DFX\Apple Computer\ryspolxg.dll.vir

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 June 2012 - 10:34 AM

very carefully, use each of your browsers (one at a time). Test each briefly. Tell me which ones, if any, have an issue.
I want you to make a simple test with each. Go to www.google.com and then www.bing.com
Does each look to work ok?

I must note: When you see any "search result" on any search engine, it does "NOT" mean that the link is valid, goes to a legitimate website; that the website is totally safe !!


Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen:
Keep the checkmark on Internet Services.

Checkmark Windows firewall

Checkmark Security Center.

Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste FSS.txt with your reply.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#16 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 23 June 2012 - 10:55 AM

The only one that gives me trouble is yahoo.com on Firefox. Internet explorer is fine with all search engines I tested.

Here is the FSS.txt:

Farbar Service Scanner Version: 22-06-2012 01
Ran by John (administrator) on 23-06-2012 at 11:53:41
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


Action Center:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#17 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 June 2012 - 11:21 AM

Please copy/paste the lines in bold below to Notepad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

After the fresh Windows start, do this:
Start Firefox. From main menu, select Help >> About >> Firefox >> Check for Update.
apply any updates. Allow FF to Restart.

Very, very carefully: try Yahoo

Edited by Maurice Naggar, 23 June 2012 - 11:22 AM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#18 jwill80

jwill80

    New Member

  • Members
  • Pip
  • 16 posts

Posted 23 June 2012 - 11:59 AM

Same issue after doing those things.

#19 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 June 2012 - 01:12 PM

Turn off your antivirus so that it does not interfere. Leave your firewall on.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.
Follow the directions in the F-Secure page for proper Installation.
You may receive an alert on the address bar at this point to install the ActiveX control.
Click on that alert and then click "Install ActiveX component".
Read the license agreement and click "Accept".
Click "Custom Scan" and be sure the following are checked:
  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics
When the scan completes, click the "I want to decide item by item" button.
For each item found, Select "Disinfect" and click "Next".
When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Re-enable your antivirus.

NEXT:
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Next:
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Reply with copy of log from F-Secure scan
Checkup.txt
Log.txt
Info.txt

Copy and Paste the contents of the logs. Do not use the attach feature.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#20 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 June 2012 - 01:26 PM

P.S. After you finish the last (previous steps) ......

Your logs showed some peer-to-peer filesharing apps: uTorrent I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Use Control Panel's Programs and Features, and locate uTorrent. Click on that entry, right-click and do Un-install.

Do the same for Iobit. They have a dodgy reputation.

Next:
Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:
1) Download and SAVE the zip file to a temporary folder
2) Unzip (extract the contents) in the same folder
3) Temporarily disable your antivirus program. Some antivirus apps will block changes to the Hosts file; so turn it off.
4) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides
typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________
¦ +---+¦
¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦
¦ +---+¦
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Previous version saved and renamed to HOSTS.MVP
Press any key to continue . . .


Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts
The latter is the same folder that had mvps.bat
5) Re-enable your antivirus app.

The MVP Hosts file is updated from time to time. See http://msmvps.com/blogs/hostsnews
for information. And you can also sign-up for email notice when Mike publishes updates.

Edited by Maurice Naggar, 23 June 2012 - 01:29 PM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users