jwill80

Yet another WhiteSmoke infection

30 posts in this topic

Whitesmoke toolbar showing up on Firefox.

Here is the DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0

Run by John at 18:49:00 on 2012-06-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.979 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

uSearch Bar = Preserve

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live

\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [Apple Computer] rundll32.exe "c:\users\john\appdata\local\dfx\apple computer\ryspolxg.dll",CreateInstance

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\john\appdata\local\temp\{1f622389-e184-41f9-

b1df-77198c1e351c}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: samsung.com\www

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199

TCP: Interfaces\{9320F265-75F3-49E1-8F5C-85C423F568FD} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733} : DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199

TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\4646D2772747 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\7596C6C69616D637 : DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199

TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\7657563747 : DhcpNameServer = 10.12.10.1 10.21.35.10 10.18.35.10

TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\8416E637 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q=

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll

FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\extensions\devicedetection@logitech.com\plugins

\npLogitechDeviceDetection.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-21 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-3 337880]

R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2011-4-3 1984]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-3 20696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-3 57688]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-25 44768]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2011-8-23 11392]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-28 257224]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-22 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-22 8456]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-1-21 33792]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-4-3 81168]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-2-8 20080]

S3 PS3 Media Server;PS3 Media Server; [x]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-8-14 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-8-14 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-8-14 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-8-14 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-8-14 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-8-14 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-8-14 115752]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-12 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-06-22 14:24:39 -------- d-----w- c:\users\john\appdata\roaming\SUPERAntiSpyware.com

2012-06-22 14:24:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-22 14:24:03 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-22 10:51:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6186e0e-a18a-4034-820d-

3c8e137af848}\offreg.dll

2012-06-22 10:50:04 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6186e0e-a18a-4034-820d-

3c8e137af848}\mpengine.dll

2012-06-22 10:47:09 -------- d-----w- c:\users\john\appdata\local\{5C63912F-64A9-4357-A592-D3B6FCDCC623}

2012-06-22 10:46:43 -------- d-----w- c:\users\john\appdata\local\{48D66B41-BBD3-48B8-AB81-66E0C5D07EDD}

2012-06-21 19:05:45 -------- d-----w- c:\users\john\appdata\local\{AD727E21-C105-46E3-BD0C-A9FBDDBFDCA3}

2012-06-21 19:05:34 -------- d-----w- c:\users\john\appdata\local\{735FCF54-B3C1-477C-A284-6E3045CFD476}

2012-06-21 14:34:04 -------- d-----w- c:\users\john\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-06-21 11:12:58 -------- d-----w- c:\windows\en

2012-06-21 11:06:03 -------- d-----w- c:\program files\Adobe Download Assistant

2012-06-21 11:05:30 -------- d-----w- c:\users\john\appdata\local\{3AE0167D-9012-41F3-A58A-F2FC68DEDA0A}

2012-06-21 11:04:37 -------- d-----w- c:\program files\Conduit

2012-06-21 11:04:28 -------- d-----w- c:\users\john\appdata\local\Conduit

2012-06-21 11:00:56 15712 ----a-w- c:\program files\common files\windows live\.cache\21d76b571cd4f9d02\MeshBetaRemover.exe

2012-06-21 11:00:55 537432 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\DXSETUP.exe

2012-06-21 11:00:54 89944 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\DSETUP.dll

2012-06-21 11:00:54 1801048 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\dsetup32.dll

2012-06-21 11:00:39 -------- d-----w- c:\users\john\appdata\local\{58FD684D-33C4-42FD-955A-EA9A4EFF2759}

2012-06-21 11:00:02 -------- d-----w- c:\users\john\appdata\local\{7E08D90A-6206-4B6E-A67C-F9F1A1D557BA}

2012-06-21 10:59:52 -------- d-----w- c:\users\john\appdata\local\{FDF459AA-A107-458F-BC28-BF84B1277EE0}

2012-06-21 10:53:52 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 10:53:52 -------- d-----w- c:\users\john\appdata\local\{9F7C556B-138A-4C08-A717-8D8B66764E3D}

2012-06-21 10:53:23 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 10:53:13 -------- d-----w- c:\users\john\appdata\local\{BAC24AA7-A921-4004-AF0E-03324984E623}

2012-06-21 10:52:47 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 10:52:47 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-20 13:37:43 -------- d-----w- c:\users\john\appdata\local\{D4FD3AB5-3316-47EA-87C9-5DDE9B1C27B0}

2012-06-20 13:37:25 -------- d-----w- c:\users\john\appdata\local\{95881B8A-0EBA-40E4-B504-D89128B130B4}

2012-06-16 02:19:26 -------- d-----w- c:\users\john\appdata\local\{49D61010-7B3F-42DB-B396-9911E33223EF}

2012-06-15 13:54:07 -------- d-----w- c:\users\john\appdata\local\{6F23AAB4-13B6-4EA6-BB4C-B4BB2942B2C0}

2012-06-15 01:04:07 -------- d-----w- c:\users\john\appdata\local\{DC1D7565-84E0-4BC2-BF99-9B8D3CEFC244}

2012-06-13 11:40:58 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 11:40:56 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-13 11:40:54 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 11:40:52 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 11:40:52 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 11:40:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 11:40:49 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 11:40:38 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 11:40:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 11:40:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-11 16:54:00 -------- d-----w- c:\users\john\appdata\local\Macromedia

2012-06-06 22:02:21 -------- d-----w- c:\users\john\appdata\local\{A23D4AC7-8DAF-4282-94BD-23391ED1229E}

2012-06-06 22:02:10 -------- d-----w- c:\users\john\appdata\local\{5ADF7BBA-1F5C-4F81-B093-42210A008A94}

2012-06-06 16:45:01 -------- d-----w- c:\users\john\appdata\local\{502BA10A-2CD7-4F9E-86C5-14532F5A0F64}

2012-06-06 16:44:49 -------- d-----w- c:\users\john\appdata\local\{2AFCFD8C-E193-4353-A5D9-7157F65D5E1D}

2012-06-03 23:55:21 -------- d-----w- c:\users\john\appdata\local\{7E6E0E4B-E1D9-4891-8A69-2D0A19F68302}

2012-06-03 23:55:08 -------- d-----w- c:\users\john\appdata\local\{973C4EE3-AEFA-4154-A1FC-51B302A0354E}

2012-05-29 01:33:32 -------- d-----w- c:\users\john\appdata\local\{07E6DAB2-8ACA-49D4-868F-AFAC19089DDA}

2012-05-28 14:05:18 -------- d-----w- c:\users\john\appdata\local\3DVIA

2012-05-28 14:04:57 -------- d-----w- c:\programdata\3DVIA

2012-05-28 14:04:56 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-05-28 14:04:55 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2012-05-28 14:04:51 -------- d-----w- c:\program files\Virtools

2012-05-28 13:36:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-06-11 16:52:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-24 16:57:34 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

============= FINISH: 18:49:50.72 ===============

Share this post


Link to post
Share on other sites

Hello and welcome to MalwareBytes forums.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Look on your Desktop. There should be a log file named ATTACH.txt.

Use NOTEPAD to open it. Copy all the contents, and Paste into your next reply.

Your log shows uTorrent, which is not recommended, since peer-to-peer filesharing is a avenue for malware to spread.

Use Control Panel's Programs and Features. Locate it. and right click on uTorrent and select Un-install.

Confirm that in your reply.

Share this post


Link to post
Share on other sites

Here is contents of the ATTACH.txt file:

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/3/2010 3:10:25 PM

System Uptime: 6/22/2012 4:22:38 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0U990C

Processor: Intel® Celeron® CPU 550 @ 2.00GHz | Microprocessor | 1995/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 114.626 GiB free.

D: is CDROM ()

F: is FIXED (FAT32) - 75 GiB total, 45.213 GiB free.

G: is CDROM ()

X: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP415: 6/5/2012 7:14:22 AM - Windows Update

RP416: 6/8/2012 7:36:42 AM - Windows Update

RP417: 6/12/2012 7:34:13 AM - Windows Update

RP418: 6/13/2012 10:31:51 PM - Windows Update

RP419: 6/19/2012 7:40:19 AM - Windows Update

RP420: 6/21/2012 6:52:16 AM - Windows Update

RP422: 6/21/2012 7:00:53 AM - Windows Live Essentials

RP424: 6/21/2012 7:03:21 AM - Installed DirectX

RP426: 6/21/2012 7:04:54 AM - Installed DirectX

RP428: 6/21/2012 8:18:25 AM - Windows Live Essentials

RP430: 6/21/2012 8:20:28 AM - Installed DirectX

RP432: 6/21/2012 8:21:43 AM - Installed DirectX

RP433: 6/21/2012 8:22:09 AM - WLSetup

RP435: 6/21/2012 10:40:46 AM - Removed RollerCoaster Tycoon 2 Triple Thrill Pack

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

32 Bit HP CIO Components Installer

3DVIA player 5.0.0.20

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

Audacity 1.2.6

avast! Free Antivirus

calibre

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP640 series MP Drivers

Canon MP640 series User Registration

Canon Utilities My Printer

D3DX10

EASEUS Partition Master 8.0.1 Home Edition

eReg

Free M4a to MP3 Converter 7.0

Free Mp3 Wma Converter V 2.2

Free Window Registry Repair

Hamster Free EbookConverter

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

HP Photosmart D110 All-In-One Driver 14.0 Rel. 7

ImagXpress

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Java Auto Updater

Java 6 Update 29

Java 7 Update 2

Junk Mail filter update

LAME v3.98.2 for Audacity

Logitech SetPoint 6.22

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Management Studio

Microsoft SQL Server 2008 RsFx Driver

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

Mp3tag v2.49

MS Access 97 SP2

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

Network

OGA Notifier 2.0.0048.0

PeerBlock 1.1 (r518)

PowerISO

PS_AIO_07_D110_SW_Min

PS3 Media Server

QuickTime

RCT3 Soaked

RICOH R5U8xx Media Driver ver.3.62.02

RollerCoaster Tycoon 2 Triple Thrill Pack

RollerCoaster Tycoon® 3

Sansa Updater

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Sql Server Customer Experience Improvement Program

SUPERAntiSpyware

swMSM

Toolbox

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

6/22/2012 6:46:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.

6/22/2012 5:35:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

6/22/2012 4:43:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

6/22/2012 10:14:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSLPSVC service.

6/22/2012 1:59:54 PM, Error: Service Control Manager [7000] - The DUALSHOCK3 Controller HID Minidriver (USB) Beta service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/22/2012 1:59:54 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

6/22/2012 1:59:28 PM, Error: volmgr [46] - Crash dump initialization failed!

6/21/2012 12:46:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

6/21/2012 12:38:54 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

6/17/2012 2:25:17 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.

6/16/2012 9:08:08 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer EDWIN-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD4B7C28-244C-43F0-8FA2-14EDF80. The master browser is stopping or an election is being forced.

6/15/2012 11:57:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUDITHSTUSS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD4B7C28-244C-43F0-8FA2-14E. The master browser is stopping or an election is being forced.

6/15/2012 11:08:55 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.123. The computer with the IP address 192.168.1.125 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

Utorrent has been uninstalled. Thank you for the fast reply.

Share this post


Link to post
Share on other sites

Turn off your antivirus program so that it does not interfere.

Step 2

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

http://support.kaspe.../tdsskiller.exe

and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

Share this post


Link to post
Share on other sites

Having an issue on step 3, getting a pop-up box that says:

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" refers to a location that is unavailable.

Followed the directions exactly,not sure what happened.

Share this post


Link to post
Share on other sites

Disregard that last post. Here is the TDSSKiller report:

00:21:00.0307 4384 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

00:21:00.0650 4384 ============================================================

00:21:00.0650 4384 Current date / time: 2012/06/23 00:21:00.0650

00:21:00.0650 4384 SystemInfo:

00:21:00.0650 4384

00:21:00.0650 4384 OS Version: 6.1.7601 ServicePack: 1.0

00:21:00.0650 4384 Product type: Workstation

00:21:00.0651 4384 ComputerName: JOHN-LAPTOP

00:21:00.0651 4384 UserName: John

00:21:00.0651 4384 Windows directory: C:\Windows

00:21:00.0651 4384 System windows directory: C:\Windows

00:21:00.0651 4384 Processor architecture: Intel x86

00:21:00.0651 4384 Number of processors: 1

00:21:00.0651 4384 Page size: 0x1000

00:21:00.0651 4384 Boot type: Normal boot

00:21:00.0651 4384 ============================================================

00:21:02.0657 4384 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

00:21:02.0663 4384 ============================================================

00:21:02.0663 4384 \Device\Harddisk0\DR0:

00:21:02.0664 4384 MBR partitions:

00:21:02.0664 4384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

00:21:02.0664 4384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800

00:21:02.0664 4384 ============================================================

00:21:02.0697 4384 C: <-> \Device\Harddisk0\DR0\Partition1

00:21:02.0697 4384 ============================================================

00:21:02.0697 4384 Initialize success

00:21:02.0697 4384 ============================================================

00:21:04.0997 1652 ============================================================

00:21:04.0997 1652 Scan started

00:21:04.0997 1652 Mode: Manual;

00:21:04.0997 1652 ============================================================

00:21:05.0825 1652 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

00:21:05.0827 1652 !SASCORE - ok

00:21:06.0055 1652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

00:21:06.0057 1652 1394ohci - ok

00:21:06.0108 1652 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

00:21:06.0111 1652 ACPI - ok

00:21:06.0160 1652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

00:21:06.0161 1652 AcpiPmi - ok

00:21:06.0189 1652 adfs - ok

00:21:06.0295 1652 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

00:21:06.0297 1652 AdobeFlashPlayerUpdateSvc - ok

00:21:06.0375 1652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

00:21:06.0379 1652 adp94xx - ok

00:21:06.0419 1652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

00:21:06.0422 1652 adpahci - ok

00:21:06.0448 1652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

00:21:06.0450 1652 adpu320 - ok

00:21:06.0496 1652 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

00:21:06.0498 1652 AeLookupSvc - ok

00:21:06.0576 1652 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

00:21:06.0580 1652 AFD - ok

00:21:06.0623 1652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

00:21:06.0624 1652 agp440 - ok

00:21:06.0661 1652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

00:21:06.0663 1652 aic78xx - ok

00:21:06.0706 1652 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

00:21:06.0708 1652 ALG - ok

00:21:06.0725 1652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

00:21:06.0726 1652 aliide - ok

00:21:06.0771 1652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

00:21:06.0773 1652 amdagp - ok

00:21:06.0798 1652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

00:21:06.0800 1652 amdide - ok

00:21:06.0856 1652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

00:21:06.0858 1652 AmdK8 - ok

00:21:06.0880 1652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

00:21:06.0882 1652 AmdPPM - ok

00:21:06.0923 1652 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

00:21:06.0924 1652 amdsata - ok

00:21:06.0960 1652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

00:21:06.0962 1652 amdsbs - ok

00:21:06.0975 1652 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

00:21:06.0976 1652 amdxata - ok

00:21:07.0061 1652 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

00:21:07.0063 1652 AppID - ok

00:21:07.0101 1652 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

00:21:07.0104 1652 AppIDSvc - ok

00:21:07.0168 1652 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

00:21:07.0172 1652 Appinfo - ok

00:21:07.0248 1652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

00:21:07.0249 1652 arc - ok

00:21:07.0272 1652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

00:21:07.0273 1652 arcsas - ok

00:21:07.0328 1652 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys

00:21:07.0329 1652 aswFsBlk - ok

00:21:07.0376 1652 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys

00:21:07.0377 1652 aswMonFlt - ok

00:21:07.0434 1652 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys

00:21:07.0436 1652 aswRdr - ok

00:21:07.0559 1652 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys

00:21:07.0565 1652 aswSnx - ok

00:21:07.0627 1652 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys

00:21:07.0630 1652 aswSP - ok

00:21:07.0667 1652 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys

00:21:07.0669 1652 aswTdi - ok

00:21:07.0707 1652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

00:21:07.0709 1652 AsyncMac - ok

00:21:07.0745 1652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

00:21:07.0746 1652 atapi - ok

00:21:07.0837 1652 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

00:21:07.0842 1652 AudioEndpointBuilder - ok

00:21:07.0856 1652 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

00:21:07.0866 1652 Audiosrv - ok

00:21:07.0945 1652 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

00:21:07.0946 1652 avast! Antivirus - ok

00:21:08.0010 1652 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

00:21:08.0012 1652 AxInstSV - ok

00:21:08.0091 1652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

00:21:08.0095 1652 b06bdrv - ok

00:21:08.0162 1652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

00:21:08.0165 1652 b57nd60x - ok

00:21:08.0384 1652 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys

00:21:08.0405 1652 BCM43XX - ok

00:21:08.0704 1652 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

00:21:08.0707 1652 BDESVC - ok

00:21:08.0778 1652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

00:21:08.0779 1652 Beep - ok

00:21:09.0063 1652 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

00:21:09.0070 1652 BFE - ok

00:21:09.0306 1652 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll

00:21:09.0319 1652 BITS - ok

00:21:09.0347 1652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

00:21:09.0348 1652 blbdrive - ok

00:21:09.0412 1652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

00:21:09.0413 1652 bowser - ok

00:21:09.0436 1652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:21:09.0437 1652 BrFiltLo - ok

00:21:09.0539 1652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:21:09.0540 1652 BrFiltUp - ok

00:21:09.0603 1652 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

00:21:09.0605 1652 BridgeMP - ok

00:21:09.0670 1652 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

00:21:09.0672 1652 Browser - ok

00:21:09.0881 1652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

00:21:09.0884 1652 Brserid - ok

00:21:09.0906 1652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

00:21:09.0907 1652 BrSerWdm - ok

00:21:09.0938 1652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:21:09.0939 1652 BrUsbMdm - ok

00:21:10.0061 1652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

00:21:10.0062 1652 BrUsbSer - ok

00:21:10.0190 1652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

00:21:10.0192 1652 BTHMODEM - ok

00:21:10.0263 1652 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

00:21:10.0266 1652 bthserv - ok

00:21:10.0353 1652 catchme - ok

00:21:10.0480 1652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

00:21:10.0482 1652 cdfs - ok

00:21:10.0638 1652 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

00:21:10.0640 1652 cdrom - ok

00:21:10.0717 1652 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

00:21:10.0719 1652 CertPropSvc - ok

00:21:10.0750 1652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

00:21:10.0752 1652 circlass - ok

00:21:10.0826 1652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

00:21:10.0833 1652 CLFS - ok

00:21:11.0028 1652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:21:11.0030 1652 clr_optimization_v2.0.50727_32 - ok

00:21:11.0134 1652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:21:11.0137 1652 clr_optimization_v4.0.30319_32 - ok

00:21:11.0174 1652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

00:21:11.0175 1652 CmBatt - ok

00:21:11.0342 1652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

00:21:11.0343 1652 cmdide - ok

00:21:11.0406 1652 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

00:21:11.0410 1652 CNG - ok

00:21:11.0450 1652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

00:21:11.0452 1652 Compbatt - ok

00:21:11.0493 1652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

00:21:11.0496 1652 CompositeBus - ok

00:21:11.0525 1652 COMSysApp - ok

00:21:11.0553 1652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

00:21:11.0554 1652 crcdisk - ok

00:21:11.0658 1652 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll

00:21:11.0661 1652 CryptSvc - ok

00:21:11.0741 1652 dc3d (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys

00:21:11.0743 1652 dc3d - ok

00:21:11.0816 1652 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

00:21:11.0824 1652 DcomLaunch - ok

00:21:11.0863 1652 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

00:21:11.0869 1652 defragsvc - ok

00:21:11.0918 1652 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

00:21:11.0920 1652 DfsC - ok

00:21:12.0003 1652 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

00:21:12.0007 1652 Dhcp - ok

00:21:12.0031 1652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

00:21:12.0043 1652 discache - ok

00:21:12.0104 1652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

00:21:12.0106 1652 Disk - ok

00:21:12.0159 1652 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

00:21:12.0163 1652 Dnscache - ok

00:21:12.0221 1652 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

00:21:12.0225 1652 dot3svc - ok

00:21:12.0307 1652 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

00:21:12.0310 1652 Dot4 - ok

00:21:12.0359 1652 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys

00:21:12.0361 1652 Dot4Print - ok

00:21:12.0387 1652 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

00:21:12.0389 1652 dot4usb - ok

00:21:12.0437 1652 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

00:21:12.0441 1652 DPS - ok

00:21:12.0487 1652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

00:21:12.0489 1652 drmkaud - ok

00:21:12.0550 1652 dualshock3 (d9d593f97d2004e92e18fab0b6f7fe48) C:\Windows\system32\DRIVERS\dualshock3.sys

00:21:12.0552 1652 dualshock3 - ok

00:21:12.0653 1652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

00:21:12.0660 1652 DXGKrnl - ok

00:21:12.0703 1652 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

00:21:12.0707 1652 EapHost - ok

00:21:12.0944 1652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

00:21:12.0968 1652 ebdrv - ok

00:21:13.0100 1652 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

00:21:13.0106 1652 EFS - ok

00:21:13.0221 1652 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

00:21:13.0231 1652 ehRecvr - ok

00:21:13.0299 1652 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

00:21:13.0301 1652 ehSched - ok

00:21:13.0403 1652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

00:21:13.0407 1652 elxstor - ok

00:21:13.0475 1652 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys

00:21:13.0483 1652 epmntdrv - ok

00:21:13.0550 1652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

00:21:13.0552 1652 ErrDev - ok

00:21:13.0640 1652 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys

00:21:13.0643 1652 EuGdiDrv - ok

00:21:13.0741 1652 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

00:21:13.0745 1652 EventSystem - ok

00:21:13.0782 1652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

00:21:13.0784 1652 exfat - ok

00:21:13.0814 1652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

00:21:13.0816 1652 fastfat - ok

00:21:13.0898 1652 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

00:21:13.0905 1652 Fax - ok

00:21:13.0927 1652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

00:21:13.0929 1652 fdc - ok

00:21:13.0973 1652 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

00:21:13.0978 1652 fdPHost - ok

00:21:14.0015 1652 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

00:21:14.0018 1652 FDResPub - ok

00:21:14.0044 1652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

00:21:14.0046 1652 FileInfo - ok

00:21:14.0075 1652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

00:21:14.0076 1652 Filetrace - ok

00:21:14.0098 1652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

00:21:14.0099 1652 flpydisk - ok

00:21:14.0141 1652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

00:21:14.0144 1652 FltMgr - ok

00:21:14.0297 1652 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

00:21:14.0306 1652 FontCache - ok

00:21:14.0425 1652 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

00:21:14.0426 1652 FontCache3.0.0.0 - ok

00:21:14.0476 1652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

00:21:14.0477 1652 FsDepends - ok

00:21:14.0516 1652 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

00:21:14.0517 1652 Fs_Rec - ok

00:21:14.0591 1652 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

00:21:14.0594 1652 fvevol - ok

00:21:14.0642 1652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:21:14.0644 1652 gagp30kx - ok

00:21:14.0712 1652 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

00:21:14.0719 1652 gpsvc - ok

00:21:14.0750 1652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

00:21:14.0751 1652 hcw85cir - ok

00:21:14.0849 1652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

00:21:14.0852 1652 HdAudAddService - ok

00:21:14.0888 1652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

00:21:14.0892 1652 HDAudBus - ok

00:21:14.0910 1652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

00:21:14.0911 1652 HidBatt - ok

00:21:14.0950 1652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

00:21:14.0952 1652 HidBth - ok

00:21:14.0995 1652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

00:21:14.0997 1652 HidIr - ok

00:21:15.0035 1652 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

00:21:15.0038 1652 hidserv - ok

00:21:15.0094 1652 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

00:21:15.0096 1652 HidUsb - ok

00:21:15.0148 1652 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

00:21:15.0152 1652 hkmsvc - ok

00:21:15.0202 1652 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

00:21:15.0207 1652 HomeGroupListener - ok

00:21:15.0273 1652 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

00:21:15.0282 1652 HomeGroupProvider - ok

00:21:15.0353 1652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

00:21:15.0355 1652 HpSAMD - ok

00:21:15.0584 1652 HPSLPSVC (9d23402d305869844bc6004a05cc74ba) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

00:21:15.0590 1652 HPSLPSVC - ok

00:21:15.0690 1652 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

00:21:15.0695 1652 HTTP - ok

00:21:15.0745 1652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

00:21:15.0746 1652 hwpolicy - ok

00:21:15.0807 1652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

00:21:15.0811 1652 i8042prt - ok

00:21:15.0888 1652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

00:21:15.0891 1652 iaStorV - ok

00:21:16.0036 1652 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

00:21:16.0044 1652 idsvc - ok

00:21:16.0379 1652 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

00:21:16.0417 1652 igfx - ok

00:21:16.0614 1652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

00:21:16.0616 1652 iirsp - ok

00:21:16.0714 1652 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

00:21:16.0722 1652 IKEEXT - ok

00:21:16.0777 1652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

00:21:16.0780 1652 intelide - ok

00:21:16.0817 1652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

00:21:16.0818 1652 intelppm - ok

00:21:16.0877 1652 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

00:21:16.0882 1652 IPBusEnum - ok

00:21:16.0917 1652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:21:16.0919 1652 IpFilterDriver - ok

00:21:16.0996 1652 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

00:21:17.0004 1652 iphlpsvc - ok

00:21:17.0069 1652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

00:21:17.0070 1652 IPMIDRV - ok

00:21:17.0114 1652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

00:21:17.0116 1652 IPNAT - ok

00:21:17.0151 1652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

00:21:17.0152 1652 IRENUM - ok

00:21:17.0178 1652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

00:21:17.0182 1652 isapnp - ok

00:21:17.0246 1652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

00:21:17.0249 1652 iScsiPrt - ok

00:21:17.0289 1652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

00:21:17.0291 1652 kbdclass - ok

00:21:17.0341 1652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

00:21:17.0343 1652 kbdhid - ok

00:21:17.0393 1652 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:21:17.0399 1652 KeyIso - ok

00:21:17.0423 1652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

00:21:17.0425 1652 KSecDD - ok

00:21:17.0457 1652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

00:21:17.0459 1652 KSecPkg - ok

00:21:17.0516 1652 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

00:21:17.0522 1652 KtmRm - ok

00:21:17.0577 1652 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

00:21:17.0601 1652 LanmanServer - ok

00:21:17.0653 1652 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

00:21:17.0660 1652 LanmanWorkstation - ok

00:21:17.0850 1652 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

00:21:17.0853 1652 LBTServ - ok

00:21:17.0916 1652 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys

00:21:17.0918 1652 LHidFilt - ok

00:21:18.0013 1652 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys

00:21:18.0017 1652 libusb0 - ok

00:21:18.0067 1652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

00:21:18.0069 1652 lltdio - ok

00:21:18.0121 1652 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

00:21:18.0126 1652 lltdsvc - ok

00:21:18.0151 1652 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

00:21:18.0155 1652 lmhosts - ok

00:21:18.0206 1652 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys

00:21:18.0208 1652 LMouFilt - ok

00:21:18.0258 1652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:21:18.0260 1652 LSI_FC - ok

00:21:18.0289 1652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:21:18.0290 1652 LSI_SAS - ok

00:21:18.0320 1652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:21:18.0322 1652 LSI_SAS2 - ok

00:21:18.0354 1652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:21:18.0356 1652 LSI_SCSI - ok

00:21:18.0380 1652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

00:21:18.0384 1652 luafv - ok

00:21:18.0441 1652 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

00:21:18.0443 1652 mcdbus - ok

00:21:18.0504 1652 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

00:21:18.0508 1652 Mcx2Svc - ok

00:21:18.0537 1652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

00:21:18.0538 1652 megasas - ok

00:21:18.0572 1652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

00:21:18.0575 1652 MegaSR - ok

00:21:18.0624 1652 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

00:21:18.0629 1652 MMCSS - ok

00:21:18.0652 1652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

00:21:18.0654 1652 Modem - ok

00:21:18.0693 1652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

00:21:18.0694 1652 monitor - ok

00:21:18.0757 1652 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys

00:21:18.0759 1652 MotioninJoyXFilter - ok

00:21:18.0819 1652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

00:21:18.0821 1652 mouclass - ok

00:21:18.0855 1652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

00:21:18.0856 1652 mouhid - ok

00:21:18.0905 1652 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

00:21:18.0907 1652 mountmgr - ok

00:21:18.0999 1652 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

00:21:19.0003 1652 MozillaMaintenance - ok

00:21:19.0066 1652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

00:21:19.0070 1652 mpio - ok

00:21:19.0107 1652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

00:21:19.0108 1652 mpsdrv - ok

00:21:19.0175 1652 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

00:21:19.0184 1652 MpsSvc - ok

00:21:19.0253 1652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

00:21:19.0255 1652 MRxDAV - ok

00:21:19.0327 1652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:21:19.0329 1652 mrxsmb - ok

00:21:19.0392 1652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:21:19.0395 1652 mrxsmb10 - ok

00:21:19.0426 1652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:21:19.0428 1652 mrxsmb20 - ok

00:21:19.0454 1652 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

00:21:19.0456 1652 msahci - ok

00:21:19.0485 1652 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

00:21:19.0489 1652 msdsm - ok

00:21:19.0541 1652 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

00:21:19.0546 1652 MSDTC - ok

00:21:19.0606 1652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

00:21:19.0608 1652 Msfs - ok

00:21:19.0640 1652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

00:21:19.0641 1652 mshidkmdf - ok

00:21:19.0660 1652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

00:21:19.0661 1652 msisadrv - ok

00:21:19.0723 1652 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

00:21:19.0727 1652 MSiSCSI - ok

00:21:19.0741 1652 msiserver - ok

00:21:19.0786 1652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

00:21:19.0788 1652 MSKSSRV - ok

00:21:19.0817 1652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

00:21:19.0818 1652 MSPCLOCK - ok

00:21:19.0834 1652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

00:21:19.0838 1652 MSPQM - ok

00:21:19.0892 1652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

00:21:19.0894 1652 MsRPC - ok

00:21:19.0944 1652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

00:21:19.0945 1652 mssmbios - ok

00:21:20.0288 1652 MSSQL$SQLEXPRESS - ok

00:21:20.0342 1652 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

00:21:20.0344 1652 MSSQLServerADHelper100 - ok

00:21:20.0428 1652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

00:21:20.0429 1652 MSTEE - ok

00:21:20.0573 1652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

00:21:20.0574 1652 MTConfig - ok

00:21:21.0027 1652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

00:21:21.0029 1652 Mup - ok

00:21:22.0256 1652 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

00:21:22.0264 1652 napagent - ok

00:21:22.0306 1652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

00:21:22.0311 1652 NativeWifiP - ok

00:21:22.0391 1652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

00:21:22.0397 1652 NDIS - ok

00:21:22.0433 1652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

00:21:22.0434 1652 NdisCap - ok

00:21:22.0469 1652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

00:21:22.0471 1652 NdisTapi - ok

00:21:22.0511 1652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

00:21:22.0512 1652 Ndisuio - ok

00:21:22.0557 1652 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

00:21:22.0559 1652 NdisWan - ok

00:21:22.0636 1652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

00:21:22.0638 1652 NDProxy - ok

00:21:22.0684 1652 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll

00:21:22.0688 1652 Net Driver HPZ12 - ok

00:21:22.0745 1652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

00:21:22.0747 1652 NetBIOS - ok

00:21:22.0805 1652 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

00:21:22.0808 1652 NetBT - ok

00:21:22.0850 1652 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:21:22.0854 1652 Netlogon - ok

00:21:22.0936 1652 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

00:21:22.0947 1652 Netman - ok

00:21:22.0997 1652 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

00:21:23.0005 1652 netprofm - ok

00:21:23.0140 1652 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:21:23.0142 1652 NetTcpPortSharing - ok

00:21:23.0206 1652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

00:21:23.0208 1652 nfrd960 - ok

00:21:23.0278 1652 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

00:21:23.0289 1652 NlaSvc - ok

00:21:23.0316 1652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

00:21:23.0317 1652 Npfs - ok

00:21:23.0335 1652 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

00:21:23.0341 1652 nsi - ok

00:21:23.0366 1652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

00:21:23.0367 1652 nsiproxy - ok

00:21:23.0495 1652 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

00:21:23.0505 1652 Ntfs - ok

00:21:23.0566 1652 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys

00:21:23.0568 1652 NuidFltr - ok

00:21:23.0593 1652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

00:21:23.0597 1652 Null - ok

00:21:23.0644 1652 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

00:21:23.0648 1652 nvraid - ok

00:21:23.0674 1652 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

00:21:23.0676 1652 nvstor - ok

00:21:23.0733 1652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

00:21:23.0735 1652 nv_agp - ok

00:21:23.0854 1652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

00:21:23.0858 1652 odserv - ok

00:21:23.0897 1652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

00:21:23.0899 1652 ohci1394 - ok

00:21:23.0952 1652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:21:23.0953 1652 ose - ok

00:21:24.0009 1652 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

00:21:24.0016 1652 p2pimsvc - ok

00:21:24.0061 1652 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

00:21:24.0069 1652 p2psvc - ok

00:21:24.0164 1652 papycpu (8051a829dc5544c55fb647447c4b0286) C:\Windows\system32\drivers\papycpu.sys

00:21:24.0166 1652 papycpu - ok

00:21:24.0251 1652 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\Windows\System32\DRIVERS\papycpu2.sys

00:21:24.0252 1652 papycpu2 - ok

00:21:24.0273 1652 papyjoy (a4b3fb04a3f6367bc264e8addcae2a48) C:\Windows\system32\drivers\papyjoy.sys

00:21:24.0274 1652 papyjoy - ok

00:21:24.0320 1652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

00:21:24.0321 1652 Parport - ok

00:21:24.0361 1652 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

00:21:24.0363 1652 partmgr - ok

00:21:24.0386 1652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

00:21:24.0387 1652 Parvdm - ok

00:21:24.0495 1652 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys

00:21:24.0496 1652 pbfilter - ok

00:21:24.0542 1652 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

00:21:24.0550 1652 PcaSvc - ok

00:21:24.0607 1652 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

00:21:24.0610 1652 pci - ok

00:21:24.0635 1652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

00:21:24.0637 1652 pciide - ok

00:21:24.0675 1652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

00:21:24.0678 1652 pcmcia - ok

00:21:24.0703 1652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

00:21:24.0710 1652 pcw - ok

00:21:24.0767 1652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

00:21:24.0773 1652 PEAUTH - ok

00:21:24.0952 1652 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

00:21:24.0972 1652 pla - ok

00:21:25.0162 1652 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

00:21:25.0170 1652 PlugPlay - ok

00:21:25.0221 1652 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll

00:21:25.0224 1652 Pml Driver HPZ12 - ok

00:21:25.0272 1652 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

00:21:25.0277 1652 PNRPAutoReg - ok

00:21:25.0322 1652 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

00:21:25.0329 1652 PNRPsvc - ok

00:21:25.0410 1652 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

00:21:25.0412 1652 Point32 - ok

00:21:25.0483 1652 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

00:21:25.0489 1652 PolicyAgent - ok

00:21:25.0546 1652 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

00:21:25.0555 1652 Power - ok

00:21:25.0603 1652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

00:21:25.0605 1652 PptpMiniport - ok

00:21:25.0626 1652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

00:21:25.0627 1652 Processor - ok

00:21:25.0686 1652 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll

00:21:25.0692 1652 ProfSvc - ok

00:21:25.0740 1652 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:21:25.0745 1652 ProtectedStorage - ok

00:21:25.0828 1652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

00:21:25.0831 1652 Psched - ok

00:21:25.0948 1652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

00:21:25.0960 1652 ql2300 - ok

00:21:26.0113 1652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

00:21:26.0115 1652 ql40xx - ok

00:21:26.0176 1652 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

00:21:26.0184 1652 QWAVE - ok

00:21:26.0205 1652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

00:21:26.0207 1652 QWAVEdrv - ok

00:21:26.0294 1652 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll

00:21:26.0296 1652 RapiMgr - ok

00:21:26.0323 1652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

00:21:26.0325 1652 RasAcd - ok

00:21:26.0377 1652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:21:26.0379 1652 RasAgileVpn - ok

00:21:26.0407 1652 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

00:21:26.0413 1652 RasAuto - ok

00:21:26.0439 1652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:21:26.0442 1652 Rasl2tp - ok

00:21:26.0531 1652 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

00:21:26.0539 1652 RasMan - ok

00:21:26.0561 1652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

00:21:26.0563 1652 RasPppoe - ok

00:21:26.0591 1652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

00:21:26.0593 1652 RasSstp - ok

00:21:26.0651 1652 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

00:21:26.0655 1652 rdbss - ok

00:21:26.0682 1652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

00:21:26.0683 1652 rdpbus - ok

00:21:26.0722 1652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:21:26.0724 1652 RDPCDD - ok

00:21:26.0765 1652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

00:21:26.0766 1652 RDPENCDD - ok

00:21:26.0795 1652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

00:21:26.0797 1652 RDPREFMP - ok

00:21:26.0839 1652 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys

00:21:26.0842 1652 RDPWD - ok

00:21:26.0898 1652 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

00:21:26.0901 1652 rdyboost - ok

00:21:26.0948 1652 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

00:21:26.0955 1652 RemoteAccess - ok

00:21:27.0015 1652 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

00:21:27.0021 1652 RemoteRegistry - ok

00:21:27.0080 1652 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys

00:21:27.0082 1652 rimmptsk - ok

00:21:27.0141 1652 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys

00:21:27.0143 1652 rimsptsk - ok

00:21:27.0195 1652 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys

00:21:27.0197 1652 rismxdp - ok

00:21:27.0227 1652 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

00:21:27.0233 1652 RpcEptMapper - ok

00:21:27.0280 1652 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

00:21:27.0284 1652 RpcLocator - ok

00:21:27.0347 1652 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

00:21:27.0355 1652 RpcSs - ok

00:21:27.0410 1652 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys

00:21:27.0413 1652 RsFx0102 - ok

00:21:27.0484 1652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

00:21:27.0486 1652 rspndr - ok

00:21:27.0534 1652 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys

00:21:27.0536 1652 s0016bus - ok

00:21:27.0579 1652 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys

00:21:27.0581 1652 s0016mdfl - ok

00:21:27.0636 1652 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys

00:21:27.0641 1652 s0016mdm - ok

00:21:27.0699 1652 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys

00:21:27.0701 1652 s0016mgmt - ok

00:21:27.0757 1652 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys

00:21:27.0758 1652 s0016nd5 - ok

00:21:27.0818 1652 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys

00:21:27.0820 1652 s0016obex - ok

00:21:27.0902 1652 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys

00:21:27.0904 1652 s0016unic - ok

00:21:27.0970 1652 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys

00:21:27.0972 1652 s616bus - ok

00:21:27.0994 1652 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys

00:21:27.0995 1652 s616mdfl - ok

00:21:28.0031 1652 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys

00:21:28.0033 1652 s616mdm - ok

00:21:28.0060 1652 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\Windows\system32\DRIVERS\s616mgmt.sys

00:21:28.0062 1652 s616mgmt - ok

00:21:28.0092 1652 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys

00:21:28.0093 1652 s616nd5 - ok

00:21:28.0126 1652 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys

00:21:28.0128 1652 s616obex - ok

00:21:28.0164 1652 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys

00:21:28.0166 1652 s616unic - ok

00:21:28.0219 1652 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:21:28.0225 1652 SamSs - ok

00:21:28.0329 1652 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

00:21:28.0330 1652 SASDIFSV - ok

00:21:28.0405 1652 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

00:21:28.0407 1652 SASKUTIL - ok

00:21:28.0477 1652 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

00:21:28.0479 1652 sbp2port - ok

00:21:28.0533 1652 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

00:21:28.0539 1652 SCardSvr - ok

00:21:28.0590 1652 SCDEmu (52402149e66200c2c2bda115bca757d6) C:\Windows\system32\drivers\SCDEmu.sys

00:21:28.0594 1652 SCDEmu - ok

00:21:28.0636 1652 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

00:21:28.0638 1652 scfilter - ok

00:21:28.0817 1652 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

00:21:28.0830 1652 Schedule - ok

00:21:28.0886 1652 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

00:21:28.0888 1652 SCPolicySvc - ok

00:21:28.0954 1652 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

00:21:28.0956 1652 sdbus - ok

00:21:29.0017 1652 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

00:21:29.0024 1652 SDRSVC - ok

00:21:29.0116 1652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

00:21:29.0119 1652 secdrv - ok

00:21:29.0233 1652 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

00:21:29.0239 1652 seclogon - ok

00:21:29.0297 1652 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll

00:21:29.0353 1652 SENS - ok

00:21:29.0404 1652 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

00:21:29.0412 1652 SensrSvc - ok

00:21:29.0464 1652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

00:21:29.0466 1652 Serenum - ok

00:21:29.0518 1652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

00:21:29.0520 1652 Serial - ok

00:21:29.0584 1652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

00:21:29.0600 1652 sermouse - ok

00:21:29.0701 1652 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

00:21:29.0733 1652 SessionEnv - ok

00:21:29.0793 1652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

00:21:29.0796 1652 sffdisk - ok

00:21:29.0832 1652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

00:21:29.0834 1652 sffp_mmc - ok

00:21:29.0866 1652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys

00:21:29.0882 1652 sffp_sd - ok

00:21:29.0931 1652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

00:21:29.0933 1652 sfloppy - ok

00:21:30.0028 1652 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

00:21:30.0033 1652 SharedAccess - ok

00:21:30.0201 1652 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

00:21:30.0235 1652 ShellHWDetection - ok

00:21:30.0296 1652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

00:21:30.0298 1652 sisagp - ok

00:21:30.0349 1652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:21:30.0351 1652 SiSRaid2 - ok

00:21:30.0377 1652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

00:21:30.0381 1652 SiSRaid4 - ok

00:21:30.0410 1652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

00:21:30.0414 1652 Smb - ok

00:21:30.0465 1652 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

00:21:30.0471 1652 SNMPTRAP - ok

00:21:30.0490 1652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

00:21:30.0492 1652 spldr - ok

00:21:30.0556 1652 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

00:21:30.0564 1652 Spooler - ok

00:21:30.0806 1652 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

00:21:30.0835 1652 sppsvc - ok

00:21:30.0985 1652 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

00:21:30.0993 1652 sppuinotify - ok

00:21:31.0139 1652 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

00:21:31.0150 1652 SQLAgent$SQLEXPRESS - ok

00:21:31.0227 1652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

00:21:31.0231 1652 srv - ok

00:21:31.0279 1652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

00:21:31.0288 1652 srv2 - ok

00:21:31.0353 1652 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

00:21:31.0356 1652 SrvHsfHDA - ok

00:21:31.0443 1652 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

00:21:31.0452 1652 SrvHsfV92 - ok

00:21:31.0513 1652 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

00:21:31.0519 1652 SrvHsfWinac - ok

00:21:31.0551 1652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

00:21:31.0553 1652 srvnet - ok

00:21:31.0601 1652 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

00:21:31.0608 1652 SSDPSRV - ok

00:21:31.0632 1652 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

00:21:31.0641 1652 SstpSvc - ok

00:21:31.0731 1652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

00:21:31.0733 1652 stexstor - ok

00:21:31.0868 1652 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

00:21:31.0883 1652 StiSvc - ok

00:21:31.0931 1652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

00:21:31.0932 1652 swenum - ok

00:21:31.0969 1652 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

00:21:31.0977 1652 swprv - ok

00:21:32.0105 1652 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

00:21:32.0119 1652 SysMain - ok

00:21:32.0164 1652 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

00:21:32.0173 1652 TabletInputService - ok

00:21:32.0245 1652 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

00:21:32.0253 1652 TapiSrv - ok

00:21:32.0274 1652 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

00:21:32.0281 1652 TBS - ok

00:21:32.0466 1652 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

00:21:32.0476 1652 Tcpip - ok

00:21:32.0508 1652 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

00:21:32.0518 1652 TCPIP6 - ok

00:21:32.0573 1652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

00:21:32.0575 1652 tcpipreg - ok

00:21:32.0637 1652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

00:21:32.0639 1652 TDPIPE - ok

00:21:32.0672 1652 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

00:21:32.0674 1652 TDTCP - ok

00:21:32.0717 1652 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

00:21:32.0721 1652 tdx - ok

00:21:32.0767 1652 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

00:21:32.0771 1652 TermDD - ok

00:21:32.0841 1652 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

00:21:32.0851 1652 TermService - ok

00:21:32.0884 1652 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

00:21:32.0893 1652 Themes - ok

00:21:32.0945 1652 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

00:21:32.0949 1652 THREADORDER - ok

00:21:32.0994 1652 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

00:21:33.0001 1652 TrkWks - ok

00:21:33.0077 1652 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

00:21:33.0079 1652 TrustedInstaller - ok

00:21:33.0110 1652 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:21:33.0112 1652 tssecsrv - ok

00:21:33.0147 1652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

00:21:33.0149 1652 TsUsbFlt - ok

00:21:33.0219 1652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

00:21:33.0224 1652 tunnel - ok

00:21:33.0275 1652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

00:21:33.0277 1652 uagp35 - ok

00:21:33.0343 1652 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

00:21:33.0346 1652 udfs - ok

00:21:33.0402 1652 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

00:21:33.0415 1652 UI0Detect - ok

00:21:33.0460 1652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

00:21:33.0462 1652 uliagpkx - ok

00:21:33.0520 1652 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

00:21:33.0524 1652 umbus - ok

00:21:33.0542 1652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

00:21:33.0544 1652 UmPass - ok

00:21:33.0656 1652 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

00:21:33.0669 1652 upnphost - ok

00:21:33.0729 1652 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

00:21:33.0731 1652 usbaudio - ok

00:21:33.0780 1652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

00:21:33.0782 1652 usbccgp - ok

00:21:33.0827 1652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

00:21:33.0829 1652 usbcir - ok

00:21:33.0874 1652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

00:21:33.0876 1652 usbehci - ok

00:21:33.0948 1652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

00:21:33.0951 1652 usbhub - ok

00:21:33.0997 1652 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

00:21:33.0999 1652 usbohci - ok

00:21:34.0021 1652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

00:21:34.0025 1652 usbprint - ok

00:21:34.0079 1652 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

00:21:34.0081 1652 usbscan - ok

00:21:34.0129 1652 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:21:34.0131 1652 USBSTOR - ok

00:21:34.0173 1652 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

00:21:34.0180 1652 usbuhci - ok

00:21:34.0233 1652 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

00:21:34.0235 1652 usb_rndisx - ok

00:21:34.0281 1652 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

00:21:34.0288 1652 UxSms - ok

00:21:34.0326 1652 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:21:34.0330 1652 VaultSvc - ok

00:21:34.0379 1652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

00:21:34.0381 1652 vdrvroot - ok

00:21:34.0459 1652 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

00:21:34.0468 1652 vds - ok

00:21:34.0525 1652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

00:21:34.0526 1652 vga - ok

00:21:34.0545 1652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

00:21:34.0547 1652 VgaSave - ok

00:21:34.0617 1652 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

00:21:34.0620 1652 vhdmp - ok

00:21:34.0656 1652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

00:21:34.0660 1652 viaagp - ok

00:21:34.0690 1652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

00:21:34.0694 1652 ViaC7 - ok

00:21:34.0720 1652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

00:21:34.0722 1652 viaide - ok

00:21:34.0744 1652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

00:21:34.0746 1652 volmgr - ok

00:21:34.0789 1652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

00:21:34.0794 1652 volmgrx - ok

00:21:34.0836 1652 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

00:21:34.0839 1652 volsnap - ok

00:21:34.0884 1652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

00:21:34.0886 1652 vsmraid - ok

00:21:35.0011 1652 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

00:21:35.0025 1652 VSS - ok

00:21:35.0055 1652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

00:21:35.0057 1652 vwifibus - ok

00:21:35.0096 1652 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

00:21:35.0099 1652 vwififlt - ok

00:21:35.0151 1652 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

00:21:35.0153 1652 vwifimp - ok

00:21:35.0236 1652 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

00:21:35.0245 1652 W32Time - ok

00:21:35.0286 1652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

00:21:35.0288 1652 WacomPen - ok

00:21:35.0339 1652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

00:21:35.0342 1652 WANARP - ok

00:21:35.0354 1652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

00:21:35.0356 1652 Wanarpv6 - ok

00:21:35.0519 1652 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

00:21:35.0530 1652 WatAdminSvc - ok

00:21:35.0648 1652 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

00:21:35.0663 1652 wbengine - ok

00:21:35.0702 1652 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

00:21:35.0717 1652 WbioSrvc - ok

00:21:35.0807 1652 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll

00:21:35.0811 1652 WcesComm - ok

00:21:35.0884 1652 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

00:21:35.0892 1652 wcncsvc - ok

00:21:35.0912 1652 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

00:21:35.0919 1652 WcsPlugInService - ok

00:21:35.0991 1652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

00:21:35.0993 1652 Wd - ok

00:21:36.0045 1652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

00:21:36.0050 1652 Wdf01000 - ok

00:21:36.0070 1652 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

00:21:36.0080 1652 WdiServiceHost - ok

00:21:36.0091 1652 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

00:21:36.0100 1652 WdiSystemHost - ok

00:21:36.0156 1652 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

00:21:36.0166 1652 WebClient - ok

00:21:36.0192 1652 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

00:21:36.0202 1652 Wecsvc - ok

00:21:36.0233 1652 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

00:21:36.0240 1652 wercplsupport - ok

00:21:36.0284 1652 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

00:21:36.0291 1652 WerSvc - ok

00:21:36.0343 1652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

00:21:36.0346 1652 WfpLwf - ok

00:21:36.0372 1652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

00:21:36.0374 1652 WIMMount - ok

00:21:36.0539 1652 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

00:21:36.0545 1652 WinDefend - ok

00:21:36.0571 1652 WinHttpAutoProxySvc - ok

00:21:36.0669 1652 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

00:21:36.0672 1652 Winmgmt - ok

00:21:36.0786 1652 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

00:21:36.0802 1652 WinRM - ok

00:21:36.0907 1652 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

00:21:36.0909 1652 WinUsb - ok

00:21:37.0006 1652 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

00:21:37.0020 1652 Wlansvc - ok

00:21:37.0122 1652 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:21:37.0124 1652 wlcrasvc - ok

00:21:37.0304 1652 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:21:37.0317 1652 wlidsvc - ok

00:21:37.0477 1652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

00:21:37.0478 1652 WmiAcpi - ok

00:21:37.0572 1652 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

00:21:37.0575 1652 wmiApSrv - ok

00:21:37.0757 1652 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

00:21:37.0766 1652 WMPNetworkSvc - ok

00:21:37.0800 1652 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

00:21:37.0807 1652 WPCSvc - ok

00:21:37.0863 1652 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

00:21:37.0873 1652 WPDBusEnum - ok

00:21:37.0954 1652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

00:21:37.0956 1652 ws2ifsl - ok

00:21:37.0987 1652 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

00:21:37.0995 1652 wscsvc - ok

00:21:38.0049 1652 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

00:21:38.0051 1652 WSDPrintDevice - ok

00:21:38.0076 1652 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys

00:21:38.0078 1652 WSDScan - ok

00:21:38.0093 1652 WSearch - ok

00:21:38.0250 1652 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

00:21:38.0275 1652 wuauserv - ok

00:21:38.0437 1652 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

00:21:38.0440 1652 WudfPf - ok

00:21:38.0477 1652 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:21:38.0479 1652 WUDFRd - ok

00:21:38.0538 1652 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

00:21:38.0546 1652 wudfsvc - ok

00:21:38.0590 1652 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

00:21:38.0600 1652 WwanSvc - ok

00:21:38.0688 1652 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys

00:21:38.0690 1652 xusb21 - ok

00:21:38.0762 1652 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys

00:21:38.0770 1652 yukonw7 - ok

00:21:38.0864 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

00:21:39.0084 1652 \Device\Harddisk0\DR0 - ok

00:21:39.0093 1652 Boot (0x1200) (70409ae6fda6998c556926a11c1486d4) \Device\Harddisk0\DR0\Partition0

00:21:39.0094 1652 \Device\Harddisk0\DR0\Partition0 - ok

00:21:39.0112 1652 Boot (0x1200) (6ad65bcc9aeff9679cbf3165053cbc05) \Device\Harddisk0\DR0\Partition1

00:21:39.0114 1652 \Device\Harddisk0\DR0\Partition1 - ok

00:21:39.0120 1652 ============================================================

00:21:39.0120 1652 Scan finished

00:21:39.0120 1652 ============================================================

00:21:39.0142 3740 Detected object count: 0

00:21:39.0142 3740 Actual detected object count: 0

Share this post


Link to post
Share on other sites

I'd like to have you post a copy of the last MBAM scan log.

Please close any of your open windows/programs and exit; saving any open work you have.

Download OTL by OldTimer to your Desktop: http://oldtimer.geekstogo.com/OTL.exe

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    CLEARALLRESTOREPOINTS
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Share this post


Link to post
Share on other sites

Here is the MBAM scan log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.23.01

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-LAPTOP [administrator]

6/22/2012 11:06:59 PM

mbam-log-2012-06-22 (23-06-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 246388

Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Here are the OTL logs:

OTL logfile created on: 6/23/2012 7:22:05 AM - Run 1

OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\John\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.73% Memory free

3.98 Gb Paging File | 2.82 Gb Available in Paging File | 70.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.79 Gb Total Space | 117.40 Gb Free Space | 50.43% Space Free | Partition Type: NTFS

Computer Name: JOHN-LAPTOP | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 07:13:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/02/09 02:06:48 | 000,312,376 | ---- | M] (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

PRC - [2010/08/23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe

PRC - [2007/05/31 17:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 07:15:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/14 07:14:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/10 08:35:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll

MOD - [2012/05/10 08:34:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/10 08:34:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/10 08:34:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 08:34:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2009/12/12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PS3 Media Server)

SRV - [2012/06/11 12:52:48 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/05/08 07:20:34 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010/02/28 01:20:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2)

SRV - [1998/10/06 14:36:26 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papycpu.sys -- (papycpu)

SRV - [1998/10/06 14:36:26 | 000,001,888 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\John\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)

DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/02/09 02:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/04/08 23:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)

DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/06 23:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/07/13 20:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)

DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/06/25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2009/06/25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2009/06/25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/11/22 13:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)

DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)

DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)

DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)

DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)

DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)

DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)

DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)

DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)

DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)

DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

DRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2)

DRV - [1998/10/06 14:36:26 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papycpu.sys -- (papycpu)

DRV - [1998/10/06 14:36:26 | 000,001,888 | ---- | M] () [unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2&a=DgVhNP4M09

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/25 20:21:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/09 07:59:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/14 07:26:05 | 000,000,000 | ---D | M]

[2010/02/03 16:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions

[2012/06/22 17:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions

[2012/06/22 17:36:26 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}

[2011/08/10 07:47:02 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\DeviceDetection@logitech.com

[2012/03/31 00:04:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\vshare@toolbar

[2012/06/21 07:08:04 | 000,000,917 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\conduit.xml

[2011/04/08 18:57:14 | 000,002,183 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\MyStart Search.xml

[2012/01/01 15:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/09/18 15:18:25 | 000,087,923 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FFNMK6OX.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI

[2009/07/13 19:11:12 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FFNMK6OX.DEFAULT\EXTENSIONS\ZERWSJEKUJ@ZERWSJEKUJ.ORG.XPI

[2012/05/08 07:20:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/20 07:55:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll

[2012/02/13 07:24:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/13 07:24:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/22 19:34:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" File not found

O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKCU\..Trusted Domains: samsung.com ([www] https in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9320F265-75F3-49E1-8F5C-85C423F568FD}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

CLEARALLRESTOREPOINTS

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 07:13:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe

[2012/06/23 06:55:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5A48421F-6030-41E4-8433-7B8FC3AB4491}

[2012/06/23 06:55:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DD62C071-3690-4A98-A5E8-3531DDCCB656}

[2012/06/22 22:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/06/22 22:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/06/22 19:40:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/06/22 19:20:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/06/22 19:20:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/06/22 19:20:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/06/22 19:18:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/22 19:18:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/06/22 18:54:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C102EDD6-7E68-4F02-B79A-5216D1B99905}

[2012/06/22 18:54:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EE5852A8-91C2-43CC-81BB-0DB6FB55D284}

[2012/06/22 18:39:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr

[2012/06/22 10:24:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com

[2012/06/22 10:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/06/22 10:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/06/22 10:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/06/22 06:47:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5C63912F-64A9-4357-A592-D3B6FCDCC623}

[2012/06/22 06:46:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{48D66B41-BBD3-48B8-AB81-66E0C5D07EDD}

[2012/06/21 15:05:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AD727E21-C105-46E3-BD0C-A9FBDDBFDCA3}

[2012/06/21 15:05:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{735FCF54-B3C1-477C-A284-6E3045CFD476}

[2012/06/21 10:44:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair

[2012/06/21 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/06/21 07:12:58 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/06/21 07:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant

[2012/06/21 07:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2012/06/21 07:05:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3AE0167D-9012-41F3-A58A-F2FC68DEDA0A}

[2012/06/21 07:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2012/06/21 07:04:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Conduit

[2012/06/21 07:00:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{58FD684D-33C4-42FD-955A-EA9A4EFF2759}

[2012/06/21 07:00:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7E08D90A-6206-4B6E-A67C-F9F1A1D557BA}

[2012/06/21 06:59:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDF459AA-A107-458F-BC28-BF84B1277EE0}

[2012/06/21 06:53:53 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/21 06:53:52 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/21 06:53:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{9F7C556B-138A-4C08-A717-8D8B66764E3D}

[2012/06/21 06:53:23 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/06/21 06:53:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/06/21 06:53:23 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/06/21 06:53:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BAC24AA7-A921-4004-AF0E-03324984E623}

[2012/06/21 06:52:47 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/21 06:52:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/06/20 09:37:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D4FD3AB5-3316-47EA-87C9-5DDE9B1C27B0}

[2012/06/20 09:37:25 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{95881B8A-0EBA-40E4-B504-D89128B130B4}

[2012/06/15 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{49D61010-7B3F-42DB-B396-9911E33223EF}

[2012/06/15 09:54:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6F23AAB4-13B6-4EA6-BB4C-B4BB2942B2C0}

[2012/06/14 21:04:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DC1D7565-84E0-4BC2-BF99-9B8D3CEFC244}

[2012/06/13 22:33:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/06/13 22:33:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/06/13 22:33:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/06/13 22:33:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/06/13 22:33:22 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/06/13 22:33:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/06/13 22:33:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/06/13 07:40:54 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/06/13 07:40:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll

[2012/06/13 07:40:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2012/06/13 07:40:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

[2012/06/11 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Macromedia

[2012/06/09 07:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/06/09 07:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/06/09 07:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/06/06 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A23D4AC7-8DAF-4282-94BD-23391ED1229E}

[2012/06/06 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5ADF7BBA-1F5C-4F81-B093-42210A008A94}

[2012/06/06 12:45:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{502BA10A-2CD7-4F9E-86C5-14532F5A0F64}

[2012/06/06 12:44:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2AFCFD8C-E193-4353-A5D9-7157F65D5E1D}

[2012/06/03 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7E6E0E4B-E1D9-4891-8A69-2D0A19F68302}

[2012/06/03 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{973C4EE3-AEFA-4154-A1FC-51B302A0354E}

[2012/05/28 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{07E6DAB2-8ACA-49D4-868F-AFAC19089DDA}

[2012/05/28 10:05:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\3DVIA

[2012/05/28 10:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\3DVIA

[2012/05/28 10:04:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll

[2012/05/28 10:04:55 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll

[2012/05/28 10:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Virtools

[2012/05/28 09:36:31 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/06/23 07:23:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/23 07:13:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe

[2012/06/23 06:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/23 06:19:51 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/23 06:19:51 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/22 22:19:11 | 000,000,894 | ---- | M] () -- C:\Users\John\Desktop\NTREGOPT.lnk

[2012/06/22 22:19:11 | 000,000,875 | ---- | M] () -- C:\Users\John\Desktop\ERUNT.lnk

[2012/06/22 19:34:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/06/22 18:39:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr

[2012/06/22 17:43:58 | 000,689,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/22 17:43:58 | 000,131,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/22 13:59:25 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/22 10:24:17 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/06/21 10:44:02 | 000,001,001 | ---- | M] () -- C:\Users\John\Desktop\Free Window Registry Repair.lnk

[2012/06/21 08:20:57 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/14 07:26:06 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/06/14 07:12:02 | 002,333,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/11 12:52:48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/06/11 12:52:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/06/09 07:59:36 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/05/24 12:57:34 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys

========== Files Created - No Company Name ==========

[2012/06/22 22:19:11 | 000,000,894 | ---- | C] () -- C:\Users\John\Desktop\NTREGOPT.lnk

[2012/06/22 22:19:11 | 000,000,875 | ---- | C] () -- C:\Users\John\Desktop\ERUNT.lnk

[2012/06/22 19:20:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/06/22 19:20:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/06/22 19:20:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/06/22 19:20:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/06/22 19:20:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/22 10:24:17 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/06/21 10:44:02 | 000,001,001 | ---- | C] () -- C:\Users\John\Desktop\Free Window Registry Repair.lnk

[2012/06/21 08:20:57 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/21 07:06:05 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk

[2012/06/14 07:26:06 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/06/09 07:59:36 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/05/28 09:36:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/02/29 08:58:55 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2012/02/26 17:39:41 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2012/02/18 12:45:00 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat

[2011/10/30 14:52:38 | 000,000,292 | ---- | C] () -- C:\Users\John\AppData\Local\HamsterBookConverter.cfg

[2011/08/23 11:19:30 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys

[2011/05/06 11:27:49 | 000,173,045 | ---- | C] () -- C:\Windows\hpoins46.dat

[2011/05/06 11:27:49 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat

[2011/04/22 10:50:30 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe

[2011/04/22 10:50:30 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe

[2011/04/22 10:50:30 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll

[2011/04/22 10:50:30 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys

[2011/04/22 10:50:30 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys

[2011/04/03 12:06:22 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu.sys

[2011/02/27 07:32:18 | 000,000,036 | ---- | C] () -- C:\Users\John\AppData\Local\housecall.guid.cache

[2011/01/21 11:34:03 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys

[2010/08/14 11:10:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2010/06/25 13:09:42 | 000,000,192 | ---- | C] () -- C:\Users\John\AppData\Roaming\default.rss

[2010/05/20 08:07:21 | 000,004,608 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/15 08:52:05 | 000,002,682 | ---- | C] () -- C:\Users\John\.recently-used.xbel

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2010/04/14 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Adobe

[2012/01/08 18:59:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon

[2011/11/05 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Apple Computer

[2012/02/29 09:14:16 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Atari

[2011/10/30 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre

[2011/10/20 07:55:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Catalina Marketing Corp

[2012/06/21 10:34:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/02/18 01:15:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite

[2012/02/26 17:40:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FreeAudioPack

[2010/02/15 08:52:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gtk-2.0

[2011/12/04 16:31:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HandBrake

[2010/02/03 16:10:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Identities

[2012/01/08 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit

[2011/05/12 17:34:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech

[2011/05/12 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Logishrd

[2011/05/12 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Logitech

[2010/02/03 16:48:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Macromedia

[2010/02/10 10:04:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MAGIX

[2010/04/14 08:00:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Malwarebytes

[2009/07/14 03:48:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Media Center Programs

[2012/06/11 12:54:00 | 000,000,000 | --SD | M] -- C:\Users\John\AppData\Roaming\Microsoft

[2011/12/26 10:55:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mjusbsp

[2011/02/27 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Motacore

[2010/02/03 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla

[2012/04/22 17:02:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mp3tag

[2010/06/25 09:45:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nero

[2011/05/20 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PMS

[2011/04/16 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\rockbox.org

[2010/04/30 08:28:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SanDisk

[2010/04/27 18:08:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sibelius Software

[2010/08/14 11:45:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony

[2012/06/22 10:24:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com

[2011/09/11 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Unity

[2012/06/22 22:28:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent

[2012/02/18 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\vlc

[2012/01/20 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer

[2010/02/04 09:18:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WinRAR

[2010/02/10 10:39:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Xara

[2010/06/04 20:08:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >

[2012/06/21 07:04:37 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\John\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011/06/21 14:55:12 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2011/10/20 07:54:54 | 000,485,576 | ---- | M] (Catalina Marketing Corp. ) -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

[2011/08/23 16:01:22 | 000,446,384 | ---- | M] (magicJack L.P.) -- C:\Users\John\AppData\Roaming\mjusbsp\magicJackSplash.exe

[2011/04/16 18:29:32 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[2011/04/16 18:29:45 | 000,582,536 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe

[2010/04/30 08:28:19 | 000,354,744 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe

< %SYSTEMDRIVE%\*.exe >

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:6B9ADB51

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Extras.txt:

OTL Extras logfile created on: 6/23/2012 7:22:05 AM - Run 1

OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\John\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.73% Memory free

3.98 Gb Paging File | 2.82 Gb Available in Paging File | 70.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.79 Gb Total Space | 117.40 Gb Free Space | 50.43% Space Free | Partition Type: NTFS

Computer Name: JOHN-LAPTOP | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0EB61A2E-17F2-4268-A071-8D364C14BEB1}" = rport=137 | protocol=17 | dir=out | app=system |

"{12924728-534B-4B67-968A-F12EAF756087}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{12A37AFC-02C1-465D-9956-2B23C651AE6C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{15F3C870-08F4-4D1D-8965-D11584308933}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{20634523-7618-4F2F-ABE9-4C35C56D399D}" = lport=139 | protocol=6 | dir=in | app=system |

"{22596AD2-6E7A-4828-BE38-B22A5642B84C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{24C75EBD-593E-4594-ABAB-2919AA81FE77}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{2D31B0BC-1971-488E-99DA-20C5F40048B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2EEBFE73-283C-4DF2-B8B4-28145FAB3650}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{397D001D-CFB6-4349-B0FE-11BF72BC2F08}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3BCACCDE-21F3-482D-B317-6296858595BD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{4BE09B40-3644-4F66-97B5-836D66686842}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{65480BD0-8C03-4F9C-B0D1-16A6FCB88D4B}" = rport=445 | protocol=6 | dir=out | app=system |

"{687FD186-19A5-4EAE-B5DE-89A2C93F4101}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{693B70A6-C5FB-4CF7-A218-412178332F9B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{733253C8-428E-47BA-BD12-5BF497D7E980}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{7758C9D7-229D-48B6-B2DF-A71574B98E5E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{7781EFBE-3838-4CBD-9BA8-FB91E4BCC475}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{78CADCE6-EAAE-476E-A1A9-F4C4435E933B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{7BD9CF99-E0B8-49DB-A3AC-5DCD6139B16F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7FB8F152-AA56-406D-A684-6CCECEE99289}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{8B51958D-542C-43E1-BB61-4F97129762D4}" = lport=445 | protocol=6 | dir=in | app=system |

"{AEAC5E37-985A-4BE2-B82E-B7A33AD6B265}" = lport=138 | protocol=17 | dir=in | app=system |

"{B35833C5-3E19-4D08-ADF8-00AE55026E48}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{B62BB39C-4CAF-4D55-9122-B4E48ABE9D9F}" = lport=10243 | protocol=6 | dir=in | app=system |

"{B69DBB31-14BA-4AD4-B849-E49FDC15566D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B94038DE-59BD-4E6D-9CF4-F9191ED57886}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{C2895181-7A17-429D-A4CD-5B2612946D15}" = lport=137 | protocol=17 | dir=in | app=system |

"{CFFA2A4E-CC84-49DE-B285-916148226026}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{D943EEFE-05A8-4C1D-88E3-4AE3FFCC1890}" = rport=138 | protocol=17 | dir=out | app=system |

"{DFBF32A4-8DEA-43A9-A6C1-A8D6CAC60CDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E3DE20EC-EF30-44F5-9B62-98D8ADEF8210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E9F104F5-1D91-496A-8D1F-953D7A1914E4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{ED48C23A-71BA-49D7-90EF-6586467FB1F4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{EF3B9682-AF05-4F2E-9BEC-024AF0D7F70C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F668BD21-1CCB-40D4-AA37-8206F4A84DBE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{F78880CD-2B63-4526-92CE-392DD8570964}" = rport=10243 | protocol=6 | dir=out | app=system |

"{FC44DA34-1573-4217-AAAE-5D99805D1320}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{006ADD75-1BDF-446D-8417-7F23F2E9C68F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0B1FAE33-6F4D-497C-9DD7-0D884357F5F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{102E1B8B-68A8-4E19-90D3-2D2B3A5BBDDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{12849527-FB07-49EF-9E78-4B4B73B159E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{196ABC68-7CEE-4E47-AFCA-CD50793E9ECE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{1A19BE57-C9B9-448E-A39A-1982691D7868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1C9202CC-6374-4627-86AE-C32AF6D1DA55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{25A1BED6-20DF-4453-948E-517FEA09A00F}" = protocol=6 | dir=out | app=system |

"{25A86C24-DFC1-403F-BC97-9FB706C5844C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{2C905FFA-2539-485C-B911-601B917D8C1A}" = dir=in | app=c:\users\john\appdata\local\temp\7zs4a6e\setup\hpznui01.exe |

"{3DF6EF5A-96FD-4189-B05D-4D5DF9DDB1FD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{4A336C2C-9355-4FD2-9E65-7ACEAAFECABC}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{50487E0E-ED1A-493F-81DD-EAEF9DC25664}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{56449E41-0183-4782-90DE-CFC013828A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{565382B7-1D25-4917-9B80-B0E40A3DFF93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{5738892E-0993-4437-ACC8-E92C053A4598}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{7544AE55-4D97-49E6-9C06-83EF120A2F4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{815FEC47-0F71-4A94-84DB-88A0B9DD2427}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{8580551F-CD95-4028-A1C8-6BD70AC438EA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{8C6D7755-9598-4D33-87B9-BEC73975D081}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{902FC235-477D-4C00-9C5D-32402471CC62}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{A01B9B16-6A85-42F6-ABB5-CC8F56F97725}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{A2F449B3-7F16-4FEA-BEE4-F546CD966A04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{ADBFAD63-B978-473D-BED9-B50434498AC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AF7354FC-5620-4AFA-B396-A0CBA14D8ADE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{B07F8039-68DF-4C30-B039-ACCA0C4CCD36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B3AF6F71-E513-4EE4-AFEA-2FD96F5650F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{B4813AFF-DC03-4A0E-B76F-544890BDF098}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{B55B2F14-70F2-440C-AEEA-C8E0444497F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BCB90CC7-B060-45B7-A459-A1738FC95E09}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{C58E5E66-2F60-4112-8D65-E5B9F9D9B511}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{CA690D68-1106-4914-8210-90FB70B365FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D78264EB-A609-471F-8988-9376F3CEF9C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D8A69F15-7FB2-499C-97E0-E59549AACF93}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{DC258C8D-518C-4239-B9A4-62F28B4958CA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"TCP Query User{0F3D55DA-C02F-487C-BEAC-E0D661482EDE}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe |

"TCP Query User{1D6679DD-8A68-45B4-ABFD-6A749F743E6F}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe |

"TCP Query User{1FCA0CDE-A37B-4474-A20A-7607152068C0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{239CC2A4-477F-4F21-8ADF-6D8E23E8ACEC}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe |

"TCP Query User{5331F0D6-1B86-45E0-A58F-035C32EB5F47}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{6952C296-8750-4F62-B326-620A34B51131}C:\users\john\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\filehunter\pumpa.exe |

"TCP Query User{6FA424B1-E1D6-41E6-94DF-FB273F4D96D4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{725D4E3E-393A-4259-8468-560C446C3AA3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{74DDE5F9-D683-498D-82DA-179A3E86D5EE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{81527746-8CC7-4319-B90D-605676C3B4C3}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

"TCP Query User{90BB588E-6643-4A3A-8EEF-E2CD35F35D16}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

"TCP Query User{A4060B52-7F17-4E25-82DA-BD9215AA0163}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{ADAC2A9F-FA61-4E44-AC29-DED27B11EACA}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe |

"TCP Query User{C55BD324-655F-40C7-8FD0-486F2FB96769}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe |

"UDP Query User{29D9251E-3773-4FF5-844C-23B322361FB6}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

"UDP Query User{32659803-A203-4BBA-81D7-86232AD99819}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{5817C7ED-903A-412E-B6F4-E37209086496}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe |

"UDP Query User{8A9BA07C-21DC-4953-9DFC-CE2FA79A6931}C:\users\john\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\filehunter\pumpa.exe |

"UDP Query User{8F1A29B4-CC2C-432C-BCEC-AFA7654CAF29}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{9196BE39-2A41-449B-8EB8-58781D2D5D1F}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe |

"UDP Query User{9DFD12E7-41C8-4F7C-86AB-F52AFB7E3F82}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe |

"UDP Query User{A26A6700-F239-41D5-975C-7603CBECFC93}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe |

"UDP Query User{A41C37DB-EC87-4E8C-9D7D-CE60EDBB91AD}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

"UDP Query User{B4509093-B4E1-4D9B-9493-2B79BE1C734D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{C5DA069F-11A4-4F54-B7E3-6DBCC6DE7970}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{CB83A25C-4CB1-46BD-AB73-72964EA0D79C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{E350C6D5-EEBB-444E-8E47-FE0E62AA36F5}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{FDA93628-718C-46CE-81DA-0B93CEA828A4}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers

"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java 7 Update 2

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min

"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4C5D15D2-5351-4F05-A96E-56C20554F977}" = RollerCoaster Tycoon 2 Triple Thrill Pack

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02

"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A5425D07-D972-47DA-8133-4D33876D44A4}" = calibre

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}" = 3DVIA player 5.0.0.20

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network

"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Audacity_is1" = Audacity 1.2.6

"avast" = avast! Free Antivirus

"Canon MP640 series User Registration" = Canon MP640 series User Registration

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon Utilities My Printer

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition

"ERUNT_is1" = ERUNT 1.1j

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2

"Free Window Registry Repair" = Free Window Registry Repair

"HDMI" = Intel® Graphics Media Accelerator Driver

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mp3tag" = Mp3tag v2.49

"MS Access 97 SP2" = MS Access 97 SP2

"PowerISO" = PowerISO

"PROPLUS" = Microsoft Office Professional Plus 2007

"PS3 Media Server" = PS3 Media Server

"sp6" = Logitech SetPoint 6.22

"TVWiz" = Intel® TV Wizard

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/20/2011 4:09:19 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 2.0.1.4120 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: b6c Start

Time: 01cc2f85d3c1a40a Termination Time: 36 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: 29ba8a59-9b79-11e0-aec0-001d094ccc0d

Error - 7/5/2011 10:38:09 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 5.0.0.4183 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: afc Start

Time: 01cc3b2082a8584b Termination Time: 22 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: 5ea8981f-a714-11e0-be03-001d094ccc0d

Error - 8/16/2011 6:39:56 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 5.0.0.4183 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 10bc Start

Time: 01cc5c00b6e453d7 Termination Time: 16 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: 102f57c8-c7f4-11e0-beaf-001d094ccc0d

Error - 9/14/2011 6:44:46 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 6.0.2.4262 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 964 Start

Time: 01cc72cb27c4f9fc Termination Time: 42 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: 8ad72fd4-debe-11e0-93dd-001d094ccc0d

Error - 9/25/2011 7:03:18 PM | Computer Name = John-Laptop | Source = Application Error | ID = 1000

Description = Faulting application name: Dwm.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc225 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x0824548b Faulting process id: 0x5ac Faulting application

start time: 0x01cc79dba962cac3 Faulting application path: C:\Windows\system32\Dwm.exe

Faulting

module path: unknown Report Id: 8deeb71c-e7ca-11e0-960e-001d094ccc0d

Error - 9/26/2011 2:52:26 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002

Description = The program IncMail.exe version 6.2.9.5006 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 2674 Start

Time: 01cc7c688513a843 Termination Time: 200 Application Path: C:\Program Files\IncrediMail\Bin\IncMail.exe

Report

Id: a62be079-e870-11e0-960e-001d094ccc0d

Error - 10/5/2011 12:07:38 PM | Computer Name = John-Laptop | Source = Windows Search Service | ID = 3100

Description =

Error - 10/16/2011 1:49:12 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 7.0.1.4288 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 10a8 Start

Time: 01cc8c2ba1895dc1 Termination Time: 38 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: 22b9ac5e-f81f-11e0-8510-001d094ccc0d

Error - 10/30/2011 2:58:38 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002

Description = The program Hamster.EBookConverter.exe version 1.0.0.13 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1b58 Start

Time: 01cc973516c3d134 Termination Time: 99 Application Path: C:\Program Files\Hamster

Soft\Free eBbook Converter\Hamster.EBookConverter.exe Report Id:

Error - 10/31/2011 7:06:34 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 7.0.1.4288 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1124 Start

Time: 01cc97bcd4d63460 Termination Time: 43 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: 5dea47d1-03b0-11e1-ac3d-001d094ccc0d

[ OSession Events ]

Error - 7/7/2010 11:13:51 PM | Computer Name = John-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5635

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 6/22/2012 7:22:54 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 6/22/2012 7:28:20 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 6/22/2012 7:34:33 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 6/22/2012 10:16:30 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 6/22/2012 10:16:33 PM | Computer Name = John-Laptop | Source = DCOM | ID = 10010

Description =

Error - 6/22/2012 10:21:27 PM | Computer Name = John-Laptop | Source = bowser | ID = 8003

Description =

Error - 6/22/2012 10:33:30 PM | Computer Name = John-Laptop | Source = bowser | ID = 8003

Description =

Error - 6/22/2012 11:29:59 PM | Computer Name = John-Laptop | Source = BROWSER | ID = 8032

Description =

Error - 6/23/2012 6:49:13 AM | Computer Name = John-Laptop | Source = Microsoft-Windows-HAL | ID = 12

Description = The platform firmware has corrupted memory across the previous system

power transition. Please check for updated firmware for your system.

Error - 6/23/2012 6:54:46 AM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the RapiMgr service.

< End of report >

Share this post


Link to post
Share on other sites

Close any open programs you started.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the Codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q="

    :files
    recycler /alldrives
    C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
    C:\Program Files\Conduit
    C:\Users\John\AppData\Local\Conduit
    C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\conduit.xml

    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open. :excl:
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

AND tell me, How is the system now ?

Share this post


Link to post
Share on other sites

The Whitesmoke toolbar is gone, but all yahoo search results are still being redirected to garbage sites.

Here is the OTL log:

All processes killed

========== OTL ==========

Prefs.js: "http://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q=" removed from keyword.URL

========== FILES ==========

recycler not found in C:\

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\lib folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults\preferences folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\skin folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\sl folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\lib folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\core folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\css folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\resources folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\img folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest scheduled to be moved on reboot.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\script folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\resources folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\Css folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\images folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\css folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\img folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\css folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\404 folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\img folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\css folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\img folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\css folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gadgetFrame folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd\images folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg scheduled to be moved on reboot.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\js folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js\resources folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\images folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\css folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\myStuffDialogs folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js\resources folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features scheduled to be moved on reboot.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\api folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\res folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\img folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\css folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\js folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\images folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox folder moved successfully.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot.

Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} scheduled to be moved on reboot.

C:\Program Files\Conduit\Community Alerts folder moved successfully.

C:\Program Files\Conduit folder moved successfully.

C:\Users\John\AppData\Local\Conduit folder moved successfully.

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\conduit.xml moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56478 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

User: HomeGroupUser$

->Temp folder emptied: 0 bytes

User: John

->Temp folder emptied: 53 bytes

->Temporary Internet Files folder emptied: 7413195 bytes

->Java cache emptied: 4151062 bytes

->FireFox cache emptied: 106861506 bytes

->Flash cache emptied: 57180 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9544 bytes

RecycleBin emptied: 2162306 bytes

Total Files Cleaned = 115.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: John

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.52.0 log created on 06232012_083545

Share this post


Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member jwill80 only. If you are a casual viewer, do NOT try this on your system!

If you are not jwill80 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

I will need to review the CF log and then see what we need to do next.

Meantime, very carefully, use each of your browsers (one at a time). Test each briefly. Tell me which ones, if any, have an issue.

Share this post


Link to post
Share on other sites

Combofix log: (For some reason the first scan i did the log file was not there? Removed combofix and re-installed and re-ran.)

ComboFix 12-06-23.05 - John 06/23/2012 9:55.3.1 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1043 [GMT -4:00]

Running from: c:\users\John\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))

.

.

2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp

2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-06-23 12:35 . 2012-06-23 12:35 -------- d-----w- C:\_OTL

2012-06-23 02:19 . 2012-06-23 02:19 -------- d-----w- c:\program files\ERUNT

2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com

2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-22 10:50 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6186E0E-A18A-4034-820D-3C8E137AF848}\mpengine.dll

2012-06-21 14:34 . 2012-06-21 14:34 -------- d-----w- c:\users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-06-21 11:12 . 2012-06-21 11:12 -------- d-----w- c:\windows\en

2012-06-21 11:06 . 2012-06-21 11:06 -------- d-----w- c:\program files\Adobe Download Assistant

2012-06-21 11:05 . 2012-06-21 11:05 -------- d-----w- c:\program files\Common Files\Adobe AIR

2012-06-21 11:00 . 2012-06-21 11:00 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\21d76b571cd4f9d02\MeshBetaRemover.exe

2012-06-21 11:00 . 2012-06-21 11:00 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\DXSETUP.exe

2012-06-21 11:00 . 2012-06-21 11:00 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\dsetup32.dll

2012-06-21 11:00 . 2012-06-21 11:00 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\DSETUP.dll

2012-06-21 10:53 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 10:53 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 10:53 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 10:53 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 10:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 10:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 10:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 10:52 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 10:52 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-13 11:40 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 11:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-13 11:40 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 11:40 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 11:40 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 11:40 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 11:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 11:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 11:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 11:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-11 16:54 . 2012-06-11 16:54 -------- d-----w- c:\users\John\AppData\Local\Macromedia

2012-05-28 14:05 . 2012-05-28 14:05 -------- d-----w- c:\users\John\AppData\Local\3DVIA

2012-05-28 14:04 . 2012-05-28 14:04 -------- d-----w- c:\programdata\3DVIA

2012-05-28 14:04 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-05-28 14:04 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2012-05-28 14:04 . 2012-05-28 14:04 -------- d-----w- c:\program files\Virtools

2012-05-28 13:36 . 2012-06-11 16:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-11 16:52 . 2011-06-30 11:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-24 16:57 . 2011-06-19 12:18 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-04 19:56 . 2011-08-03 13:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 04:39 . 2012-05-09 14:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-09 14:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 10:23 . 2012-05-09 14:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-08 11:20 . 2011-05-14 11:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 3905408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-4 576000]

RollerCoaster Tycoon 3 Registration.lnk - c:\users\John\AppData\Local\Temp\{1F622389-E184-41F9-B1DF-77198C1E351C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 40448]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]

R3 PS3 Media Server;PS3 Media Server; [x]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [1998-10-06 1984]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 16:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

mStart Page = hxxp://www.yahoo.com

Trusted Zone: samsung.com\www

TCP: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2576205366-1716655206-47981548-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17779F89-A00E-3A6E-0B2F-FCB54DCDB749}*]

"hadmngcdieachhmd"=hex:6a,61,69,68,67,63,68,64,6c,6c,63,68,61,66,64,64,6a,69,

6c,66,00,00

"iajkddfkoanghocppe"=hex:6a,61,69,68,67,63,68,64,6c,6c,63,68,61,66,64,64,6a,69,

6c,66,00,00

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-23 10:08:27

ComboFix-quarantined-files.txt 2012-06-23 14:08

ComboFix2.txt 2012-06-23 13:44

ComboFix3.txt 2012-06-22 23:39

.

Pre-Run: 134,139,621,376 bytes free

Post-Run: 134,079,725,568 bytes free

.

- - End Of File - - 8E276692C8D34823905188EA7BAEB752

Share this post


Link to post
Share on other sites

Note of caution: If you ever run into a hitch, STOP and ask for help from me. Do not run tools repeatedly, please.

Get me a copy of contents of ComboFix-quarantined-files.txt

iirc, it should be in C:\qoobox

and tell me, if you had recently run Combofix on your own, before asking for help ?

Share this post


Link to post
Share on other sites

Sorry about running it again. Next time i have trouble i will ask for help. And yes i did run it yesterday, was trying to see what i could do to fix it, but was obvious pretty quickly that I was in over my head and needed help.

Here are the contents of that txt file.

2012-06-23 13:40:58 . 2012-06-23 13:40:58 139 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-uTorrent.reg.dat

2012-06-22 23:38:51 . 2012-06-22 23:38:51 1,276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Microsoft SQL Server 10.reg.dat

2012-06-22 23:37:01 . 2012-06-22 23:37:01 198 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Apple Computer.reg.dat

2012-06-22 23:36:58 . 2012-06-22 23:36:58 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat

2012-06-22 23:36:52 . 2012-06-22 23:36:52 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{cce665dd-f6dd-4808-968e-eaec971f70ef}.reg.dat

2012-06-22 23:30:09 . 2012-06-23 14:00:42 20,303 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-06-22 23:20:44 . 2012-06-23 13:55:18 257 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-06-18 02:28:00 . 2012-06-18 02:28:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\Users\John\AppData\Local\DFX\Apple Computer\ryspolxg.dll.vir

Share this post


Link to post
Share on other sites

very carefully, use each of your browsers (one at a time). Test each briefly. Tell me which ones, if any, have an issue.

I want you to make a simple test with each. Go to www.google.com and then www.bing.com

Does each look to work ok?

I must note: When you see any "search result" on any search engine, it does "NOT" mean that the link is valid, goes to a legitimate website; that the website is totally safe !!

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen:

Keep the checkmark on Internet Services.

Checkmark Windows firewall

Checkmark Security Center.

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste FSS.txt with your reply.

Share this post


Link to post
Share on other sites

The only one that gives me trouble is yahoo.com on Firefox. Internet explorer is fine with all search engines I tested.

Here is the FSS.txt:

Farbar Service Scanner Version: 22-06-2012 01

Ran by John (administrator) on 23-06-2012 at 11:53:41

Running from "C:\Users\John\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error: Yahoo IP is offline

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

Action Center:

============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

ID: 17   Posted (edited)

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

After the fresh Windows start, do this:

Start Firefox. From main menu, select Help >> About >> Firefox >> Check for Update.

apply any updates. Allow FF to Restart.

Very, very carefully: try Yahoo

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Turn off your antivirus so that it does not interfere. Leave your firewall on.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Re-enable your antivirus.

NEXT:

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Next:
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Reply with copy of log from F-Secure scan

Checkup.txt

Log.txt

Info.txt

Copy and Paste the contents of the logs. Do not use the attach feature.

Share this post


Link to post
Share on other sites

ID: 20   Posted (edited)

P.S. After you finish the last (previous steps) ......

Your logs showed some peer-to-peer filesharing apps: uTorrent I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Use Control Panel's Programs and Features, and locate uTorrent. Click on that entry, right-click and do Un-install.

Do the same for Iobit. They have a dodgy reputation.

Next:

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:

1) Download and SAVE the zip file to a temporary folder

2) Unzip (extract the contents) in the same folder

3) Temporarily disable your antivirus program. Some antivirus apps will block changes to the Hosts file; so turn it off.

4) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides

typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________

¦ +---+¦

¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦

¦ +---+¦

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Previous version saved and renamed to HOSTS.MVP

Press any key to continue . . .

Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts

The latter is the same folder that had mvps.bat

5) Re-enable your antivirus app.

The MVP Hosts file is updated from time to time. See http://msmvps.com/blogs/hostsnews

for information. And you can also sign-up for email notice when Mike publishes updates.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

F-secure scan:

Scanning Report

Saturday, June 23, 2012 15:09:45 - 16:15:16

Computer name: JOHN-LAPTOP

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

No malware found

Statistics

Scanned:

Files: 153759

System: 4156

Not scanned: 597

Actions:

Disinfected: 0

Renamed: 0

Deleted: 0

Not cleaned: 0

Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT{6DCA2F8D-B686-11DF-AE96-001D094CCC0D}.TMCONTAINER00000000000000000002.REGTRANS-MS

C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT.LOG2

C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT{6DCA2F8D-B686-11DF-AE96-001D094CCC0D}.TMCONTAINER00000000000000000001.REGTRANS-MS

C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT.LOG1

C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT{6DCA2F8D-B686-11DF-AE96-001D094CCC0D}.TM.BLF

C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT

C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL

C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL

C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL

C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL

C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM

C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT

C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1

C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2

C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT

C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1

C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2

C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT

C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT

C:\USERS\JOHN\NTUSER.DAT

C:\USERS\JOHN\NTUSER.DAT.LOG1

C:\USERS\JOHN\NTUSER.DAT.LOG2

C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FFNMK6OX.DEFAULT\PARENT.LOCK

C:\USERS\JOHN\APPDATA\LOCAL\TEMP\HSPERFDATA_JOHN\2760

C:\USERS\JOHN\APPDATA\LOCAL\TEMP\HSPERFDATA_JOHN\848

C:\USERS\JOHN\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT

C:\USERS\JOHN\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1

C:\USERS\JOHN\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2

C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE

C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1

C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2

C:\SYSTEM VOLUME INFORMATION\{10CD7EF7-B8A9-11E1-8483-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{7F7BD546-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{7F7BD5A5-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{7F7BD5A9-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{7F7BD5AD-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{7F7BD5D1-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{7F7BD5CD-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{7F7BD5D7-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{7F7BD5DB-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{DCA6392A-BBA0-11E1-AE4E-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{F96D083F-BC93-11E1-A873-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{F96D0844-BC93-11E1-A873-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\WINDOWSIMAGEBACKUP\SPPMETADATACACHE\{B0979AE8-216B-4FFD-B266-7E87A3F7E6F5}

C:\SYSTEM VOLUME INFORMATION\WINDOWSIMAGEBACKUP\CATALOG\BACKUPGLOBALCATALOG

C:\SYSTEM VOLUME INFORMATION\WINDOWSIMAGEBACKUP\CATALOG\GLOBALCATALOG

C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT

C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT

C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT

C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT

C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT

C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT

C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT

C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT

C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT

C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT

C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT

C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT

C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT

C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT

C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT

C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT

C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT

C:\QOOBOX\BACKENV\SETPATH.BAT

C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT

C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT

C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT

C:\QOOBOX\BACKENV\SYSPATH.DAT

C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT

C:\QOOBOX\BACKENV\VIKPEV00

C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP

C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG

C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB

C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\000A83A45BCC3B1209F01105B5F3A728_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\009050B0C9B1D449113C227045B84357_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0091919A08B9747CE59B91C4B0666529_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0095448E54ADEB5D1A035E43D974B081_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00C768A5B1061D6435927CBD94CBC302_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01A0DD8E4BD489EE5B87C3B710045A0B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02222182CFBE7624DAA8BD8873C8D271_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02298F04C3C5777CEDC8EE7696580873_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02E711E26E02CA010A3A665A1D865593_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02ED98D1DD3BE8A34303B9EB9AB72982_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0325003A322773E1CCB7374DEE77BCEE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\034FBEBD5AB7D96E932F9DB6D0CF38F4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03495070A22125E726A605203979C3BC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0370EA50FFC4BB87AFDD372E87361A4A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03B7C78B1381C3522D34CDD04527C13E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03EB9EF7E972C39FAC9AA23DDFE32475_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\041BC01780F84D948451EA9712838F09_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\046EC1AB29B1151379B0F6DEE878AE3C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\053A62B4973A35648C3FDB1D4F14DC69_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07096783CE73E1AA9EFBCDE8AA7F9A63_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0720B80869E1BF29AFAC7CBD1F64B974_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075895A86A7F12E1CFD1FC56E7321E11_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075AFDFE4D16DA20E237770BB5A49316_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07F1D244463E3478A92EEE42C8607C70_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\084D8048E338539F9F2C973FB813AFC3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\096126A516FAC74BEF9C817B4D01E0E4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09FF250B576CE53CC82C1D7096DCBACC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C4B9CEE3114F6A70063A763CB2E0C42_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D8926B02F998CFD3DB144DD8200989E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C2EBE128F5B2230BD73CA4BC2DAE068_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DB1F51FF3B7EAC6189EE5D6FC4B627A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E56D52753B92C2EE51F357CC3304BCB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EBD02AB3881E2A146852EF895F1EAE3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0ECDE63EB0B38DD1419C7D6A9BE8EC6D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EFD8D41D4BEBD729C77DA58EF26C060_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F96BA03665CDFA7A13E2406DADA672D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FD4FBDE59900985BCA50CBFCFFE3321_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10A4ECAB8AA35F949331E61B8B55EBE3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10CD4DA4B21FC6A46CEF5B960031B269_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1122C0787DEBD89F1C8C48E0DFDD2C27_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12C179D8B097D7B8597BFFE25450E11B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\126557EABF96A9668805C0649E5AC57A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14ECA1FF1EE8DDFB7851446AF98582C9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15AA15A9D3D5BE81461143CB3A175E8B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15F40EE3A2B964784E48204540F8BB28_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15D4C898F24B257EB63F3C2623F077FD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\160F88A3C25853D7F436EA627E9F2C94_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\164C14F198474281DC295EE71CF08266_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\177095E39448EEAA530E2CB390F8DE33_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1809644260975FE64D3AC09B1A643F22_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\181551EC4B945A4B52FADC74E1914A5F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\182BFCCC3BFE9DF44DC2659B50F20165_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\192955F1A8DC99C192B47B02B4EA1552_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1967B457F811E0E513B0DF00EBD4F53F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1970C5F2406DE915C651D3FBDA8C942E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CD090068831A222994FFC28E25E563F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D0AABD0C07D3E1F2CC199AF6FBF75E5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D828D5FC38EA3B4849A70A5826E49AC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DE11D71D05834D84C806A6BF266A15D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1ED5B2B917911E4034823C6D47445291_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F042D775E8D60E2882459089C7C9088_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F2AB3E809EF9C92E53FBA6BEF423797_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F2E1647DBFAE93792063C62E7674C90_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FEF103D1C2C6977566DEC0D76BC25C7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\219312F6F5AB6B426693DA5D59B52F79_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22060CBB1649C68F353F1AEACC3E1662_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\229D3FB04879DEBC78DD08903E47F641_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23205263F92669871952BBAB8249FB12_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2340695FB9380CD0D5CE70D3DC106587_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23835E58C88291035398490C238D50CE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\239786900A35BFFCA454F7AD8EE051FD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23EF1FC892140AE77E9881F68AF8D612_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23CAFDEA94D94D8F8DA45563A335B858_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24F05F91246C877586EE7BC3F3DBBB31_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25BB7548302373536A6FA913374F8FBA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25DAE919EA7C6D3F886B5EE9C3596388_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25F3C148BF5D80E6AC224383D548F632_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\266A7E871D9C71F2FABE2BC012F5850B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26E879E5ACA44F1907FD478A1142B5BB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2718ABB5900E2823A16077943B2EEA12_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A17FE77644E5C484CA3EEBE5B034F1D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A26590EC74773132C5860D5FDE69E85_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29A1D6D8C0BFC5C0F897B01842DEF772_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A5A0C414FAAA3FAA885CDAD2585BEE3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AB8403005B7722910AEE46511AC734E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CABCB9DB1905C9B453490D9633E60D6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C148D6A5BEE278A1E913F86E387E504_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D1D593423217906FA91AD553C74F3EA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D9B06C939490BB93DE822096F09EA7A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DC5E11E70BC9EB82333FF2611E5CD07_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DA12ED321CE51FB605C943FB1C8F855_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2EDA8DE121A4B9F981F77F75F29D57A3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2EDE5549DB865C4329D55C7337AAE73E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F1C5484103F8FC5CADDD0470A8FEA41_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F2BDCBF85606613235C410F0FAB654B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FC7C04D2E7A23706BE837A47F6C8495_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FDA235C53FDD121256A1C72EE6D73F9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\305286F686B04294E535418228F31C17_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\314997EAFF02C5007E7FC3715B3D009B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31B148ACF2892B8A485DC540D794EFC5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3276EAB0FA0204902C7283D89F83893B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\330DD3999B3C9EFA8124443258F6A68D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36056E5A4A26B446BEF9A09D1DC86CC7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35ACE1FBD2A1AF42FD3337A902739B8B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36179CC94254C7C355AD19D7B91F5607_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36254A0E3D5E5BB61A82DE80F311628C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36765E62563125D52CE1EF8A0B64248C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\382E2D1F40AB8D0FE3DF94BBB61E9CFD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\382ADFC73B155E11280F4D66289D5526_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38AE02A8FC70817B1D934D21FADA560D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39D77CED4E9C8F9D1BB9662961B7A3F9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\383AECB58A4104F6E59625CDA1FDC683_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A1499A418D3CC7B933799F3FEAD65A5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A3494FB29232329D03E2B7B10852888_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38FCB3FA9B82DE71630DA510480ED246_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AA163C55F3A3D7F85C92CF7E092ABD2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3ACE1B046467303B6B8BC1FCD22A5A5E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B4C9D08C3010713F6ADDA711E61EB60_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3BD63BA94B1EA804D7C3EBC7C6B128F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C2F1BEE491130D633BD5A71212E0CB7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C46EB4CB7697ABE496A6498421A8B55_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C7F72C3F63E4A84CFA9CCD2B12B3334_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E4BE26661F0F50D6B86DAA076E879CD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E931C0ACF4C0662C4E8152DA63FB1D3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EFDE1EC74C1726ACDEECF1D1DAAC5EE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40DB375EB2B28B7F45D73A2EC83E8D5D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42BF3C607317EB54BF5EE5B136EBD2B9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4142C1FFE8BF7C553332891364CE09F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42CFD54D8847E30963F275FE85A0F76C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44487FA5EB99C938C3A564721DE67E22_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42FC8DD5E8A2B886EAF9EA0732EC6C8B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44D2D75986D109ADAD9A327919A60676_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44D1551384B4645B2287FAE4B63E7024_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\465BA4ABBA8E9083D0FABED25D377D74_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45B834669DC417D6F4C667239225C580_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4661B43E44762B5F683810B21973B674_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4852EB53EDC7CD37A0D6B6F54A0713FC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48614959E3EC2A9D80AC15B5F2A1615E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4861AE53C1DC58F5C1348392DAA31C3E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48AA008D8CF0EDFE7FFBAD3CBB358225_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49210B96C21B903C9DFC812A3DD7160B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48DD1E1F4AA446953E376680D7C9FE21_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4933F1D191348226217F78DE7C1124DA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\493A82B14D64D3D47B1ACF3090E5D72B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49723B43CD245A65EFCFA23CE236B2BA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B16355530D4B80BC04F098F56482D59_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49D58748B9492A903F10004709B1AE2D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BF8C7DD15D721ED9DE240A6DB5D4AF9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BC2D9DCF8C82164F7A2C4B0E3AFE895_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C54D4B9E7FC63ECF55B523785A21C52_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D4AB4F6F7A086AABB7A2408D1423C3E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D4E951D723E998B80F973899E11F805_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D70516853E6226352EA7AB682BD0312_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D75CF63C8AB5F747F1643A61EDD542F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D8E8377B52AE9D1F27ECC4CD8D5B618_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4DA9C694E80CC892A79CF61FEEBDA03C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E11C44AF11904E2709DED824922C431_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E9DF9BEBD2FC89541E116B7BABD6CD2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F69B07910AEAFDA54148A5BD30906E7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F818BA8CF1CEDE0465E057CD7CBB967_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F9CB169DB593F4D8BF6EC9383B9188F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5062BFE2FA90E14F5169433A7C7AD4BD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\514897679E7A046283A195C5BAC27703_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5199A7868F91B78CF7EF74D7B1D5BA40_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51F3AAB5BBABD7DDBBA2B2F163956F47_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\522B483CF159F0F8F49034051E32930B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\536E097197A7116DD4DE0B4C5B92460A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53DF25DFF609BB72CD7FD6C588A94CB6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53F801F73948E262B23D3AF7596D9650_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\540CB0C4A90ACD634EFE4A4413A4D5A2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55997EBD83F4DCCF1F63E7A16F2C3264_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\559E5BD0497D0174D5CF5D3961D43982_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55C948A4705D775CC951EEC06F2D3E20_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55F0FEE6BBBD76B6A224F8B1B844F286_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55F9A02C7D75A7E5BD793C26EB03399C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5730A047BBD6B1CF40E16D436779449D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\57E062484E80A9A4029E9BA8FA37A976_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\586A36E09FED08556E36C09C195DBB8D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58ED3DE14369FE971B1774D374281DB5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\590728E28A0C1C508F5604F4BFEC6A2A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\595B988AEE34D501AA2A5B1DD306DAAD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59ED0197EA66B1BD96CC93BFDC96772B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A93CFC1BEB7959043F8A06D503C63DF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5AAAC76A8D4C8221D547B29FBBD942E7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5BADE8EF5258851AD84203E26ADC7D1E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D0BA78EEB16E5805949D1DB1C5B1362_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E4C7CEFD7D6ACDAEE21246A6DF7E4C6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\605C7E71FFF227A507181890DBDB99B2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6094531317C43C9791F7B48C7C7083AF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6109B1EFE2708A7229A5E12A6F44C2F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\618C906274345DB4F543BF0F769C9569_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\623CB5AF65D7FEA86B49C5E2FA45EFB1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6260D9B6F1089CCFFED238C0430CA10E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\646B902CA6F5CEBC165C644FC4FE27BB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64775C19A59AFC19C69C456F25892375_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6621810C07B1EEC58CC43D859D1FAC1B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\626838F7AE59C99E283A58F7AC5BFA97_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66BBE2BBE44213B94413D2CC2F418EA5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66C942C738209A006CA987161C8C2BE5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6547BF0CC1DEC4D7E23F342AE5F602B7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68A8E59CDDFF819FC79A825ED4189422_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68B2D1C877711402ABCF57C2E231D9BA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C4B41C188DC4BEB8CD248863BCD0E58_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B0FFE2FD6E8344C4ECE93C76D3893F9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CF2A57BBBD904C15F4B06F16CC8B8DB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CC752536DF375F5D9D3951A3A625807_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D0AC4B489547959DC51F98B904A4E7D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DADC710E9596F247A6BCD2A1915EA68_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DC12D00E450A628B95AD2E0DD2EC72B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4A8AE8457DFAE2939549D4A1141293_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4E2F624B502B3CDD32F090C8294791_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F1C8BFA9769302A74EF2715488B44D1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FBCDD46CC951583D0EB747B185AE7E0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70688A110C4E1BC709D3FBAEB45788D5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7041B8B74BB4E4A04A7F3CBAB788BC66_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\716ABDE81C1134391AC7E4597DB0E092_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71334F3F692055B7C4BD413E1791F1DE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\718F52215C6BC750492A0DFE1F9EB8B7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\718FABF8DE29738222B32BB28BDB2F96_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71FBDD858A6121BAA2CDDCC6069A1778_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72AE527C9220E067AB7E2AD190DC0293_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72822E82E92F965AFFA7BDA20B83197B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73977B751DA34E69BE1C4C1FA5D4B904_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74D7F90F5978F427F9D2419118F4F522_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\759C34BE337DD3E681B3E6CDD5265611_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\747D5462F191B45CDCF4DE3E18EC517D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\75A3DFCB2C987104760F11512079558D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76D1CC9AFD03090CFAAD914720B2D46B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77306B56D1B8090878EEC93673CFE82F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77593925594238F324D2C72161CC1205_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77900308C91FC6F5650B9A415F434365_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78CFE96C09DAB9AB785FB0E26A6E7FC3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79EC420E299D21B500A8878BDACAAA70_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78EC4FF62124FBF1E45B46B7BF792E96_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7975F9B1B549FA954B7183E341BC5016_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A04A3C9408748E13E58377BC3B42DD2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A86A751C5A7D37BF7127E0B66D3C1E0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7AB81A21702034A43B46F3385F81FE36_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B4E812CB39D90DBEECF738E3546A95B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BF7DCC860E1DD14DF482FD9A0BCF4AD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C9CA9BA1C49DD1381F536EE9EB02B59_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CAB8896F2DAFEF14710A5C8BA1276D3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D4FF36C382F8FCFC073077B0E56C0DB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D9AE782A66A98E6E44D91575A9C4DBA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D9823C36C7D03A283849ED8B7F66622_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F2DE00E77E957D06E28FE6BE8B9E4CA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E22B9723A4BD807B9570EF2042B3760_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81958FED41711813EBE00DB620DCB29A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B398F2FA3A4473439FA2401A6999242_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B9A26CCECFA1581BE8CBF55BFE47F03_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81A97D7D92F0FABB4911D3E3CAD802F4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82251A782FA99C09B1B857E4CF312300_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81B54D7CAB94981A50ACB8F29C05D518_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81F6F2F7B854EE2D434AF9A1A268BAE4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83F32BD86DE5464C6AC9F99943289967_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\812CF38267726C540DA1AAA878A2EE6A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85847495EF1E79BD72A0D6CD1AB38749_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\852C73272254EBDA7DAEDA9B36A7032C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84DFB4D22786E349716F16783B26550A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84E241229FAB507CA21C99C1D8964006_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87825F93EADACDF8A7469364142D06CC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D461D11F7754F931973A479A753754_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87909324A0367952586E7F78CE0C86BB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89FF6A9CBCE80C968D8ACAB3E11A2A90_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\894C3A82D6946EB357DE83D1BB22F561_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8822CA1B621600BB49047F95A609C90A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\886E2010896945F7E0342FA49F5F8D9F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A1105F25FA8E8315BC11F4407A6A368_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A81B3F89106546A325BCE88180C3ADD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8AEA07FDBCC73DDC5B5D731AB851F130_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B7FEABEC36FE53772F66E249D321E20_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BF958E647235D3D79D66F368F02D493_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C0C89B676E843348DA8A9AC5D7C22DF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CBCFB7FE5EC77A58F43E5258349E479_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E23775BDB65EC0411C1F3FEE42A6DCA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DED4C527D0625C3ED2271B11987BD87_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D5FE7274AAD956159C984CC619890D1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F88C94BCE5B22665C79C31D221108B7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F129F4E00C216024EFFE86BEF7E5FC0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E69ACEB9CB2BFC5755AF3A0A7B61A60_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9036BF0BEC4D948D0F281DD6B1D29E13_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F90A48FE25BE2CD6FFEEF48423FE4C9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9130DA1784A8FDD424C94026DEE4950C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8EA0460B10F7AF9F76899B7DCB6099D8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\927152C031E56DC4B4B26412DEE1183C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9056DA49588504120AFA170E2F25EBA1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9156DB77AE77FAFBA40E6F6E75E18716_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9388291F1C47F850B5C0B02973E12441_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93BF8F1B2D737A0080B80BD60EE18FB2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94415E2E5FFEE0A8C9D820301C4E2B5F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\949C0E7B9A2F613203E1A87CA8D93DA0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94C1868E6F8AC6555CD368D7CCCAE448_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\952F44B5E8C5188DFF2CE5B6C3C85968_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95356156C094E9231DF0947EE19780C0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\961302E13A07C98AC340EDD321AD160A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96311C7CB8F4589730FB21C86F5F79CC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96F4C3B6EDB942704551F1C37AFBD145_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96F96B7BAAC13E51C62A48BD5631C621_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9736E12DE2630CEDADDA0A172A4791A7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ABEAF7C164705F4F779580548C162BF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\980BC27DCD8716AF99980A9268C37096_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\997BFB3F17BF78504014E64426FDB131_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ABEF70821AF3119BFC3AFF5D5A01144_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B28B3467EBF8B4EDD84F8F3906479AD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B6388335332DFBB1F0B73DC977FD253_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B75DB24786950A1E2AD8C8E1BFD6AF1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C6B88E0F6E83DA1C92B96606B907FB0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C10673F942822190B79B711C3BAAB5C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C4EAEF33270D967DA28BE77BF0D2DDC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D06DED8C8313879FD04C8EEBE62F3B3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F2A58B158313AD6462182581E516805_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E227C2AAB0F3526329C8A84704F3DD3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DE459132FDC831529EB832951C64CAE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F7DE9C77A9792EC127C824AE000FEED_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A071293EE4D9C2825099508AAA1488AF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A016B405CE40F4D5B31C33154F5F422D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A026959528B6072453B46489A9FC2144_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0C717ACB3005A8EDECA39FD8A50D5A1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1166246B0FC6590C1D03D572880364D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A17CE61412BE69735256661F187B3535_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2613D86522FE1AA957C7CF283C0B9C5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A32B597FEC8B898EF2DF92DA9B7B1483_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A342BAD938363A154CBF5536FF4DD5D5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A36276371A25E489482D5BF2BB37A837_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4ADCE3AC7F3C9CD53122E54D59F34D9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A523CF9607078663781B2B0D96458D73_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A55C562CBDD4F38945EAEDAEB97D5157_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5A51ABCBDCF356060CFB0A6B2B5D0DC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5D54B834033B99C300D986609927827_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5F55A2F360423E7C79A78D62C382042_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A66CD8B235BE0B97166345A35728BCD4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A91144EA36FE5E96D5D9D26393E1FFFE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9C05474FFD0C59C0C616B117DD14AE1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA1835C1A4B86DA63C03D5E1503CEB64_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA9A32756654EE9F608C6172E40E2049_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAC8975B3EB7B5D01FF48E273C96A9FC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAD2548D7000257F18E1DFFDCDBDF9F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8A4807A78A142155B60D3FD99B39EA7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD0905C801C11E8A892911D57E552B25_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC12ABAF1363FE081922E8524F5D970D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD93BB59300888505D850A306A2707F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD558DD46A76DA5692617C379E2AA4CF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB6542F6D40CD4464D8E8F6B767C9907_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A77363A78FB40B3DED680D69E91815BC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEC3730A499553280ACEB7833BE1C6D1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF4EAD0EDEAD42AE0C3954FC058FB0C1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B05146317BA4807AB8F688C0C1F18689_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B069053C419AFEC46B2E72305B7A6889_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B08BA80CA627F14DEE1E373152C4EFCF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B09C3675BBBBB3D746066006DC4B292F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B248C89BA5791B4DB7F835C1A14B9B4D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B265EA368AC0E4B059D1F86B481BB2C1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B272BF414D12A6AFFB8F442ABD3598D0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2D0B5480FC91C12F3D0A8F7EB60AD63_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4784074F5434617C2F9539AD4E760D3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2BAA3C205AD589809D866D6DBD0502E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B353B05ADE0EF1C24046ECBE3591C0D0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6833EE2296CB6771BAFAF04C120D135_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B748256E93B73D9F32AB7EFAFF978FB0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7FD7B1941F6317CB30BCA49EBE61561_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B80A7A56DC8690F3C01325A968FDB8C0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B890E19754746066CA66FB9FE1E4A07B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B95207C3244BB5F6692AEA66CA20FB0A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA2DFCBC655C443B3B736963A2502632_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA5F73B40DFE8854DD392A6892EF5B7E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB3AF356A87AB1715B88006540B8DC71_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB671D383F5C834520D60F7B0B811BE4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB8ADE7CDC1EE690C4D5CC7BE885A97B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD0FE1D75A5150C3FE1C49FB7C5BBB33_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC25E8B52725E93422C0F1058913B021_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC672FA6EA05B8A57DC5BA8DDB2853D6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C01AEBB50911C00F7EB26FE437E9C5C2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE11B993876DF294DD5CC2AD00EDC4FE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFAD3ED8D95BF4BAA34B6E8A5DCDD7A3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C074DB2A9AD9AACC417E825AA60EF8F8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C08FB66C38C59C57B7AEF734E7939463_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C113FFDA1CBD83B8DDD1EE5C5438B65E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1BB40B662F7ADA7EDEB6BC8CF39D641_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2723B9AC07F24FA6F111BCF6BAB62AA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2A3DCD00B358570BF169829914883EE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2AFAEF09005C03DFB7B9A7BF2AFC948_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2B16F12ABB8FE6F51404F4A364726E3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C486B48E5328382FB0448CA3E067CD7F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4A6DE49E3D2E26D1A93D9785496B7C3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2D47D902E59DACC107EC65DA1812C59_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2D6B3E3CB439C64D9C8CA211C032097_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4B533595611E026F7854CA8D7AD1711_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C534E0946364CC00A819320A2692E05A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5552440B3D8311A8367FDC9BF22A5D2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C589EA0292C5E5F7D66B376751F94785_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7A346DFE8E55D3EC73667F9D5B85212_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C64B3D0CE3BFE48117E88AA33FC57273_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C628EF45CE5CAD895D153F0525FED324_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C65A07FFC06566EE28733972FC1D68B0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5D343A47DA431461F9FF1D704F713EA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8FF21A4B776362DF762A2623F7BBAC0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8365C0DF681EDD53E8F5D414FB35370_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8B9A7E612FE8CF2FCC98C301519A18E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C905E3E1BA5976E405C53E55DF66C6A1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9D520BB008280B99B6E29A405BA7310_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9DE9619270D0E3E74E5C6DCF1C23B8E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA7DB0BE0CCE10AF57042346F97BA69A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA8C7E9C861A6E10CB53D87ACF873285_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CAD1F57E9EF1034B3D06A58C522A4DA1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB4803914ADBE70B2B73FB6643815550_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB892917A62A707C4EFAD5C6D607149C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC1DA74AC8F65590453FD9DAC901CB8F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC460A7E209EE838956DA4253B505BDC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC7B3FA3F5378859B684994586F0172E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD06F924E4F75B45D258E57D50107EC4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD6DB7AFCA33E782DA4191BAF2629B92_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD76613765A4FB8D7FFA4204FFBCFFD0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE7B2E335FF82619C319DFD8CC0045E1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF7466C2B4284034F63110CF39751455_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D00474D9AE7A64186D67BD320FD31816_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D07AE7EE1CDA7FEBF4812E714C1A2C55_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0B8AE683CAFFE5B0DAB28E18BF90301_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0C22C11394E40B2F107D4ECCEC87CF8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1C09A206AD256060BDA807BF93A42A9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2C3EC3514DAFF326849CC74DE6E7786_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3248232BBE802352B4ECF284C1ACA28_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D34663A50FA9747F36436A96DB927315_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D435770B38CBC39268E4B448F55BE403_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D438E85F6C3E119C86C762912392F676_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D63919DFF6A2541A729D92D887C749ED_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D741FDC962C6959F1B5E3BFB4C8298F4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9A3F1DE67C7D81C32877151DCEA2E4E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D96016F8057CDF6771C85DB5A4B47A97_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB98897D358F7D8F619DDD861B173630_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA7950606CCA7DC3037E59025E2D53CE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC9C691CC7FAF3502BB71C622B832CCB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBDE9F9C484F2F07FD0DF3B0CC9659E8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCB1098364279F349CDBA530E0331993_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD1FAB15766910B6B6D6CBE202633D43_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD5402A01C6963B9719A3A54C994AD29_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE028E0EBB58286803E470E7E73E559E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE921A30B04C4101499615E6591989A1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEDE6BB84B452AB19F9E934DEE32D7FB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEE28D784F5B1BD4D2AD9556C5D32092_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF25B21E8C3CC4C0BD07677CE93D758D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFCF4E3150BC00485170F1F7F5DE63F7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E02867D349A8BC82ACA7A71DA2E3D511_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2291F4634A29BD650091C2723AAF059_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E16D30B1901CF4790FC19622684C82F8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E46DE92BBAD2ECA75CF22BA4365A54B1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E42BA85A180DCE260AEA58540878762A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4AA540193F3B92FB2CF97BF9E1EA756_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5036CB1215CAD56A8CDBAF9C1DDC7DE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E50F5813351B9E7608BC6BE8EC217330_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5749F3C58D64B68EA723F78FC134B3A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E74F7241B2466BFC80FF218CB625851B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E759614F65DA9242D8A5BB91E51F9F6D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E789DE0035434EA134067B032E0A6601_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7DB0F11B6EAC68E82299AA066C523EE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8065710AC6127D200B3FE410C023B50_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E916C4E078CE2931D88F921929A7B2DD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E80F1C4E32667172CCD310F01A1701BE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB63528972361AF061E107424E783209_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAFE58CA5ADDCF6ABAE6A4A987E0E660_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECB7D4B6EC32B59EC70D89357E2FA90C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB9FCDA0C396BA43D3F5435387D241E6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECF4389843F6AAB2041E5182077FEA10_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECE3A3E2D0E96A8BFA7407837746A54D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED02BDE71DFEEFB98616C785F9DD6443_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED7B68FAC118F3C9F2E5C3C2022BCF27_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDE572D777488679394BB16F3191105E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE294B3E0A55762C09A83B7AC1E00A95_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEBD4E541481A0DF2605EDD1B1B0D9B6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE2ADDB6FD7DCA3CE0C4F84FC020D8CC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEDAE374F786E02B8251B57074D91CEA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF44CE22B05B10BB023D620BCCD35DBF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFCB1188063E685A190B76E787EDA927_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F26782E1AC1F7B60DE8149FF77917840_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F13125F3130F121AACC76E975C166A14_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3BBA1F0CE9CAFB572224287AD795D70_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3BE5F626CFAD07BE7EA538742D397B7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4276790D11EBC7CAD04AA4A4BEF8C15_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F49D7B185C52F93726C538B7B2220E84_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4BF87F4A338AEB7BC822E0A73F80CE7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F53B42EBB8A0F4B454B135319521B344_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F619C5AFA4C4DEDA59EEDB89B62B52F5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F67251BF16811E21DA5328C790E94D9F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7279D2EFE243DA2E07CAEF97BE0BF35_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F727FDC98AFD4BB9C2E130536C8C5AAA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F78C19DE9F93B5EC95DB486BE63E3DB3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8702A9F984B61751ED5B75C5A210226_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7BCA8F7FF6A239EECA7490FD9AC3E36_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8CFDB1D8128202CCE2058ED8A3A16C4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F88529EA37DEE3D7C02C10CED1EA484C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA58DD449BCFEF87BF5819C2ADCA11F3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA691C9982B36FCEB0B896D1EB5535D5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC5BF53704A57C040E70B97F350C2D5D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD3D8E2EC010F4C39AC9F25FFD867763_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD43051A60A12AC1A21E254838B27BC6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDC7BFBB8D1C251D535F8BBB008CCC78_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFABDAD76DBD53DAEC9E5DC1E1722BF6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFF27E02541BA811EA325393045AB515_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6

Share this post


Link to post
Share on other sites

Checkup.txt:

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 29

Java 7 Update 2

Java version out of Date!

Adobe Flash Player 11.3.300.262

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (13.0.1)

````````Process Check: objlist.exe by Laurent````````

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Log.txt:

Logfile of random's system information tool 1.09 (written by random/random)

Run by John at 2012-06-23 16:25:45

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 127 GB (53%) free of 238 GB

Total RAM: 2038 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:26:01 PM, on 6/23/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\John\Desktop\RSIT.exe

C:\Program Files\trend micro\John.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/'>http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = John\AppData\Local\Temp\{1F622389-E184-41F9-B1DF-77198C1E351C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--

End of file - 6210 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default

prefs.js - "browser.startup.homepage" - "http://www.yahoo.com/'>http://www.yahoo.com/"

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, vshare@toolbar:1.0.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, DeviceDetection@logitech.com:1.21.0.11, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"

"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.262 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@virtools.com/3DviaPlayer]

"Description"=3Dvia Player For Mozilla Based Broswer

"Path"=C:\Program Files\Virtools\3D Life Player\npvirtools.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

np-mswmp.dll

NPcol400.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\

DeviceDetection@logitech.com

vshare@toolbar

{cce665dd-f6dd-4808-968e-eaec971f70ef}

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\

MyStart Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-03-16 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]

"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]

"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]

"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 1808784]

"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-28 1352272]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

"IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-23 206240]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-02-09 312376]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-09-30 252296]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-04-18 421888]

C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

RollerCoaster Tycoon 3 Registration.lnk - C:\Users\John\AppData\Local\Temp\{1F622389-E184-41F9-B1DF-77198C1E351C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 64592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-04-29 203776]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"vidc.tscc"=tsccvid.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-06-23 16:25:45 ----D---- C:\Program Files\trend micro

2012-06-23 16:25:44 ----D---- C:\rsit

2012-06-23 15:09:46 ----D---- C:\Users\John\AppData\Roaming\f-secure

2012-06-23 15:09:33 ----D---- C:\ProgramData\F-Secure

2012-06-23 10:08:29 ----A---- C:\ComboFix.txt

2012-06-23 10:06:44 ----SHD---- C:\$RECYCLE.BIN

2012-06-23 09:53:32 ----D---- C:\ComboFix

2012-06-23 08:35:45 ----D---- C:\_OTL

2012-06-23 00:21:00 ----A---- C:\TDSSKiller.2.7.41.0_23.06.2012_00.21.00_log.txt

2012-06-23 00:19:25 ----A---- C:\TDSSKiller.2.7.41.0_23.06.2012_00.19.25_log.txt

2012-06-23 00:06:30 ----A---- C:\TDSSKiller.2.7.41.0_23.06.2012_00.06.30_log.txt

2012-06-22 23:37:49 ----A---- C:\TDSSKiller.2.7.41.0_22.06.2012_23.37.49_log.txt

2012-06-22 22:19:10 ----D---- C:\Program Files\ERUNT

2012-06-22 19:20:51 ----A---- C:\Windows\MBR.exe

2012-06-22 19:20:50 ----A---- C:\Windows\zip.exe

2012-06-22 19:20:50 ----A---- C:\Windows\SWSC.exe

2012-06-22 19:20:50 ----A---- C:\Windows\SWREG.exe

2012-06-22 19:20:50 ----A---- C:\Windows\sed.exe

2012-06-22 19:20:50 ----A---- C:\Windows\PEV.exe

2012-06-22 19:20:50 ----A---- C:\Windows\NIRCMD.exe

2012-06-22 19:20:50 ----A---- C:\Windows\grep.exe

2012-06-22 19:18:47 ----D---- C:\Qoobox

2012-06-22 19:18:18 ----D---- C:\Windows\erdnt

2012-06-22 10:24:39 ----D---- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com

2012-06-22 10:24:03 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2012-06-21 10:34:04 ----D---- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-06-21 07:12:58 ----D---- C:\Windows\en

2012-06-21 07:06:03 ----D---- C:\Program Files\Adobe Download Assistant

2012-06-21 07:05:40 ----D---- C:\Program Files\Common Files\Adobe AIR

2012-06-21 06:53:53 ----A---- C:\Windows\system32\wups2.dll

2012-06-21 06:53:53 ----A---- C:\Windows\system32\wuauclt.exe

2012-06-21 06:53:52 ----A---- C:\Windows\system32\wucltux.dll

2012-06-21 06:53:52 ----A---- C:\Windows\system32\wuaueng.dll

2012-06-21 06:53:23 ----A---- C:\Windows\system32\wups.dll

2012-06-21 06:53:23 ----A---- C:\Windows\system32\wudriver.dll

2012-06-21 06:53:23 ----A---- C:\Windows\system32\wuapi.dll

2012-06-21 06:52:47 ----A---- C:\Windows\system32\wuwebv.dll

2012-06-21 06:52:47 ----A---- C:\Windows\system32\wuapp.exe

2012-06-13 22:33:28 ----A---- C:\Windows\system32\mshtmled.dll

2012-06-13 22:33:26 ----A---- C:\Windows\system32\iertutil.dll

2012-06-13 22:33:25 ----A---- C:\Windows\system32\jsproxy.dll

2012-06-13 22:33:25 ----A---- C:\Windows\system32\ieUnatt.exe

2012-06-13 22:33:25 ----A---- C:\Windows\system32\ieui.dll

2012-06-13 22:33:24 ----A---- C:\Windows\system32\wininet.dll

2012-06-13 22:33:23 ----A---- C:\Windows\system32\jscript.dll

2012-06-13 22:33:22 ----A---- C:\Windows\system32\url.dll

2012-06-13 22:33:22 ----A---- C:\Windows\system32\jscript9.dll

2012-06-13 22:33:20 ----A---- C:\Windows\system32\urlmon.dll

2012-06-13 22:33:17 ----A---- C:\Windows\system32\mshtml.dll

2012-06-13 22:33:16 ----A---- C:\Windows\system32\ieframe.dll

2012-06-13 07:40:58 ----A---- C:\Windows\system32\drivers\rdpwd.sys

2012-06-13 07:40:56 ----A---- C:\Windows\system32\msi.dll

2012-06-13 07:40:54 ----A---- C:\Windows\system32\win32k.sys

2012-06-13 07:40:52 ----A---- C:\Windows\system32\rdpwsx.dll

2012-06-13 07:40:52 ----A---- C:\Windows\system32\rdpcorekmts.dll

2012-06-13 07:40:51 ----A---- C:\Windows\system32\rdrmemptylst.exe

2012-06-13 07:40:49 ----A---- C:\Windows\system32\profsvc.dll

2012-06-13 07:40:38 ----A---- C:\Windows\system32\crypt32.dll

2012-06-13 07:40:36 ----A---- C:\Windows\system32\cryptsvc.dll

2012-06-13 07:40:36 ----A---- C:\Windows\system32\cryptnet.dll

2012-06-09 07:59:20 ----D---- C:\ProgramData\Apple Computer

2012-06-09 07:59:20 ----D---- C:\Program Files\QuickTime

2012-05-28 10:04:57 ----D---- C:\ProgramData\3DVIA

2012-05-28 10:04:56 ----A---- C:\Windows\system32\d3dx9_35.dll

2012-05-28 10:04:55 ----A---- C:\Windows\system32\d3dx9_31.dll

2012-05-28 10:04:51 ----D---- C:\Program Files\Virtools

2012-05-28 09:36:31 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2012-06-23 16:25:50 ----D---- C:\Windows\Temp

2012-06-23 16:25:45 ----RD---- C:\Program Files

2012-06-23 15:09:46 ----D---- C:\Program Files\Mozilla Firefox

2012-06-23 15:09:33 ----D---- C:\ProgramData

2012-06-23 14:53:30 ----D---- C:\Windows\system32\config

2012-06-23 14:39:41 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-06-23 12:41:09 ----D---- C:\Windows\System32

2012-06-23 10:03:51 ----D---- C:\Windows

2012-06-23 10:03:51 ----A---- C:\Windows\system.ini

2012-06-23 09:59:33 ----D---- C:\Windows\system32\drivers

2012-06-23 09:59:33 ----D---- C:\Windows\AppPatch

2012-06-23 09:59:31 ----D---- C:\Program Files\Common Files

2012-06-23 08:37:06 ----SHD---- C:\System Volume Information

2012-06-22 22:28:49 ----D---- C:\Users\John\AppData\Roaming\uTorrent

2012-06-22 19:34:29 ----D---- C:\Windows\system32\drivers\etc

2012-06-22 19:20:43 ----D---- C:\Windows\Prefetch

2012-06-22 17:43:58 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-06-22 17:43:57 ----D---- C:\Windows\inf

2012-06-22 13:58:32 ----D---- C:\Program Files\PeerBlock

2012-06-22 10:14:56 ----D---- C:\Windows\system32\wdi

2012-06-21 15:54:53 ----D---- C:\Windows\rescache

2012-06-21 10:55:50 ----D---- C:\Windows\Setup

2012-06-21 10:44:02 ----D---- C:\Program Files\Free Window Registry Repair

2012-06-21 09:00:02 ----D---- C:\Windows\winsxs

2012-06-21 08:59:12 ----D---- C:\Windows\system32\en-US

2012-06-21 08:59:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-06-21 08:59:06 ----D---- C:\Config.Msi

2012-06-21 08:25:08 ----SHD---- C:\Windows\Installer

2012-06-21 07:27:04 ----D---- C:\Windows\Microsoft.NET

2012-06-21 07:27:00 ----RSD---- C:\Windows\assembly

2012-06-21 07:07:27 ----D---- C:\Program Files\Windows Live

2012-06-21 07:05:45 ----D---- C:\Program Files\Adobe

2012-06-21 06:54:02 ----D---- C:\Windows\system32\catroot

2012-06-21 06:53:44 ----D---- C:\Windows\system32\catroot2

2012-06-14 07:10:03 ----D---- C:\Windows\system32\migration

2012-06-14 07:10:02 ----D---- C:\Program Files\Internet Explorer

2012-06-13 22:43:25 ----D---- C:\ProgramData\Microsoft Help

2012-06-13 22:38:11 ----A---- C:\Windows\system32\MRT.exe

2012-06-11 12:54:00 ----SD---- C:\Users\John\AppData\Roaming\Microsoft

2012-05-28 09:36:34 ----D---- C:\Windows\Tasks

2012-05-28 09:36:34 ----D---- C:\Windows\system32\Tasks

2012-05-27 17:32:41 ----D---- C:\Windows\system32\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0x01000000 papycpu;papycpu; C:\Windows\system32\drivers\papycpu.sys [1998-10-06 1984]

R0x01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]

R0x01000000 papyjoy;papyjoy; C:\Windows\system32\drivers\papyjoy.sys [1998-10-06 1888]

R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-06 44376]

R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-06 612184]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-06 337880]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-06 53848]

R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-02-09 112096]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-06 20696]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 38864]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 37328]

R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]

R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]

R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []

S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta; C:\Windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392]

S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-13 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 78336]

S3 catchme;catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys []

S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2011-04-08 40448]

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 131072]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 36864]

S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2011-03-24 14216]

S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2011-03-24 8456]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]

S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-04-13 21784]

S3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [2010-11-06 20080]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12368]

S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-04-13 40984]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]

S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]

S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]

S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]

S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]

S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]

S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-13 52304]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]

S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-13 15872]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-13 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-13 17920]

S3 WSDScan;WSD Scan Support via UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-13 20480]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2010-08-19 61984]

S4 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-06 44768]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 20992]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-08-15 40999448]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-13 20992]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-13 20992]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 293456]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

Info.txt:

info.txt logfile of random's system information tool 1.09 2012-06-23 16:26:06

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

32 Bit HP CIO Components Installer-->MsiExec.exe /I{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}

3DVIA player 5.0.0.20-->MsiExec.exe /X{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}

Adobe Download Assistant-->msiexec /qb /x {9866E5F0-121F-E018-E2D1-2E1770847ABF}

Adobe Download Assistant-->MsiExec.exe /I{9866E5F0-121F-E018-E2D1-2E1770847ABF}

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin

Adobe Reader 9.5.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Apple Application Support-->MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup

calibre-->MsiExec.exe /I{A5425D07-D972-47DA-8133-4D33876D44A4}

Canon IJ Network Scan Utility-->"C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files\Canon\Canon IJ Network Scan Utility\uninst.ini

Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe

Canon MP640 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series

Canon MP640 series User Registration-->C:\Program Files\Canon\IJEREG\MP640 series\UNINST.EXE

Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

EASEUS Partition Master 8.0.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 8.0.1 Home Edition\unins000.exe"

eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

Free M4a to MP3 Converter 7.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"

Free Mp3 Wma Converter V 2.2-->"C:\Program Files\Free mp3 Wma Converter\unins000.exe"

Free Window Registry Repair-->C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG

Hamster Free EbookConverter-->"C:\Program Files\Hamster Soft\Free eBbook Converter\unins000.exe"

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""

HP Photosmart D110 All-In-One Driver 14.0 Rel. 7-->C:\Program Files\HP\Digital Imaging\{14BC6853-A74E-4874-B50D-679889D1544D}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot

Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

Intel® TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall

Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}

Java 7 Update 2-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217002FF}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"

Logitech SetPoint 6.22-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft IntelliPoint 8.1-->msiexec.exe /I {9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}

Microsoft IntelliPoint 8.1-->MsiExec.exe /X{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}

Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}

Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}

Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}

Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}

Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}

Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{2020045B-8DCF-4449-8D5C-EB5BA37440F1}

Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}

Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}

Mozilla Firefox 13.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

Mp3tag v2.49-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE

MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

PeerBlock 1.1 (r518)-->"C:\Program Files\PeerBlock\unins000.exe"

PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"

PS3 Media Server-->"C:\Program Files\PS3 Media Server\uninst.exe"

QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}

RCT3 Soaked-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9

RICOH R5U8xx Media Driver ver.3.62.02-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly

RollerCoaster Tycoon 2 Triple Thrill Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C5D15D2-5351-4F05-A96E-56C20554F977}\Setup.exe" -l0x9

RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE}

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F}

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC}

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270}

Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}

swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}

Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B5B7C5DB-74C3-43E0-8413-0C6C1CA4DED0}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live Remote Client Resources-->MsiExec.exe /I{464B3406-A4D0-4914-910F-7CA4380DCC13}

Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}

Windows Live Remote Service Resources-->MsiExec.exe /I{17504ED4-DB08-40A8-81C2-27D8C01581DA}

Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: John-Laptop

Event Code: 46

Message: Crash dump initialization failed!

Record Number: 138155

Source Name: volmgr

Time Written: 20111007103620.822423-000

Event Type: Error

User:

Computer Name: John-Laptop

Event Code: 46

Message: Crash dump initialization failed!

Record Number: 138150

Source Name: volmgr

Time Written: 20111007103617.218817-000

Event Type: Error

User:

Computer Name: John-Laptop

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 138139

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20111007023747.159664-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: John-Laptop

Event Code: 7000

Message: The DUALSHOCK3 Controller HID Minidriver (USB) Beta service failed to start due to the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Record Number: 137974

Source Name: Service Control Manager

Time Written: 20111006103428.767027-000

Event Type: Error

User:

Computer Name: John-Laptop

Event Code: 7000

Message: The adfs service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 137971

Source Name: Service Control Manager

Time Written: 20111006103419.469411-000

Event Type: Error

User:

=====Application event log=====

Computer Name: John-Laptop

Event Code: 33

Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 12604

Source Name: SideBySide

Time Written: 20100811115052.000000-000

Event Type: Error

User:

Computer Name: John-Laptop

Event Code: 33

Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 12548

Source Name: SideBySide

Time Written: 20100810124447.000000-000

Event Type: Error

User:

Computer Name: John-Laptop

Event Code: 33

Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 12542

Source Name: SideBySide

Time Written: 20100810120919.000000-000

Event Type: Error

User:

Computer Name: John-Laptop

Event Code: 33

Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 12485

Source Name: SideBySide

Time Written: 20100809234803.000000-000

Event Type: Error

User:

Computer Name: John-Laptop

Event Code: 33

Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 12449

Source Name: SideBySide

Time Written: 20100809161035.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: John-Laptop

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x130ac48

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: SKYE-PC

Source Network Address: 192.168.1.137

Source Port: 61198

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 51853

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111002003619.439326-000

Event Type: Audit Success

User:

Computer Name: John-Laptop

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x12b528f

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 51852

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111002002619.413006-000

Event Type: Audit Success

User:

Computer Name: John-Laptop

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x12b508a

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 51851

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111002002619.411006-000

Event Type: Audit Success

User:

Computer Name: John-Laptop

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x12b528f

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: SKYE-PC

Source Network Address: 192.168.1.137

Source Port: 61151

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 51850

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111002002417.542036-000

Event Type: Audit Success

User:

Computer Name: John-Laptop

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x12b508a

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: SKYE-PC

Source Network Address: 192.168.1.137

Source Port: 61150

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 51849

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111002002416.724989-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;c:\Program Files\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\DTS\Binn;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE;C:\Program Files\Windows Live\Shared;C:\Program Files\Calibre2;C:\Program Files\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=1

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel

"PROCESSOR_REVISION"=1601

"CLASSPATH"=.;C:\Program Files\Java\jre7\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre7\lib\ext\QTJava.zip

-----------------EOF-----------------

Utorrent removed, didnt know I had anything from iobit installed. Will update the custom host file next.

Share this post


Link to post
Share on other sites

ID: 23   Posted (edited)

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

NEXT

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

NEXT

Tell me, How is the system now? any sign of "whitesmoke" ?

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Still have redirect issues with Firefox and yahoo. About 90% of all search results takes me to one of these sites:

looksmart.com

searchocity.com

topmarket-search.com

Share this post


Link to post
Share on other sites

Get me a few brief details on the How (the sequence)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.