Jump to content

dakotawolf04

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. dakotawolf04
    The message said "An unauthorized change was made to Windows. You must retype your Windows Vista product key to activate." When I input the product key it says it's invalid. The error code is 0xC004E003 which is "The software licensing service reported that license evaluation failed."
  2. dakotawolf04
    I really appreciate all of your help. One last question, do you have any advice on the Windows Vista product key validation error?
  3. dakotawolf04
    I ran JavaRe and removed the old versions. Then downloaded the latest version of Java. The validation issue is the only problem that i've noticed. Ran another scan with Malwarebytes and nothing detected. Seems to be looking good so far.
  4. dakotawolf04
    Here's the ESET log. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b116f3437150d648ac9aa80dcbfb0c42 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-30 02:39:44 # local_time=2012-06-29 09:39:44 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 2190179 2190179 0 0 # compatibility_mode=5892 16776574 100 100 52644117 177624091 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=241140 # found=17 # cleaned=17 # scan_time=7420 C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win32/Sirefef.FB.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-348466c0 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-711b6879 a variant of Java/TrojanDownloader.OpenStream.NBM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-77d11ed3 a variant of Java/TrojanDownloader.OpenStream.NBM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Michael&Mary\Desktop\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Michael&Mary\Documents\Program Files\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79WM0YSE\mx_nan_a[1].txt HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRM6ORQE\mx_nan_a[1].txt HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9ALQRDM\firstload_com[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\06272012_104945\C_Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\06272012_104945\C_Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  5. dakotawolf04
    I believe those are from Power Tab editor. Here's the link https://www.virustotal.com/file/240d073240eff10bbeab58c8ef0652f5e2929ac54cd441d7d50eb93402a68f77/analysis/ I tried to validate my Windows Vista but, when i input the product from the sticker it keeps coming up with an error and cant validate it.
  6. dakotawolf04
    After I turned on and logged in to my computer today, the desktop background was black, normally have a picture set as the background, and after a bit a window popped up that said "An unauthorized change was made to Windows. You must retype your Windows Vista product key to activate." This is really odd. Would any of the tools I've run so far cause this to happen? I did not put the key in yet, i just hit cancel. I ran the Combofix program and here is the log. ComboFix 12-06-28.01 - Michael&Mary 06/28/2012 10:48:24.1.2 - x86 Running from: c:\users\Michael&Mary\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Michael&Mary\AppData\Roaming\Microsoft\Windows\Recent\scan0001.jpg c:\users\Michael&Mary\AppData\Roaming\Microsoft\Windows\Recent\scan0002.jpg c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\system32\AutoRun.inf c:\windows\system32\BSTIEPrintCtl1.dll c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\spsys.log . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 ))))))))))))))))))))))))))))))) . . 2012-06-28 15:54 . 2012-06-28 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 15:50 . 2012-06-27 15:50 -------- d-sh--w- c:\users\Michael&Mary\%APPDATA% 2012-06-27 15:49 . 2012-06-27 15:49 -------- d-----w- C:\_OTL 2012-06-27 15:47 . 2012-06-27 15:47 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-09 17:07 . 2012-06-09 17:07 -------- d-----w- c:\users\Michael&Mary\AppData\Roaming\Sibelius Software 2012-06-09 17:07 . 2012-06-09 17:07 -------- d-----w- c:\program files\Sibelius Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELST___.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT 2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT 2012-06-02 22:19 . 2012-06-22 12:32 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 12:32 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 12:32 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 12:32 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-22 12:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-22 12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-22 12:32 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-22 12:32 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:12 . 2012-06-22 12:32 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-15 19:51 . 2012-06-13 22:25 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 06:37 . 2012-06-13 22:25 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 06:32 . 2012-06-13 22:25 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-15 06:32 . 2012-06-13 22:25 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-15 03:23 . 2012-06-13 22:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-05 00:27 . 2012-04-02 16:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 00:27 . 2011-06-06 01:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 20:56 . 2012-05-25 03:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-09 23:34 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-09 23:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2007-10-28 19:57 . 2007-10-28 19:57 774144 ----a-w- c:\program files\RngInterstitial.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 3905408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 07:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2007-01-19 18:49 4670968 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:27] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:47] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:47] . 2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job - c:\windows\system32\msfeedssync.exe [2012-06-13 03:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} - hxxps://server.userzoom.com/uz/UserZoom.cab DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} - hxxp://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-28 10:58 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\AVG\AVG2012\avgwdsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\AVG\AVG2012\avgnsx.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\AVG\AVG2012\AVGIDSAgent.exe c:\windows\system32\WUDFHost.exe c:\windows\RtHDVCpl.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\SLUI.exe c:\windows\System32\SLLUA.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-06-28 11:07:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-28 16:07 . Pre-Run: 153,004,351,488 bytes free Post-Run: 152,863,887,360 bytes free . - - End Of File - - 69290FD9F9D6B54A7C30940F8F2BBDC5
  7. dakotawolf04
    This is what AVG found "";"C:\Windows\System32\services.exe";"Trojan horse Patched_c.LYT";"Object is white-listed (critical/system file that should not be removed)"
  8. dakotawolf04
    I ran the programs as requested. One question though, I still have AVG running and when Malwarebytes runs AVG will pop up with a message about the trojans we're trying to get rid of. Is this ok? Should I turn off AVG when running Malwarebytes? Here are the logs. All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\ElevatedDiagnostics deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\ElevatedDiagnostics deleted successfully. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ moved successfully. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ moved successfully. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@ moved successfully. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@ moved successfully. C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@ moved successfully. C:\Users\Michael&Mary\AppData\Roaming\LimeWire\xml\data folder moved successfully. C:\Users\Michael&Mary\AppData\Roaming\LimeWire\xml folder moved successfully. C:\Users\Michael&Mary\AppData\Roaming\LimeWire\themes\windows_theme folder moved successfully. C:\Users\Michael&Mary\AppData\Roaming\LimeWire\themes folder moved successfully. C:\Users\Michael&Mary\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully. C:\Users\Michael&Mary\AppData\Roaming\LimeWire folder moved successfully. ========== FILES ========== C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully. C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\L folder moved successfully. C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} folder moved successfully. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} scheduled to be moved on reboot. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Michael&Mary\Desktop\cmd.bat deleted successfully. C:\Users\Michael&Mary\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default ->Temporary Internet Files folder emptied: 33170 bytes User: Michael&Mary ->Temporary Internet Files folder emptied: 294804 bytes ->Flash cache emptied: 60068 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 14508 bytes RecycleBin emptied: 5184989 bytes Total Files Cleaned = 5.00 mb System Restore Service not available. OTL by OldTimer - Version 3.2.53.0 log created on 06272012_104945 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} folder moved successfully. PendingFileRenameOperations files... [2012/06/27 10:55:24 | 000,003,696 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5 [2012/06/27 10:55:24 | 000,003,696 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5 File C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} not found! Registry entries deleted on Reboot... Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.27.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19272 Michael&Mary :: MMSCOMP [administrator] 6/27/2012 11:14:20 AM mbam-log-2012-06-27 (11-14-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205192 Time elapsed: 1 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. dakotawolf04
    OTL logfile created on: 6/26/2012 1:21:28 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Michael&Mary\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19272) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.37 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 58.26% Memory free 6.10 Gb Paging File | 4.60 Gb Available in Paging File | 75.43% Paging File free Paging file location(s): c:\pagefile.sys 2875 2875 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 291.83 Gb Total Space | 142.77 Gb Free Space | 48.92% Space Free | Partition Type: NTFS Drive D: | 6.26 Gb Total Space | 0.90 Gb Free Space | 14.43% Space Free | Partition Type: NTFS Computer Name: MMSCOMP | User Name: Michael&Mary | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/26 13:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe PRC - [2012/06/21 00:18:22 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2011/08/17 20:10:55 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2011/08/02 06:08:34 | 000,967,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgscanx.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/03/11 22:34:40 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe PRC - [2007/03/11 22:32:42 | 000,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe PRC - [2007/03/11 22:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2012/06/26 10:58:11 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012/06/26 10:58:11 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2011/08/05 08:20:54 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2011/08/05 08:20:54 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2010/01/27 07:18:57 | 000,163,728 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/04 19:27:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/08/17 20:10:55 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/04/02 22:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2009/03/30 18:31:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/03/23 20:21:51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/06/04 23:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2007/06/04 23:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) ========== Driver Services (SafeList) ========== DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\MICHAE~1\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/06/26 11:53:59 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\fnwg.sys -- (ryjqwor) DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/08/05 08:17:19 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/08/05 08:17:19 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP) DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data] IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data] IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{0B0219F8-2B01-4167-BD43-A36C53CD08E8}: "URL" = http://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{5E21637A-9BD5-4ED5-9A15-F6C95F06AB2A}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS365 IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={7A7941BE-96CA-4810-8DF3-8C565390C872}&mid=4ca587aa215cf3075cd69d3275846ec1-2793da85c7042633c4b74aabcfbe61472fe2a859〈=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{BFB66404-4CC9-4A7D-9BC7-8216115A8AB2}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8 IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{CD34A348-F951-4788-AB5B-A54131B373F8}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\Michael&Mary\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/03 14:12:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/05 16:53:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/24 19:15:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/03 14:12:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (UserZoomBHO Class) - {246E2928-34B8-48D9-BE73-38BA37241E5B} - C:\Windows\Downloaded Program Files\UserZoom.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-19..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Michael&Mary\AppData\Local\Help\ElevatedDiagnostics\airlock32.dll",DllRegisterServer File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Michael&Mary\AppData\Local\Help\ElevatedDiagnostics\airlock32.dll",DllRegisterServer File not found O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.commissarycoupons.com/scriptx/smsx.cab (MeadCo ScriptX) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab (Citrix ICA Client) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.) O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class) O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Reg Error: Key error.) O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab (CPlayFirstddfotgControl Object) O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab (BewitchedGameClass Control) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab (Zylom Games Player) O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control) O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.17) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab (SproutLauncherCtrl Class) O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} https://server.userzoom.com/uz/UserZoom.cab (CUZControl Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} http://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab (CPlayFirstDDPrilosecControl Object) O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} http://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab (CPlayFirstDressShopHControl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/26 04:21:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46b8b70f-dd03-11db-9ae5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{46b8b70f-dd03-11db-9ae5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe O33 - MountPoints2\{f264cf93-bc99-11db-9e35-001a92100efa}\Shell\AutoRun\command - "" = K:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/26 13:13:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe [2012/06/26 13:11:12 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael&Mary\Desktop\tdsskiller.exe [2012/06/26 11:50:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Michael&Mary\Desktop\dds.scr [2012/06/15 11:48:29 | 000,000,000 | ---D | C] -- C:\Users\Michael&Mary\Documents\Utility Receipts [2012/06/09 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\Michael&Mary\AppData\Roaming\Sibelius Software [2012/06/09 12:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sibelius Software [2007/10/28 14:57:13 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/26 13:27:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/26 13:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe [2012/06/26 13:11:19 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael&Mary\Desktop\tdsskiller.exe [2012/06/26 12:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/26 12:56:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 12:56:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 11:53:59 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fnwg.sys [2012/06/26 11:50:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Michael&Mary\Desktop\dds.scr [2012/06/26 10:56:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/26 10:56:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/26 10:56:19 | 3622,363,136 | -HS- | M] () -- C:\hiberfil.sys [2012/06/26 10:46:20 | 100,725,600 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/06/25 21:50:15 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job [2012/06/25 16:33:53 | 000,664,798 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/06/18 02:28:21 | 000,287,289 | ---- | M] () -- C:\Users\Michael&Mary\Documents\Bolt Type-Chart.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/26 11:56:59 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ [2012/06/26 11:56:59 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ [2012/06/26 11:56:57 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@ [2012/06/26 11:53:59 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fnwg.sys [2012/06/18 02:28:21 | 000,287,289 | ---- | C] () -- C:\Users\Michael&Mary\Documents\Bolt Type-Chart.pdf [2012/01/10 16:45:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@ [2012/01/10 16:45:11 | 000,002,048 | -HS- | C] () -- C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@ [2011/12/16 18:35:42 | 000,000,358 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\com.mcmguides.pdg.NCO.2011_state.xml [2010/12/25 23:06:02 | 3622,363,136 | -HS- | C] () -- \hiberfil.sys [2010/12/15 12:26:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/07/13 06:15:03 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2010/07/13 06:15:03 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2009/03/29 18:38:47 | 000,077,973 | ---- | C] () -- C:\Users\Michael&Mary\water2.jpg [2009/03/29 18:38:29 | 000,048,359 | ---- | C] () -- C:\Users\Michael&Mary\water1.jpg [2009/03/29 16:54:11 | 000,043,626 | ---- | C] () -- C:\Users\Michael&Mary\brook-header.jpg [2009/01/24 11:01:45 | 000,000,094 | ---- | C] () -- C:\Users\Michael&Mary\couponmanager.properties [2008/07/09 11:45:51 | 000,000,064 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\Statdisk.prefs [2008/05/22 22:43:15 | 000,000,058 | ---- | C] () -- C:\Users\Michael&Mary\1.feq [2007/08/28 09:56:38 | 000,000,000 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\wklnhst.dat [2007/04/22 02:04:18 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2007/04/22 02:04:18 | 000,000,000 | RHS- | C] () -- \IO.SYS [2006/12/26 04:00:36 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK [2006/12/26 04:00:34 | 000,333,257 | RHS- | C] () -- \bootmgr [2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat [2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys ========== LOP Check ========== [2009/03/28 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Alien Skin [2008/12/15 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Amazon [2012/05/24 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\AVG2012 [2011/01/04 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Barnes & Noble [2011/02/26 02:04:51 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Catalina Marketing Corp [2011/12/16 18:27:47 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\com.mcmguides.pdg.NCO.2011 [2008/03/14 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Design Science [2010/01/18 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\E-centives [2008/11/06 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\foobar2000 [2008/09/19 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Gamelab [2008/06/03 14:02:17 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Hoyle Casino [2008/06/03 13:22:55 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Hoyle FaceCreator [2007/02/17 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\ICAClient [2008/07/03 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Jane s Hotel Family Hero [2009/03/21 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\KompoZer [2008/05/20 09:24:45 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\LimeWire [2008/11/11 13:08:02 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Math Mechanixs [2007/04/21 00:06:26 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\muvee Technologies [2011/03/02 22:04:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PDG Studyware [2008/12/19 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PlayFirst [2009/04/22 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PoBros [2007/03/12 09:48:59 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PureEdge [2010/06/02 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Skip-Bo [2007/08/28 09:57:30 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Template [2010/11/16 01:40:49 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\TweakNow PowerPack 2010 [2009/12/23 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\TweakNow RegCleaner [2008/12/19 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Valusoft [2008/09/24 08:05:12 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Wildgames_JanesRealty [2009/04/20 22:02:03 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\WildTangentv1002 [2007/07/12 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\WinBatch [2012/06/26 10:55:22 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/25 21:50:15 | 000,000,406 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E95B6FD < End of report > OTL Extras logfile created on: 6/26/2012 1:21:28 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Michael&Mary\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19272) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.37 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 58.26% Memory free 6.10 Gb Paging File | 4.60 Gb Available in Paging File | 75.43% Paging File free Paging file location(s): c:\pagefile.sys 2875 2875 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 291.83 Gb Total Space | 142.77 Gb Free Space | 48.92% Space Free | Partition Type: NTFS Drive D: | 6.26 Gb Total Space | 0.90 Gb Free Space | 14.43% Space Free | Partition Type: NTFS Computer Name: MMSCOMP | User Name: Michael&Mary | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 23 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX "{3C2E50C9-1B4C-C582-2E1A-98167D48B6E8}" = PDG GOLD NCO - 2011 "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{6B6DFA96-41E6-4FD7-B380-51764CF7A4BF}" = Trigonometry Solved! "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A11AC02-C461-42B2-B575-B29FB884FBFB}" = e-Sword "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only) "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8713CE86-5F4D-4A80-825E-AC1B2C777F85}" = honestech Audio Recorder 2.0 Deluxe "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}" = honestech Audio Recorder 2.0 Deluxe "{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony "{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing "{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer "{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200 "{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0 "{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5 "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min "{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core "{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "Amazon Kindle" = Amazon Kindle "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12 "Audacity_is1" = Audacity 1.2.6 "AVG" = AVG 2012 "BN_DesktopReader" = NOOK for PC "CCleaner" = CCleaner "Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32 "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "com.mcmguides.pdg.NCO.2011" = PDG GOLD NCO - 2011 "Coupon Printer for Windows1.0" = Coupon Printer for Windows "Coupon Printer for Windows4.0" = Coupon Printer for Windows "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "DSMT6" = MathType 6 "Eye Candy 4000" = Eye Candy 4000 "Free Window Registry Repair" = Free Window Registry Repair "Funnix Begin Reading 1-40" = Funnix Begin Reading 1-40 "GOM Player" = GOM Player "Google Desktop" = Google Desktop Search "Graphmatica" = Graphmatica "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPOCR" = HP OCR Software 9.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Math Mechanixs_is1" = Math Mechanixs "Math Trek 1, 2, 3" = Math Trek 1, 2, 3 "Math Trek 4, 5, 6" = Math Trek 4, 5, 6 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MobTime Cell Phone Manager_is1" = MobTime Cell Phone Manager V6.6.5 "Monopoly Here & Now Edition" = Monopoly Here & Now Edition (remove only) "Multiplex" = Multiplex 1.0 "MyDefrag v4.2.7_is1" = MyDefrag v4.2.7 "NVIDIA Drivers" = NVIDIA Drivers "Oracle JInitiator 1.3.1.17" = Oracle JInitiator 1.3.1.17 "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "Phonics" = Phonics "PROPLUSR" = Microsoft Office Professional Plus 2007 "QuicktimeAlt_is1" = QuickTime Alternative 1.81 "Reading" = Reading "Recuva" = Recuva "Revo Uninstaller" = Revo Uninstaller 1.94 "SysInfo" = Creative System Information "TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010 "TweakNow RegCleaner_is1" = TweakNow RegCleaner "UMS 9.9 equation" = UMS 9.9 equation "WinRAR archiver" = WinRAR archiver "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager "ZENcast Organizer" = ZENcast Organizer ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Master Your CDC 3.0" = Master Your CDC 3.0 "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "PDG Gold 4.0" = PDG Gold 4.0 "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/26/2012 11:40:18 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542 Description = Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error - 6/26/2012 11:40:20 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542 Description = Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error - 6/26/2012 11:40:22 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542 Description = Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error - 6/26/2012 11:40:23 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542 Description = Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error - 6/26/2012 11:42:01 AM | Computer Name = MMscomp | Source = WinMgmt | ID = 28 Description = Error - 6/26/2012 11:56:37 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542 Description = Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error - 6/26/2012 11:56:38 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542 Description = Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error - 6/26/2012 11:56:41 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542 Description = Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error - 6/26/2012 11:57:01 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542 Description = Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error - 6/26/2012 11:57:09 AM | Computer Name = MMscomp | Source = WinMgmt | ID = 28 Description = [ Media Center Events ] Error - 4/18/2008 4:26:02 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 5/31/2008 9:27:04 AM | Computer Name = MMscomp | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 6/20/2008 5:44:26 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 6/9/2009 3:33:57 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 6/26/2012 1:40:36 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 6/26/2012 1:40:45 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 6/26/2012 1:41:04 AM | Computer Name = MMscomp | Source = Print | ID = 19 Description = The print spooler failed to share printer HP Photosmart C4200 series with shared resource name HP Photosmart C4200 series. Error 1753. The printer cannot be used by others on the network. Error - 6/26/2012 11:39:51 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 6/26/2012 11:40:01 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 6/26/2012 11:40:11 AM | Computer Name = MMscomp | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.2.2 for the Network Card with network address 001A92100EFA has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). Error - 6/26/2012 11:40:19 AM | Computer Name = MMscomp | Source = Print | ID = 19 Description = The print spooler failed to share printer HP Photosmart C4200 series with shared resource name HP Photosmart C4200 series. Error 2114. The printer cannot be used by others on the network. Error - 6/26/2012 11:55:59 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 6/26/2012 11:56:16 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 6/26/2012 11:56:38 AM | Computer Name = MMscomp | Source = Print | ID = 19 Description = The print spooler failed to share printer HP Photosmart C4200 series with shared resource name HP Photosmart C4200 series. Error 2114. The printer cannot be used by others on the network. < End of report >
  10. dakotawolf04
    Thank you very much Maniac for helping me with this. I ran the tools and the logs follow. The system says my post is too long. I will post the other logs in another post. 13:13:32.0579 4940 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 13:13:34.0592 4940 ============================================================ 13:13:34.0592 4940 Current date / time: 2012/06/26 13:13:34.0592 13:13:34.0592 4940 SystemInfo: 13:13:34.0592 4940 13:13:34.0592 4940 OS Version: 6.0.6002 ServicePack: 2.0 13:13:34.0592 4940 Product type: Workstation 13:13:34.0592 4940 ComputerName: MMSCOMP 13:13:34.0592 4940 UserName: Michael&Mary 13:13:34.0592 4940 Windows directory: C:\Windows 13:13:34.0592 4940 System windows directory: C:\Windows 13:13:34.0592 4940 Processor architecture: Intel x86 13:13:34.0592 4940 Number of processors: 2 13:13:34.0592 4940 Page size: 0x1000 13:13:34.0592 4940 Boot type: Normal boot 13:13:34.0592 4940 ============================================================ 13:13:35.0044 4940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 13:13:35.0091 4940 ============================================================ 13:13:35.0091 4940 \Device\Harddisk0\DR0: 13:13:35.0091 4940 MBR partitions: 13:13:35.0091 4940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x247A9091 13:13:35.0091 4940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x247A90D0, BlocksNum 0xC84240 13:13:35.0091 4940 ============================================================ 13:13:35.0200 4940 C: <-> \Device\Harddisk0\DR0\Partition0 13:13:35.0387 4940 D: <-> \Device\Harddisk0\DR0\Partition1 13:13:35.0387 4940 ============================================================ 13:13:35.0387 4940 Initialize success 13:13:35.0387 4940 ============================================================ 13:13:41.0378 4656 ============================================================ 13:13:41.0378 4656 Scan started 13:13:41.0378 4656 Mode: Manual; SigCheck; TDLFS; 13:13:41.0378 4656 ============================================================ 13:13:42.0017 4656 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 13:13:42.0111 4656 !SASCORE - ok 13:13:42.0345 4656 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 13:13:42.0376 4656 ACPI - ok 13:13:42.0517 4656 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 13:13:42.0532 4656 AdobeARMservice - ok 13:13:42.0641 4656 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 13:13:42.0657 4656 AdobeFlashPlayerUpdateSvc - ok 13:13:42.0735 4656 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 13:13:42.0797 4656 adp94xx - ok 13:13:42.0829 4656 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 13:13:42.0860 4656 adpahci - ok 13:13:42.0891 4656 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 13:13:42.0907 4656 adpu160m - ok 13:13:42.0938 4656 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 13:13:42.0953 4656 adpu320 - ok 13:13:43.0000 4656 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 13:13:43.0094 4656 AeLookupSvc - ok 13:13:43.0172 4656 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 13:13:43.0281 4656 AFD - ok 13:13:43.0343 4656 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 13:13:43.0359 4656 agp440 - ok 13:13:43.0421 4656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 13:13:43.0437 4656 aic78xx - ok 13:13:43.0468 4656 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 13:13:43.0640 4656 ALG - ok 13:13:43.0671 4656 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 13:13:43.0687 4656 aliide - ok 13:13:43.0733 4656 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 13:13:43.0749 4656 amdagp - ok 13:13:43.0780 4656 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 13:13:43.0796 4656 amdide - ok 13:13:43.0843 4656 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 13:13:44.0061 4656 AmdK7 - ok 13:13:44.0108 4656 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 13:13:44.0170 4656 AmdK8 - ok 13:13:44.0217 4656 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 13:13:44.0295 4656 Appinfo - ok 13:13:44.0404 4656 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:13:44.0420 4656 Apple Mobile Device - ok 13:13:44.0482 4656 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 13:13:44.0513 4656 arc - ok 13:13:44.0576 4656 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 13:13:44.0607 4656 arcsas - ok 13:13:44.0716 4656 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 13:13:44.0747 4656 aspnet_state - ok 13:13:44.0810 4656 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 13:13:44.0872 4656 AsyncMac - ok 13:13:44.0950 4656 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 13:13:44.0966 4656 atapi - ok 13:13:45.0059 4656 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 13:13:45.0106 4656 AudioEndpointBuilder - ok 13:13:45.0122 4656 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 13:13:45.0184 4656 Audiosrv - ok 13:13:45.0590 4656 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 13:13:45.0793 4656 AVGIDSAgent - ok 13:13:45.0933 4656 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 13:13:45.0964 4656 AVGIDSDriver - ok 13:13:46.0011 4656 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 13:13:46.0011 4656 AVGIDSEH - ok 13:13:46.0058 4656 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 13:13:46.0073 4656 AVGIDSFilter - ok 13:13:46.0120 4656 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 13:13:46.0120 4656 AVGIDSShim - ok 13:13:46.0167 4656 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys 13:13:46.0183 4656 Avgldx86 - ok 13:13:46.0214 4656 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys 13:13:46.0229 4656 Avgmfx86 - ok 13:13:46.0245 4656 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys 13:13:46.0261 4656 Avgrkx86 - ok 13:13:46.0339 4656 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys 13:13:46.0354 4656 Avgtdix - ok 13:13:46.0448 4656 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 13:13:46.0463 4656 avgwd - ok 13:13:46.0541 4656 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 13:13:46.0573 4656 BBSvc - ok 13:13:46.0604 4656 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 13:13:46.0666 4656 Beep - ok 13:13:46.0744 4656 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 13:13:46.0807 4656 BITS - ok 13:13:46.0807 4656 blbdrive - ok 13:13:46.0900 4656 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 13:13:46.0916 4656 Bonjour Service - ok 13:13:46.0978 4656 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 13:13:47.0041 4656 bowser - ok 13:13:47.0087 4656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 13:13:47.0134 4656 BrFiltLo - ok 13:13:47.0165 4656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 13:13:47.0228 4656 BrFiltUp - ok 13:13:47.0275 4656 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 13:13:47.0337 4656 Browser - ok 13:13:47.0368 4656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 13:13:47.0431 4656 Brserid - ok 13:13:47.0462 4656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 13:13:47.0524 4656 BrSerWdm - ok 13:13:47.0555 4656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 13:13:47.0602 4656 BrUsbMdm - ok 13:13:47.0649 4656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 13:13:47.0711 4656 BrUsbSer - ok 13:13:47.0758 4656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 13:13:47.0821 4656 BTHMODEM - ok 13:13:47.0867 4656 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 13:13:47.0914 4656 cdfs - ok 13:13:47.0961 4656 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 13:13:48.0008 4656 cdrom - ok 13:13:48.0039 4656 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 13:13:48.0070 4656 CertPropSvc - ok 13:13:48.0086 4656 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 13:13:48.0133 4656 circlass - ok 13:13:48.0179 4656 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 13:13:48.0211 4656 CLFS - ok 13:13:48.0304 4656 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:13:48.0320 4656 clr_optimization_v2.0.50727_32 - ok 13:13:48.0351 4656 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 13:13:48.0367 4656 cmdide - ok 13:13:48.0382 4656 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 13:13:48.0398 4656 Compbatt - ok 13:13:48.0398 4656 COMSysApp - ok 13:13:48.0413 4656 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 13:13:48.0429 4656 crcdisk - ok 13:13:48.0445 4656 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 13:13:48.0507 4656 Crusoe - ok 13:13:48.0538 4656 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 13:13:48.0585 4656 CryptSvc - ok 13:13:48.0663 4656 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 13:13:48.0725 4656 DcomLaunch - ok 13:13:48.0788 4656 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 13:13:48.0819 4656 DfsC - ok 13:13:49.0006 4656 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 13:13:49.0225 4656 DFSR - ok 13:13:49.0412 4656 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 13:13:49.0459 4656 Dhcp - ok 13:13:49.0521 4656 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 13:13:49.0537 4656 disk - ok 13:13:49.0583 4656 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 13:13:49.0646 4656 Dnscache - ok 13:13:49.0693 4656 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 13:13:49.0739 4656 dot3svc - ok 13:13:49.0786 4656 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 13:13:49.0833 4656 Dot4 - ok 13:13:49.0880 4656 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 13:13:49.0911 4656 Dot4Print - ok 13:13:49.0927 4656 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 13:13:49.0973 4656 dot4usb - ok 13:13:50.0051 4656 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 13:13:50.0129 4656 DPS - ok 13:13:50.0176 4656 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 13:13:50.0207 4656 drmkaud - ok 13:13:50.0270 4656 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 13:13:50.0332 4656 DXGKrnl - ok 13:13:50.0363 4656 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 13:13:50.0426 4656 E1G60 - ok 13:13:50.0488 4656 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 13:13:50.0504 4656 EapHost - ok 13:13:50.0566 4656 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 13:13:50.0582 4656 Ecache - ok 13:13:50.0675 4656 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 13:13:50.0738 4656 ehRecvr - ok 13:13:50.0785 4656 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 13:13:50.0816 4656 ehSched - ok 13:13:50.0847 4656 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 13:13:50.0878 4656 ehstart - ok 13:13:50.0909 4656 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 13:13:50.0941 4656 elxstor - ok 13:13:51.0003 4656 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 13:13:51.0081 4656 EMDMgmt - ok 13:13:51.0143 4656 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 13:13:51.0175 4656 EventSystem - ok 13:13:51.0221 4656 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 13:13:51.0268 4656 exfat - ok 13:13:51.0299 4656 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 13:13:51.0346 4656 fastfat - ok 13:13:51.0393 4656 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 13:13:51.0455 4656 fdc - ok 13:13:51.0518 4656 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 13:13:51.0549 4656 fdPHost - ok 13:13:51.0596 4656 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 13:13:51.0643 4656 FDResPub - ok 13:13:51.0674 4656 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 13:13:51.0689 4656 FileInfo - ok 13:13:51.0721 4656 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 13:13:51.0767 4656 Filetrace - ok 13:13:51.0908 4656 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 13:13:52.0001 4656 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 13:13:52.0001 4656 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 13:13:52.0064 4656 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 13:13:52.0173 4656 flpydisk - ok 13:13:52.0220 4656 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 13:13:52.0235 4656 FltMgr - ok 13:13:52.0345 4656 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll 13:13:52.0438 4656 FontCache - ok 13:13:52.0516 4656 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:13:52.0532 4656 FontCache3.0.0.0 - ok 13:13:52.0579 4656 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 13:13:52.0625 4656 Fs_Rec - ok 13:13:52.0672 4656 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 13:13:52.0688 4656 gagp30kx - ok 13:13:52.0735 4656 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 13:13:52.0859 4656 gpsvc - ok 13:13:53.0047 4656 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 13:13:53.0078 4656 gupdate - ok 13:13:53.0109 4656 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 13:13:53.0140 4656 gupdatem - ok 13:13:53.0187 4656 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 13:13:53.0218 4656 gusvc - ok 13:13:53.0281 4656 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 13:13:53.0374 4656 HdAudAddService - ok 13:13:53.0437 4656 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 13:13:53.0530 4656 HDAudBus - ok 13:13:53.0561 4656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 13:13:53.0624 4656 HidBth - ok 13:13:53.0655 4656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 13:13:53.0733 4656 HidIr - ok 13:13:53.0780 4656 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 13:13:53.0827 4656 hidserv - ok 13:13:53.0858 4656 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys 13:13:53.0905 4656 HidUsb - ok 13:13:53.0951 4656 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 13:13:53.0983 4656 hkmsvc - ok 13:13:54.0014 4656 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 13:13:54.0029 4656 HpCISSs - ok 13:13:54.0154 4656 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll 13:13:54.0201 4656 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 13:13:54.0201 4656 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 13:13:54.0232 4656 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll 13:13:54.0248 4656 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 13:13:54.0248 4656 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 13:13:54.0341 4656 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys 13:13:54.0451 4656 HSF_DP - ok 13:13:54.0497 4656 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys 13:13:54.0529 4656 HSXHWBS2 - ok 13:13:54.0591 4656 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 13:13:54.0716 4656 HTTP - ok 13:13:54.0747 4656 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 13:13:54.0763 4656 i2omp - ok 13:13:54.0841 4656 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 13:13:54.0856 4656 i8042prt - ok 13:13:54.0887 4656 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 13:13:54.0934 4656 iaStorV - ok 13:13:55.0043 4656 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:13:55.0137 4656 idsvc - ok 13:13:55.0199 4656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 13:13:55.0231 4656 iirsp - ok 13:13:55.0309 4656 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 13:13:55.0418 4656 IKEEXT - ok 13:13:55.0605 4656 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys 13:13:55.0855 4656 IntcAzAudAddService - ok 13:13:56.0026 4656 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 13:13:56.0042 4656 intelide - ok 13:13:56.0089 4656 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 13:13:56.0245 4656 intelppm - ok 13:13:56.0291 4656 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 13:13:56.0354 4656 IPBusEnum - ok 13:13:56.0401 4656 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:13:56.0432 4656 IpFilterDriver - ok 13:13:56.0432 4656 IpInIp - ok 13:13:56.0463 4656 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 13:13:56.0510 4656 IPMIDRV - ok 13:13:56.0557 4656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 13:13:56.0603 4656 IPNAT - ok 13:13:56.0635 4656 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 13:13:56.0666 4656 IRENUM - ok 13:13:56.0681 4656 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 13:13:56.0697 4656 isapnp - ok 13:13:56.0744 4656 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 13:13:56.0759 4656 iScsiPrt - ok 13:13:56.0791 4656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 13:13:56.0791 4656 iteatapi - ok 13:13:56.0822 4656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 13:13:56.0837 4656 iteraid - ok 13:13:56.0853 4656 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 13:13:56.0869 4656 kbdclass - ok 13:13:56.0900 4656 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 13:13:56.0962 4656 kbdhid - ok 13:13:57.0009 4656 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 13:13:57.0056 4656 KeyIso - ok 13:13:57.0103 4656 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 13:13:57.0196 4656 KSecDD - ok 13:13:57.0290 4656 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 13:13:57.0337 4656 KtmRm - ok 13:13:57.0399 4656 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 13:13:57.0493 4656 LanmanServer - ok 13:13:57.0539 4656 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 13:13:57.0586 4656 LanmanWorkstation - ok 13:13:57.0695 4656 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) c:\Program Files\Common Files\LightScribe\LSSrvc.exe 13:13:57.0727 4656 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 13:13:57.0727 4656 LightScribeService - detected UnsignedFile.Multi.Generic (1) 13:13:57.0758 4656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 13:13:57.0820 4656 lltdio - ok 13:13:57.0883 4656 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 13:13:57.0961 4656 lltdsvc - ok 13:13:58.0007 4656 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 13:13:58.0117 4656 lmhosts - ok 13:13:58.0179 4656 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 13:13:58.0210 4656 LSI_FC - ok 13:13:58.0226 4656 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 13:13:58.0257 4656 LSI_SAS - ok 13:13:58.0288 4656 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 13:13:58.0319 4656 LSI_SCSI - ok 13:13:58.0351 4656 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 13:13:58.0366 4656 luafv - ok 13:13:58.0444 4656 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe 13:13:58.0460 4656 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning 13:13:58.0460 4656 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1) 13:13:58.0491 4656 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 13:13:58.0507 4656 Mcx2Svc - ok 13:13:58.0616 4656 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 13:13:58.0631 4656 MDM - ok 13:13:58.0663 4656 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 13:13:58.0694 4656 mdmxsdk - ok 13:13:58.0741 4656 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 13:13:58.0756 4656 megasas - ok 13:13:58.0787 4656 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 13:13:58.0834 4656 MMCSS - ok 13:13:58.0865 4656 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 13:13:58.0912 4656 Modem - ok 13:13:58.0959 4656 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 13:13:59.0006 4656 monitor - ok 13:13:59.0068 4656 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys 13:13:59.0099 4656 motmodem - ok 13:13:59.0162 4656 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 13:13:59.0177 4656 mouclass - ok 13:13:59.0209 4656 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys 13:13:59.0255 4656 mouhid - ok 13:13:59.0302 4656 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 13:13:59.0318 4656 MountMgr - ok 13:13:59.0349 4656 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 13:13:59.0365 4656 mpio - ok 13:13:59.0411 4656 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 13:13:59.0443 4656 mpsdrv - ok 13:13:59.0489 4656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 13:13:59.0505 4656 Mraid35x - ok 13:13:59.0536 4656 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 13:13:59.0552 4656 MRxDAV - ok 13:13:59.0599 4656 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:13:59.0630 4656 mrxsmb - ok 13:13:59.0661 4656 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:13:59.0770 4656 mrxsmb10 - ok 13:13:59.0786 4656 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:13:59.0848 4656 mrxsmb20 - ok 13:13:59.0879 4656 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 13:13:59.0895 4656 msahci - ok 13:13:59.0926 4656 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 13:13:59.0942 4656 msdsm - ok 13:13:59.0973 4656 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 13:14:00.0004 4656 MSDTC - ok 13:14:00.0051 4656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 13:14:00.0098 4656 Msfs - ok 13:14:00.0160 4656 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 13:14:00.0176 4656 msisadrv - ok 13:14:00.0238 4656 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 13:14:00.0332 4656 MSiSCSI - ok 13:14:00.0332 4656 msiserver - ok 13:14:00.0441 4656 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 13:14:00.0472 4656 MSKSSRV - ok 13:14:00.0503 4656 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 13:14:00.0519 4656 MSPCLOCK - ok 13:14:00.0535 4656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 13:14:00.0581 4656 MSPQM - ok 13:14:00.0613 4656 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 13:14:00.0644 4656 MsRPC - ok 13:14:00.0659 4656 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 13:14:00.0675 4656 mssmbios - ok 13:14:00.0706 4656 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 13:14:00.0737 4656 MSTEE - ok 13:14:00.0769 4656 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 13:14:00.0784 4656 Mup - ok 13:14:00.0831 4656 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 13:14:00.0893 4656 napagent - ok 13:14:00.0940 4656 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 13:14:00.0987 4656 NativeWifiP - ok 13:14:01.0034 4656 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 13:14:01.0096 4656 NDIS - ok 13:14:01.0174 4656 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 13:14:01.0205 4656 NdisTapi - ok 13:14:01.0237 4656 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 13:14:01.0283 4656 Ndisuio - ok 13:14:01.0315 4656 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 13:14:01.0346 4656 NdisWan - ok 13:14:01.0377 4656 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 13:14:01.0408 4656 NDProxy - ok 13:14:01.0471 4656 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll 13:14:01.0471 4656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 13:14:01.0471 4656 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 13:14:01.0486 4656 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 13:14:01.0533 4656 NetBIOS - ok 13:14:01.0580 4656 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 13:14:01.0642 4656 netbt - ok 13:14:01.0673 4656 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 13:14:01.0689 4656 Netlogon - ok 13:14:01.0767 4656 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 13:14:01.0876 4656 Netman - ok 13:14:01.0907 4656 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 13:14:01.0970 4656 netprofm - ok 13:14:02.0609 4656 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:14:02.0781 4656 NetTcpPortSharing - ok 13:14:03.0202 4656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 13:14:03.0233 4656 nfrd960 - ok 13:14:03.0296 4656 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 13:14:03.0358 4656 NlaSvc - ok 13:14:03.0436 4656 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 13:14:03.0452 4656 Npfs - ok 13:14:03.0608 4656 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 13:14:03.0717 4656 nsi - ok 13:14:03.0873 4656 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 13:14:03.0935 4656 nsiproxy - ok 13:14:07.0664 4656 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 13:14:08.0553 4656 Ntfs - ok 13:14:08.0709 4656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 13:14:08.0818 4656 ntrigdigi - ok 13:14:09.0005 4656 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 13:14:09.0130 4656 Null - ok 13:14:15.0776 4656 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys 13:14:17.0866 4656 NVENETFD - ok 13:14:54.0230 4656 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:15:09.0159 4656 nvlddmkm - ok 13:15:16.0149 4656 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 13:15:16.0196 4656 nvraid - ok 13:15:16.0430 4656 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys 13:15:16.0523 4656 nvstor - ok 13:15:16.0601 4656 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys 13:15:16.0632 4656 nvstor32 - ok 13:15:17.0256 4656 nvsvc (cf7769f13b3ecc5e2bf1b3d1c5831ae8) C:\Windows\system32\nvvsvc.exe 13:15:17.0381 4656 nvsvc - ok 13:15:17.0631 4656 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 13:15:17.0771 4656 nv_agp - ok 13:15:17.0771 4656 NwlnkFlt - ok 13:15:17.0802 4656 NwlnkFwd - ok 13:15:18.0972 4656 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:15:19.0503 4656 odserv - ok 13:15:19.0986 4656 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 13:15:20.0142 4656 ohci1394 - ok 13:15:22.0015 4656 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:15:22.0218 4656 ose - ok 13:15:27.0569 4656 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 13:15:28.0911 4656 p2pimsvc - ok 13:15:28.0942 4656 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 13:15:29.0113 4656 p2psvc - ok 13:15:30.0003 4656 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 13:15:30.0221 4656 Parport - ok 13:15:31.0048 4656 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 13:15:31.0110 4656 partmgr - ok 13:15:31.0438 4656 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 13:15:31.0703 4656 Parvdm - ok 13:15:32.0062 4656 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 13:15:32.0577 4656 PcaSvc - ok 13:15:34.0074 4656 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 13:15:34.0246 4656 pci - ok 13:15:34.0511 4656 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 13:15:34.0558 4656 pciide - ok 13:15:36.0586 4656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 13:15:36.0820 4656 pcmcia - ok 13:15:45.0150 4656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 13:15:45.0649 4656 PEAUTH - ok 13:15:48.0863 4656 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 13:15:49.0425 4656 pla - ok 13:15:54.0339 4656 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 13:15:54.0604 4656 PlugPlay - ok 13:15:55.0228 4656 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll 13:15:55.0306 4656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 13:15:55.0306 4656 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 13:16:00.0782 4656 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 13:16:01.0859 4656 PNRPAutoReg - ok 13:16:01.0874 4656 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 13:16:01.0968 4656 PNRPsvc - ok 13:16:04.0214 4656 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 13:16:04.0573 4656 PolicyAgent - ok 13:16:04.0932 4656 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 13:16:04.0994 4656 PptpMiniport - ok 13:16:05.0509 4656 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 13:16:05.0681 4656 Processor - ok 13:16:05.0884 4656 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 13:16:05.0915 4656 ProfSvc - ok 13:16:06.0102 4656 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 13:16:06.0118 4656 ProtectedStorage - ok 13:16:06.0523 4656 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys 13:16:06.0742 4656 Ps2 - ok 13:16:07.0506 4656 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 13:16:07.0646 4656 PSched - ok 13:16:08.0021 4656 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys 13:16:08.0036 4656 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 13:16:08.0036 4656 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 13:16:13.0247 4656 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 13:16:14.0261 4656 ql2300 - ok 13:16:15.0384 4656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 13:16:15.0462 4656 ql40xx - ok 13:16:17.0989 4656 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 13:16:18.0395 4656 QWAVE - ok 13:16:19.0112 4656 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 13:16:19.0300 4656 QWAVEdrv - ok 13:16:19.0612 4656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 13:16:19.0814 4656 RasAcd - ok 13:16:21.0905 4656 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 13:16:22.0108 4656 RasAuto - ok 13:16:22.0669 4656 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:16:22.0856 4656 Rasl2tp - ok 13:16:24.0884 4656 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 13:16:24.0994 4656 RasMan - ok 13:16:25.0337 4656 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 13:16:25.0493 4656 RasPppoe - ok 13:16:25.0711 4656 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 13:16:25.0789 4656 RasSstp - ok 13:16:27.0396 4656 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 13:16:27.0599 4656 rdbss - ok 13:16:27.0724 4656 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:16:27.0833 4656 RDPCDD - ok 13:16:29.0050 4656 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 13:16:29.0206 4656 rdpdr - ok 13:16:29.0299 4656 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 13:16:29.0346 4656 RDPENCDD - ok 13:16:30.0344 4656 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys 13:16:30.0563 4656 RDPWD - ok 13:16:30.0890 4656 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 13:16:31.0015 4656 RemoteAccess - ok 13:16:31.0609 4656 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 13:16:31.0749 4656 RemoteRegistry - ok 13:16:31.0921 4656 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 13:16:32.0405 4656 RpcLocator - ok 13:16:34.0933 4656 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 13:16:35.0354 4656 RpcSs - ok 13:16:35.0728 4656 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 13:16:35.0775 4656 rspndr - ok 13:16:35.0962 4656 ryjqwor (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\fnwg.sys 13:16:35.0978 4656 ryjqwor ( UnsignedFile.Multi.Generic ) - warning 13:16:35.0978 4656 ryjqwor - detected UnsignedFile.Multi.Generic (1) 13:16:36.0181 4656 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 13:16:36.0228 4656 SamSs - ok 13:16:36.0914 4656 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 13:16:36.0976 4656 SASDIFSV - ok 13:16:37.0585 4656 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 13:16:37.0600 4656 SASKUTIL - ok 13:16:37.0897 4656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 13:16:37.0959 4656 sbp2port - ok 13:16:38.0521 4656 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 13:16:38.0614 4656 SCardSvr - ok 13:16:39.0940 4656 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 13:16:40.0471 4656 Schedule - ok 13:16:40.0533 4656 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 13:16:40.0580 4656 SCPolicySvc - ok 13:16:41.0235 4656 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 13:16:41.0360 4656 SDRSVC - ok 13:16:43.0747 4656 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 13:16:43.0762 4656 SeaPort - ok 13:16:43.0965 4656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 13:16:44.0152 4656 secdrv - ok 13:16:44.0433 4656 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 13:16:44.0511 4656 seclogon - ok 13:16:45.0369 4656 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 13:16:45.0478 4656 SENS - ok 13:16:45.0666 4656 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 13:16:45.0790 4656 Serenum - ok 13:16:46.0118 4656 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 13:16:46.0227 4656 Serial - ok 13:16:46.0461 4656 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 13:16:46.0508 4656 sermouse - ok 13:16:47.0116 4656 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 13:16:47.0241 4656 SessionEnv - ok 13:16:47.0522 4656 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 13:16:47.0709 4656 sffdisk - ok 13:16:47.0896 4656 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 13:16:48.0084 4656 sffp_mmc - ok 13:16:48.0286 4656 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 13:16:48.0411 4656 sffp_sd - ok 13:16:48.0614 4656 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 13:16:48.0786 4656 sfloppy - ok 13:16:50.0408 4656 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 13:16:50.0689 4656 ShellHWDetection - ok 13:16:51.0079 4656 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 13:16:51.0172 4656 sisagp - ok 13:16:51.0328 4656 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 13:16:51.0360 4656 SiSRaid2 - ok 13:16:52.0140 4656 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 13:16:52.0280 4656 SiSRaid4 - ok 13:17:01.0297 4656 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 13:17:05.0041 4656 slsvc - ok 13:17:07.0162 4656 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 13:17:07.0303 4656 SLUINotify - ok 13:17:08.0067 4656 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 13:17:08.0114 4656 Smb - ok 13:17:08.0270 4656 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 13:17:08.0317 4656 SNMPTRAP - ok 13:17:08.0676 4656 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe 13:17:08.0707 4656 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning 13:17:08.0707 4656 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1) 13:17:08.0754 4656 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 13:17:08.0769 4656 spldr - ok 13:17:08.0863 4656 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 13:17:08.0941 4656 Spooler - ok 13:17:09.0112 4656 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 13:17:09.0190 4656 srv - ok 13:17:09.0346 4656 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 13:17:09.0409 4656 srv2 - ok 13:17:09.0456 4656 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 13:17:09.0471 4656 srvnet - ok 13:17:09.0534 4656 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys 13:17:09.0565 4656 sscdbus - ok 13:17:09.0580 4656 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys 13:17:09.0596 4656 sscdmdfl - ok 13:17:09.0627 4656 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys 13:17:09.0643 4656 sscdmdm - ok 13:17:09.0674 4656 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys 13:17:09.0690 4656 sscdserd - ok 13:17:10.0002 4656 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 13:17:10.0111 4656 SSDPSRV - ok 13:17:10.0158 4656 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 13:17:10.0220 4656 SstpSvc - ok 13:17:10.0329 4656 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 13:17:10.0407 4656 stisvc - ok 13:17:10.0750 4656 stllssvr (d4ce4d370a26ae1bf41be9f69d24d049) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe 13:17:10.0782 4656 stllssvr - ok 13:17:10.0828 4656 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 13:17:10.0844 4656 swenum - ok 13:17:10.0922 4656 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 13:17:11.0000 4656 swprv - ok 13:17:11.0000 4656 sxuptp - ok 13:17:11.0047 4656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 13:17:11.0062 4656 Symc8xx - ok 13:17:11.0078 4656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 13:17:11.0094 4656 Sym_hi - ok 13:17:11.0125 4656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 13:17:11.0140 4656 Sym_u3 - ok 13:17:11.0562 4656 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 13:17:11.0655 4656 SysMain - ok 13:17:11.0702 4656 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 13:17:11.0780 4656 TabletInputService - ok 13:17:12.0061 4656 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 13:17:12.0123 4656 TapiSrv - ok 13:17:12.0170 4656 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 13:17:12.0201 4656 TBS - ok 13:17:12.0654 4656 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys 13:17:12.0732 4656 Tcpip - ok 13:17:12.0747 4656 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys 13:17:12.0810 4656 Tcpip6 - ok 13:17:12.0919 4656 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 13:17:12.0950 4656 tcpipreg - ok 13:17:12.0997 4656 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 13:17:13.0044 4656 TDPIPE - ok 13:17:13.0075 4656 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 13:17:13.0106 4656 TDTCP - ok 13:17:13.0184 4656 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 13:17:13.0215 4656 tdx - ok 13:17:13.0246 4656 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 13:17:13.0278 4656 TermDD - ok 13:17:13.0356 4656 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 13:17:13.0402 4656 TermService - ok 13:17:13.0543 4656 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 13:17:13.0590 4656 Themes - ok 13:17:13.0652 4656 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 13:17:13.0683 4656 THREADORDER - ok 13:17:13.0699 4656 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 13:17:13.0761 4656 TrkWks - ok 13:17:13.0824 4656 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 13:17:13.0855 4656 TrustedInstaller - ok 13:17:13.0902 4656 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:17:13.0964 4656 tssecsrv - ok 13:17:14.0026 4656 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 13:17:14.0058 4656 tunmp - ok 13:17:14.0089 4656 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 13:17:14.0120 4656 tunnel - ok 13:17:14.0182 4656 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 13:17:14.0198 4656 uagp35 - ok 13:17:14.0214 4656 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 13:17:14.0276 4656 udfs - ok 13:17:14.0385 4656 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 13:17:14.0432 4656 UI0Detect - ok 13:17:14.0463 4656 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 13:17:14.0479 4656 uliagpkx - ok 13:17:14.0494 4656 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 13:17:14.0526 4656 uliahci - ok 13:17:14.0557 4656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 13:17:14.0572 4656 UlSata - ok 13:17:14.0588 4656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 13:17:14.0604 4656 ulsata2 - ok 13:17:14.0635 4656 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 13:17:14.0682 4656 umbus - ok 13:17:14.0791 4656 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 13:17:14.0853 4656 upnphost - ok 13:17:14.0884 4656 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 13:17:14.0916 4656 USBAAPL - ok 13:17:14.0962 4656 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 13:17:14.0994 4656 usbaudio - ok 13:17:15.0040 4656 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 13:17:15.0087 4656 usbccgp - ok 13:17:15.0259 4656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 13:17:15.0337 4656 usbcir - ok 13:17:15.0384 4656 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 13:17:15.0430 4656 usbehci - ok 13:17:15.0477 4656 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 13:17:15.0524 4656 usbhub - ok 13:17:15.0555 4656 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 13:17:15.0586 4656 usbohci - ok 13:17:15.0586 4656 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 13:17:15.0664 4656 usbprint - ok 13:17:15.0711 4656 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 13:17:15.0727 4656 usbscan - ok 13:17:15.0742 4656 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:17:15.0774 4656 USBSTOR - ok 13:17:15.0805 4656 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 13:17:15.0867 4656 usbuhci - ok 13:17:15.0898 4656 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 13:17:15.0930 4656 UxSms - ok 13:17:16.0210 4656 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 13:17:16.0288 4656 vds - ok 13:17:16.0304 4656 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 13:17:16.0351 4656 vga - ok 13:17:16.0366 4656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 13:17:16.0398 4656 VgaSave - ok 13:17:16.0413 4656 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 13:17:16.0429 4656 viaagp - ok 13:17:16.0460 4656 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 13:17:16.0522 4656 ViaC7 - ok 13:17:16.0585 4656 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 13:17:16.0600 4656 viaide - ok 13:17:16.0632 4656 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 13:17:16.0647 4656 volmgr - ok 13:17:16.0710 4656 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 13:17:16.0725 4656 volmgrx - ok 13:17:16.0866 4656 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 13:17:16.0912 4656 volsnap - ok 13:17:16.0959 4656 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 13:17:16.0975 4656 vsmraid - ok 13:17:17.0053 4656 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 13:17:17.0209 4656 VSS - ok 13:17:17.0287 4656 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 13:17:17.0334 4656 W32Time - ok 13:17:17.0427 4656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 13:17:17.0490 4656 WacomPen - ok 13:17:17.0802 4656 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 13:17:17.0864 4656 Wanarp - ok 13:17:17.0880 4656 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 13:17:17.0926 4656 Wanarpv6 - ok 13:17:17.0989 4656 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 13:17:18.0051 4656 wcncsvc - ok 13:17:18.0098 4656 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 13:17:18.0129 4656 WcsPlugInService - ok 13:17:18.0192 4656 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 13:17:18.0192 4656 Wd - ok 13:17:18.0254 4656 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 13:17:18.0301 4656 Wdf01000 - ok 13:17:18.0332 4656 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 13:17:18.0363 4656 WdiServiceHost - ok 13:17:18.0379 4656 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 13:17:18.0410 4656 WdiSystemHost - ok 13:17:18.0660 4656 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 13:17:18.0706 4656 WebClient - ok 13:17:18.0738 4656 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 13:17:18.0769 4656 Wecsvc - ok 13:17:18.0816 4656 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 13:17:18.0878 4656 wercplsupport - ok 13:17:18.0925 4656 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 13:17:18.0956 4656 WerSvc - ok 13:17:19.0018 4656 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 13:17:19.0096 4656 winachsf - ok 13:17:19.0112 4656 WinHttpAutoProxySvc - ok 13:17:19.0221 4656 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 13:17:19.0284 4656 Winmgmt - ok 13:17:19.0627 4656 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 13:17:19.0783 4656 WinRM - ok 13:17:19.0908 4656 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 13:17:20.0032 4656 Wlansvc - ok 13:17:20.0188 4656 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 13:17:20.0298 4656 WmiAcpi - ok 13:17:20.0625 4656 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 13:17:20.0703 4656 wmiApSrv - ok 13:17:21.0187 4656 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 13:17:21.0312 4656 WMPNetworkSvc - ok 13:17:21.0390 4656 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 13:17:21.0452 4656 WPCSvc - ok 13:17:21.0530 4656 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 13:17:21.0561 4656 WPDBusEnum - ok 13:17:21.0686 4656 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 13:17:21.0702 4656 WpdUsb - ok 13:17:21.0733 4656 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 13:17:21.0795 4656 ws2ifsl - ok 13:17:21.0811 4656 WSearch - ok 13:17:22.0029 4656 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 13:17:22.0154 4656 wuauserv - ok 13:17:22.0310 4656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:17:22.0388 4656 WUDFRd - ok 13:17:22.0497 4656 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 13:17:22.0528 4656 wudfsvc - ok 13:17:22.0575 4656 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys 13:17:22.0591 4656 XAudio - ok 13:17:22.0638 4656 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe 13:17:22.0669 4656 XAudioService - ok 13:17:22.0950 4656 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 13:17:23.0059 4656 YahooAUService - ok 13:17:23.0090 4656 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0 13:17:23.0262 4656 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 13:17:23.0262 4656 \Device\Harddisk0\DR0 - detected TDSS File System (1) 13:17:23.0277 4656 Boot (0x1200) (5018e2ce3e0478ba009695899db10f16) \Device\Harddisk0\DR0\Partition0 13:17:23.0277 4656 \Device\Harddisk0\DR0\Partition0 - ok 13:17:23.0293 4656 Boot (0x1200) (c83fb83e25bc24c226da38c40380c01e) \Device\Harddisk0\DR0\Partition1 13:17:23.0293 4656 \Device\Harddisk0\DR0\Partition1 - ok 13:17:23.0293 4656 ============================================================ 13:17:23.0293 4656 Scan finished 13:17:23.0293 4656 ============================================================ 13:17:23.0308 2380 Detected object count: 11 13:17:23.0308 2380 Actual detected object count: 11 13:18:03.0653 2380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0653 2380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0653 2380 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0653 2380 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0669 2380 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0669 2380 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0669 2380 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0669 2380 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0669 2380 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0669 2380 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0669 2380 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0669 2380 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0684 2380 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0684 2380 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0684 2380 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0684 2380 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0700 2380 ryjqwor ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0700 2380 ryjqwor ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0700 2380 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:03.0700 2380 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:03.0700 2380 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 13:18:03.0700 2380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 13:19:36.0473 5608 Deinitialize success
  11. dakotawolf04
    Recently I ran a scan and Malwarebytes found the following trojan.small, trojan.sirefef, and rootkit.0access. I went through the removal procedures as the program required but after rebooting and another scan it was still there. Any help with removing these would be much appreciated. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.26.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19272 Michael&Mary :: MMSCOMP [administrator] 6/26/2012 11:28:01 AM mbam-log-2012-06-26 (11-28-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205497 Time elapsed: 7 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19272 Run by Michael&Mary at 11:55:10 on 2012-06-26 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uWindow Title = Windows Internet Explorer provided by Yahoo! mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: UserZoomBHO Class: {246e2928-34b8-48d9-be73-38ba37241e5b} - c:\windows\downloaded program files\UserZoom.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett- packard\digital imaging\bin\hpqtra08.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11 \REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b -a074-469358f075a6/OGAControl.cab DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.commissarycoupons.com/scriptx/smsx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9- 9B0E-1719D1177202/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://myspace.oberon-media.com/gameshell/games/channel-- 110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows- i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows- i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows- i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows- i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows- i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows- i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows- i586.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} - hxxps://server.userzoom.com/uz/UserZoom.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} - hxxp://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D} : DhcpNameServer = 192.168.2.1 Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32 \advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-06-26 16:53:59 54016 ----a-w- c:\windows\system32\drivers\fnwg.sys 2012-06-26 16:27:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 12:32:40 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 12:32:14 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 12:32:09 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-22 12:32:09 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-09 17:07:06 -------- d-----w- c:\program files\Sibelius Software . ==================== Find3M ==================== . 2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec 2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-05 00:27:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 00:27:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-10-28 19:57:08 774144 ----a-w- c:\program files\RngInterstitial.dll . ============= FINISH: 11:55:36.72 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader X (10.1.3) Adobe Setup Adobe Shockwave Player 11.5 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AIO_Scan Amazon Kindle Amazon MP3 Downloader 1.0.12 Apple Application Support Apple Mobile Device Support Audacity 1.2.6 AutoUpdate AVG 2012 Bing Bar Bing Rewards Client Installer Bonjour BufferChm C4200 C4200_doccd c4200_Help CCleaner Citrix Presentation Server Web Client for Win32 Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows Creative System Information Creative ZEN Destination Component DeviceDiscovery DeviceManagementQFolder DivX DocProc DocProcQFolder e-Sword Enhanced Multimedia Keyboard Solution eSupportQFolder Eye Candy 4000 Feedback Tool Free Window Registry Repair Funnix Begin Reading 1-40 GOM Player Google Desktop Search Google Toolbar for Internet Explorer Google Update Helper Graphmatica Hardware Diagnostic Tools honestech Audio Recorder 2.0 Deluxe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Feedback HP Easy Setup - Core HP Easy Setup - Frontend HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Picasso Media Center Add-In HP Smart Web Printing HP Solution Center 9.0 HP Total Care Advisor HP Update HPProductAssistant HPSSupply Internet Explorer (Enable DEP) Japanese Fonts Support For Adobe Reader 9 Java Auto Updater Java 6 Update 2 Java 6 Update 23 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Java SE Runtime Environment 6 Update 1 LightScribe 1.4.124.1 Macromedia Dreamweaver 8 Macromedia Dreamweaver MX Macromedia Extension Manager Macromedia Fireworks MX 2004 Macromedia Flash MX Malwarebytes Anti-Malware version 1.61.0.1400 Master Your CDC 3.0 Math Mechanixs Math Trek 1, 2, 3 Math Trek 4, 5, 6 MathPlayer MathType 6 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 3.5 SP1 Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office FrontPage 2003 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MobTime Cell Phone Manager V6.6.5 Monopoly Here & Now Edition (remove only) Motorola Driver Installation 3.2.0 Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multiplex 1.0 muvee autoProducer 5.0 MyDefrag v4.2.7 NOOK for PC NVIDIA Drivers OcxSetup OGA Notifier 2.0.0048.0 Oracle JInitiator 1.3.1.17 PDF Settings PDG Gold 4.0 PDG GOLD NCO - 2011 Phonics Power Tab Editor 1.7 PRS-500 USB driver PS_AIO_ProductContext PS_AIO_Software PS_AIO_Software_min PSSWCORE PureEdge Viewer 6.5 Python 2.4.3 QuickTime QuickTime Alternative 1.81 Reader Library by Sony Reading Realtek High Definition Audio Driver Recuva Revo Uninstaller 1.94 Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Sibelius Scorch (ActiveX Only) SimCity 4 Deluxe Soft Data Fax Modem with SmartCP SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 Status SUPERAntiSpyware Toolbox TrayApp Trigonometry Solved! TweakNow PowerPack 2010 TweakNow RegCleaner UMS 9.9 equation UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition VideoToolkit01 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebEx Support Manager for Internet Explorer WebReg Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) WinRAR archiver Yahoo! BrowserPlus 2.8.1 Yahoo! Install Manager Yahoo! Messenger Yahoo! Software Update ZENcast Organizer . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.