jwill80
-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by jwill80
-
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Actually doing Restart with Add-ons disabled and then selecting Reset tool-bars and controls and reset all user preferences to defaults seems to have taken care of the issue. -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
*while using firefox. Typing issues... -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Well i start Firefox which takes me to my homepage: yahoo.com, type anything in search bar, for my tests i have been using "dog", click search and once I click on any of the results the address bar basically goes crazy and will go to some random garbage site and then usually bounces to one of the 3 sites mentioned above. Like i said above it is only on yahoo wh -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Still have redirect issues with Firefox and yahoo. About 90% of all search results takes me to one of these sites: looksmart.com searchocity.com topmarket-search.com -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Checkup.txt: Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 29 Java 7 Update 2 Java version out of Date! Adobe Flash Player 11.3.300.262 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (13.0.1) ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Log.txt: Logfile of random's system information tool 1.09 (written by random/random) Run by John at 2012-06-23 16:25:45 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 127 GB (53%) free of 238 GB Total RAM: 2038 MB (47% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:26:01 PM, on 6/23/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\WindowsMobile\wmdcBase.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\John\Desktop\RSIT.exe C:\Program Files\trend micro\John.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/'>http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = John\AppData\Local\Temp\{1F622389-E184-41F9-B1DF-77198C1E351C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- End of file - 6210 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job =========Mozilla firefox========= ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default prefs.js - "browser.startup.homepage" - "http://www.yahoo.com/'>http://www.yahoo.com/" prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, vshare@toolbar:1.0.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, DeviceDetection@logitech.com:1.21.0.11, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3" "wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.262 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308] "Description"=WLPG Install MIME type "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@virtools.com/3DviaPlayer] "Description"=3Dvia Player For Mozilla Based Broswer "Path"=C:\Program Files\Virtools\3D Life Player\npvirtools.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ np-mswmp.dll NPcol400.dll nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\ DeviceDetection@logitech.com vshare@toolbar {cce665dd-f6dd-4808-968e-eaec971f70ef} C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\ MyStart Search.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-06 1003704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-03-16 59272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-06 1003704] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072] "IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 1808784] "EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-28 1352272] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240] "IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-23 206240] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-02-09 312376] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-09-30 252296] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-04-18 421888] C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe RollerCoaster Tycoon 3 Registration.lnk - C:\Users\John\AppData\Local\Temp\{1F622389-E184-41F9-B1DF-77198C1E351C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-09-23 218112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 64592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-04-29 203776] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "vidc.tscc"=tsccvid.dll "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-06-23 16:25:45 ----D---- C:\Program Files\trend micro 2012-06-23 16:25:44 ----D---- C:\rsit 2012-06-23 15:09:46 ----D---- C:\Users\John\AppData\Roaming\f-secure 2012-06-23 15:09:33 ----D---- C:\ProgramData\F-Secure 2012-06-23 10:08:29 ----A---- C:\ComboFix.txt 2012-06-23 10:06:44 ----SHD---- C:\$RECYCLE.BIN 2012-06-23 09:53:32 ----D---- C:\ComboFix 2012-06-23 08:35:45 ----D---- C:\_OTL 2012-06-23 00:21:00 ----A---- C:\TDSSKiller.2.7.41.0_23.06.2012_00.21.00_log.txt 2012-06-23 00:19:25 ----A---- C:\TDSSKiller.2.7.41.0_23.06.2012_00.19.25_log.txt 2012-06-23 00:06:30 ----A---- C:\TDSSKiller.2.7.41.0_23.06.2012_00.06.30_log.txt 2012-06-22 23:37:49 ----A---- C:\TDSSKiller.2.7.41.0_22.06.2012_23.37.49_log.txt 2012-06-22 22:19:10 ----D---- C:\Program Files\ERUNT 2012-06-22 19:20:51 ----A---- C:\Windows\MBR.exe 2012-06-22 19:20:50 ----A---- C:\Windows\zip.exe 2012-06-22 19:20:50 ----A---- C:\Windows\SWSC.exe 2012-06-22 19:20:50 ----A---- C:\Windows\SWREG.exe 2012-06-22 19:20:50 ----A---- C:\Windows\sed.exe 2012-06-22 19:20:50 ----A---- C:\Windows\PEV.exe 2012-06-22 19:20:50 ----A---- C:\Windows\NIRCMD.exe 2012-06-22 19:20:50 ----A---- C:\Windows\grep.exe 2012-06-22 19:18:47 ----D---- C:\Qoobox 2012-06-22 19:18:18 ----D---- C:\Windows\erdnt 2012-06-22 10:24:39 ----D---- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com 2012-06-22 10:24:03 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2012-06-21 10:34:04 ----D---- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-06-21 07:12:58 ----D---- C:\Windows\en 2012-06-21 07:06:03 ----D---- C:\Program Files\Adobe Download Assistant 2012-06-21 07:05:40 ----D---- C:\Program Files\Common Files\Adobe AIR 2012-06-21 06:53:53 ----A---- C:\Windows\system32\wups2.dll 2012-06-21 06:53:53 ----A---- C:\Windows\system32\wuauclt.exe 2012-06-21 06:53:52 ----A---- C:\Windows\system32\wucltux.dll 2012-06-21 06:53:52 ----A---- C:\Windows\system32\wuaueng.dll 2012-06-21 06:53:23 ----A---- C:\Windows\system32\wups.dll 2012-06-21 06:53:23 ----A---- C:\Windows\system32\wudriver.dll 2012-06-21 06:53:23 ----A---- C:\Windows\system32\wuapi.dll 2012-06-21 06:52:47 ----A---- C:\Windows\system32\wuwebv.dll 2012-06-21 06:52:47 ----A---- C:\Windows\system32\wuapp.exe 2012-06-13 22:33:28 ----A---- C:\Windows\system32\mshtmled.dll 2012-06-13 22:33:26 ----A---- C:\Windows\system32\iertutil.dll 2012-06-13 22:33:25 ----A---- C:\Windows\system32\jsproxy.dll 2012-06-13 22:33:25 ----A---- C:\Windows\system32\ieUnatt.exe 2012-06-13 22:33:25 ----A---- C:\Windows\system32\ieui.dll 2012-06-13 22:33:24 ----A---- C:\Windows\system32\wininet.dll 2012-06-13 22:33:23 ----A---- C:\Windows\system32\jscript.dll 2012-06-13 22:33:22 ----A---- C:\Windows\system32\url.dll 2012-06-13 22:33:22 ----A---- C:\Windows\system32\jscript9.dll 2012-06-13 22:33:20 ----A---- C:\Windows\system32\urlmon.dll 2012-06-13 22:33:17 ----A---- C:\Windows\system32\mshtml.dll 2012-06-13 22:33:16 ----A---- C:\Windows\system32\ieframe.dll 2012-06-13 07:40:58 ----A---- C:\Windows\system32\drivers\rdpwd.sys 2012-06-13 07:40:56 ----A---- C:\Windows\system32\msi.dll 2012-06-13 07:40:54 ----A---- C:\Windows\system32\win32k.sys 2012-06-13 07:40:52 ----A---- C:\Windows\system32\rdpwsx.dll 2012-06-13 07:40:52 ----A---- C:\Windows\system32\rdpcorekmts.dll 2012-06-13 07:40:51 ----A---- C:\Windows\system32\rdrmemptylst.exe 2012-06-13 07:40:49 ----A---- C:\Windows\system32\profsvc.dll 2012-06-13 07:40:38 ----A---- C:\Windows\system32\crypt32.dll 2012-06-13 07:40:36 ----A---- C:\Windows\system32\cryptsvc.dll 2012-06-13 07:40:36 ----A---- C:\Windows\system32\cryptnet.dll 2012-06-09 07:59:20 ----D---- C:\ProgramData\Apple Computer 2012-06-09 07:59:20 ----D---- C:\Program Files\QuickTime 2012-05-28 10:04:57 ----D---- C:\ProgramData\3DVIA 2012-05-28 10:04:56 ----A---- C:\Windows\system32\d3dx9_35.dll 2012-05-28 10:04:55 ----A---- C:\Windows\system32\d3dx9_31.dll 2012-05-28 10:04:51 ----D---- C:\Program Files\Virtools 2012-05-28 09:36:31 ----A---- C:\Windows\system32\FlashPlayerApp.exe ======List of files/folders modified in the last 1 month====== 2012-06-23 16:25:50 ----D---- C:\Windows\Temp 2012-06-23 16:25:45 ----RD---- C:\Program Files 2012-06-23 15:09:46 ----D---- C:\Program Files\Mozilla Firefox 2012-06-23 15:09:33 ----D---- C:\ProgramData 2012-06-23 14:53:30 ----D---- C:\Windows\system32\config 2012-06-23 14:39:41 ----D---- C:\Program Files\Mozilla Maintenance Service 2012-06-23 12:41:09 ----D---- C:\Windows\System32 2012-06-23 10:03:51 ----D---- C:\Windows 2012-06-23 10:03:51 ----A---- C:\Windows\system.ini 2012-06-23 09:59:33 ----D---- C:\Windows\system32\drivers 2012-06-23 09:59:33 ----D---- C:\Windows\AppPatch 2012-06-23 09:59:31 ----D---- C:\Program Files\Common Files 2012-06-23 08:37:06 ----SHD---- C:\System Volume Information 2012-06-22 22:28:49 ----D---- C:\Users\John\AppData\Roaming\uTorrent 2012-06-22 19:34:29 ----D---- C:\Windows\system32\drivers\etc 2012-06-22 19:20:43 ----D---- C:\Windows\Prefetch 2012-06-22 17:43:58 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-06-22 17:43:57 ----D---- C:\Windows\inf 2012-06-22 13:58:32 ----D---- C:\Program Files\PeerBlock 2012-06-22 10:14:56 ----D---- C:\Windows\system32\wdi 2012-06-21 15:54:53 ----D---- C:\Windows\rescache 2012-06-21 10:55:50 ----D---- C:\Windows\Setup 2012-06-21 10:44:02 ----D---- C:\Program Files\Free Window Registry Repair 2012-06-21 09:00:02 ----D---- C:\Windows\winsxs 2012-06-21 08:59:12 ----D---- C:\Windows\system32\en-US 2012-06-21 08:59:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-06-21 08:59:06 ----D---- C:\Config.Msi 2012-06-21 08:25:08 ----SHD---- C:\Windows\Installer 2012-06-21 07:27:04 ----D---- C:\Windows\Microsoft.NET 2012-06-21 07:27:00 ----RSD---- C:\Windows\assembly 2012-06-21 07:07:27 ----D---- C:\Program Files\Windows Live 2012-06-21 07:05:45 ----D---- C:\Program Files\Adobe 2012-06-21 06:54:02 ----D---- C:\Windows\system32\catroot 2012-06-21 06:53:44 ----D---- C:\Windows\system32\catroot2 2012-06-14 07:10:03 ----D---- C:\Windows\system32\migration 2012-06-14 07:10:02 ----D---- C:\Program Files\Internet Explorer 2012-06-13 22:43:25 ----D---- C:\ProgramData\Microsoft Help 2012-06-13 22:38:11 ----A---- C:\Windows\system32\MRT.exe 2012-06-11 12:54:00 ----SD---- C:\Users\John\AppData\Roaming\Microsoft 2012-05-28 09:36:34 ----D---- C:\Windows\Tasks 2012-05-28 09:36:34 ----D---- C:\Windows\system32\Tasks 2012-05-27 17:32:41 ----D---- C:\Windows\system32\Macromed ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R0x01000000 papycpu;papycpu; C:\Windows\system32\drivers\papycpu.sys [1998-10-06 1984] R0x01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984] R0x01000000 papyjoy;papyjoy; C:\Windows\system32\drivers\papyjoy.sys [1998-10-06 1888] R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-06 44376] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-06 612184] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-06 337880] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-06 53848] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-02-09 112096] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-06 20696] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400] R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 38864] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 37328] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736] R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992] R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [] S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta; C:\Windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-13 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 78336] S3 catchme;catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [] S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2011-04-08 40448] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 36864] S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2011-03-24 14216] S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2011-03-24 8456] S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168] S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-04-13 21784] S3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [2010-11-06 20080] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12368] S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-04-13 40984] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208] S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112] S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680] S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360] S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176] S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568] S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-13 52304] S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224] S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-13 15872] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-13 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968] S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-13 17920] S3 WSDScan;WSD Scan Support via UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-13 20480] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2010-08-19 61984] S4 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-06 44768] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 20992] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-08-15 40999448] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-13 20992] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-13 20992] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 293456] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] -----------------EOF----------------- Info.txt: info.txt logfile of random's system information tool 1.09 2012-06-23 16:26:06 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} 32 Bit HP CIO Components Installer-->MsiExec.exe /I{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C} 3DVIA player 5.0.0.20-->MsiExec.exe /X{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6} Adobe Download Assistant-->msiexec /qb /x {9866E5F0-121F-E018-E2D1-2E1770847ABF} Adobe Download Assistant-->MsiExec.exe /I{9866E5F0-121F-E018-E2D1-2E1770847ABF} Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin Adobe Reader 9.5.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001} Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Apple Application Support-->MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup calibre-->MsiExec.exe /I{A5425D07-D972-47DA-8133-4D33876D44A4} Canon IJ Network Scan Utility-->"C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files\Canon\Canon IJ Network Scan Utility\uninst.ini Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe Canon MP640 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series Canon MP640 series User Registration-->C:\Program Files\Canon\IJEREG\MP640 series\UNINST.EXE Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} EASEUS Partition Master 8.0.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 8.0.1 Home Edition\unins000.exe" eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" Free M4a to MP3 Converter 7.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe" Free Mp3 Wma Converter V 2.2-->"C:\Program Files\Free mp3 Wma Converter\unins000.exe" Free Window Registry Repair-->C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG Hamster Free EbookConverter-->"C:\Program Files\Hamster Soft\Free eBbook Converter\unins000.exe" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" HP Photosmart D110 All-In-One Driver 14.0 Rel. 7-->C:\Program Files\HP\Digital Imaging\{14BC6853-A74E-4874-B50D-679889D1544D}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel® TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF} Java 7 Update 2-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217002FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe" Logitech SetPoint 6.22-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft IntelliPoint 8.1-->msiexec.exe /I {9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04} Microsoft IntelliPoint 8.1-->MsiExec.exe /X{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9} Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10} Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8} Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{2020045B-8DCF-4449-8D5C-EB5BA37440F1} Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{FA9C3624-C693-4423-8A8B-2BC2B9F607AB} Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} Mozilla Firefox 13.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" Mp3tag v2.49-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} PeerBlock 1.1 (r518)-->"C:\Program Files\PeerBlock\unins000.exe" PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" PS3 Media Server-->"C:\Program Files\PS3 Media Server\uninst.exe" QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0} RCT3 Soaked-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9 RICOH R5U8xx Media Driver ver.3.62.02-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly RollerCoaster Tycoon 2 Triple Thrill Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C5D15D2-5351-4F05-A96E-56C20554F977}\Setup.exe" -l0x9 RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE} Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC} Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270} Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7} swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784} Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B5B7C5DB-74C3-43E0-8413-0C6C1CA4DED0} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live Remote Client Resources-->MsiExec.exe /I{464B3406-A4D0-4914-910F-7CA4380DCC13} Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF} Windows Live Remote Service Resources-->MsiExec.exe /I{17504ED4-DB08-40A8-81C2-27D8C01581DA} Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======System event log====== Computer Name: John-Laptop Event Code: 46 Message: Crash dump initialization failed! Record Number: 138155 Source Name: volmgr Time Written: 20111007103620.822423-000 Event Type: Error User: Computer Name: John-Laptop Event Code: 46 Message: Crash dump initialization failed! Record Number: 138150 Source Name: volmgr Time Written: 20111007103617.218817-000 Event Type: Error User: Computer Name: John-Laptop Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 138139 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20111007023747.159664-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: John-Laptop Event Code: 7000 Message: The DUALSHOCK3 Controller HID Minidriver (USB) Beta service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Record Number: 137974 Source Name: Service Control Manager Time Written: 20111006103428.767027-000 Event Type: Error User: Computer Name: John-Laptop Event Code: 7000 Message: The adfs service failed to start due to the following error: The system cannot find the file specified. Record Number: 137971 Source Name: Service Control Manager Time Written: 20111006103419.469411-000 Event Type: Error User: =====Application event log===== Computer Name: John-Laptop Event Code: 33 Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Record Number: 12604 Source Name: SideBySide Time Written: 20100811115052.000000-000 Event Type: Error User: Computer Name: John-Laptop Event Code: 33 Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Record Number: 12548 Source Name: SideBySide Time Written: 20100810124447.000000-000 Event Type: Error User: Computer Name: John-Laptop Event Code: 33 Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Record Number: 12542 Source Name: SideBySide Time Written: 20100810120919.000000-000 Event Type: Error User: Computer Name: John-Laptop Event Code: 33 Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Record Number: 12485 Source Name: SideBySide Time Written: 20100809234803.000000-000 Event Type: Error User: Computer Name: John-Laptop Event Code: 33 Message: Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Record Number: 12449 Source Name: SideBySide Time Written: 20100809161035.000000-000 Event Type: Error User: =====Security event log===== Computer Name: John-Laptop Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x130ac48 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: SKYE-PC Source Network Address: 192.168.1.137 Source Port: 61198 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 51853 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111002003619.439326-000 Event Type: Audit Success User: Computer Name: John-Laptop Event Code: 4634 Message: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x12b528f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Record Number: 51852 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111002002619.413006-000 Event Type: Audit Success User: Computer Name: John-Laptop Event Code: 4634 Message: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x12b508a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Record Number: 51851 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111002002619.411006-000 Event Type: Audit Success User: Computer Name: John-Laptop Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x12b528f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: SKYE-PC Source Network Address: 192.168.1.137 Source Port: 61151 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 51850 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111002002417.542036-000 Event Type: Audit Success User: Computer Name: John-Laptop Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x12b508a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: SKYE-PC Source Network Address: 192.168.1.137 Source Port: 61150 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 51849 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111002002416.724989-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;c:\Program Files\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\DTS\Binn;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE;C:\Program Files\Windows Live\Shared;C:\Program Files\Calibre2;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=1 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=1601 "CLASSPATH"=.;C:\Program Files\Java\jre7\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre7\lib\ext\QTJava.zip -----------------EOF----------------- Utorrent removed, didnt know I had anything from iobit installed. Will update the custom host file next. -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
F-secure scan: Scanning Report Saturday, June 23, 2012 15:09:45 - 16:15:16 Computer name: JOHN-LAPTOP Scanning type: Scan system for malware, spyware and rootkits Target: C:\ No malware found Statistics Scanned: Files: 153759 System: 4156 Not scanned: 597 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT{6DCA2F8D-B686-11DF-AE96-001D094CCC0D}.TMCONTAINER00000000000000000002.REGTRANS-MS C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT.LOG2 C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT{6DCA2F8D-B686-11DF-AE96-001D094CCC0D}.TMCONTAINER00000000000000000001.REGTRANS-MS C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT.LOG1 C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT{6DCA2F8D-B686-11DF-AE96-001D094CCC0D}.TM.BLF C:\WINDOWS\SYSTEM32\MICROSOFT\PROTECT\RECOVERY\RECOVERY.DAT C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1 C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT C:\USERS\JOHN\NTUSER.DAT C:\USERS\JOHN\NTUSER.DAT.LOG1 C:\USERS\JOHN\NTUSER.DAT.LOG2 C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FFNMK6OX.DEFAULT\PARENT.LOCK C:\USERS\JOHN\APPDATA\LOCAL\TEMP\HSPERFDATA_JOHN\2760 C:\USERS\JOHN\APPDATA\LOCAL\TEMP\HSPERFDATA_JOHN\848 C:\USERS\JOHN\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT C:\USERS\JOHN\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1 C:\USERS\JOHN\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2 C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1 C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2 C:\SYSTEM VOLUME INFORMATION\{10CD7EF7-B8A9-11E1-8483-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7F7BD546-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7F7BD5A5-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7F7BD5A9-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7F7BD5AD-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7F7BD5D1-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7F7BD5CD-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7F7BD5D7-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7F7BD5DB-BB4C-11E1-816A-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{DCA6392A-BBA0-11E1-AE4E-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{F96D083F-BC93-11E1-A873-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{F96D0844-BC93-11E1-A873-001D094CCC0D}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\WINDOWSIMAGEBACKUP\SPPMETADATACACHE\{B0979AE8-216B-4FFD-B266-7E87A3F7E6F5} C:\SYSTEM VOLUME INFORMATION\WINDOWSIMAGEBACKUP\CATALOG\BACKUPGLOBALCATALOG C:\SYSTEM VOLUME INFORMATION\WINDOWSIMAGEBACKUP\CATALOG\GLOBALCATALOG C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT C:\QOOBOX\BACKENV\SETPATH.BAT C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT C:\QOOBOX\BACKENV\SYSPATH.DAT C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT C:\QOOBOX\BACKENV\VIKPEV00 C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\000A83A45BCC3B1209F01105B5F3A728_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\009050B0C9B1D449113C227045B84357_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0091919A08B9747CE59B91C4B0666529_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0095448E54ADEB5D1A035E43D974B081_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00C768A5B1061D6435927CBD94CBC302_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01A0DD8E4BD489EE5B87C3B710045A0B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02222182CFBE7624DAA8BD8873C8D271_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02298F04C3C5777CEDC8EE7696580873_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02E711E26E02CA010A3A665A1D865593_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02ED98D1DD3BE8A34303B9EB9AB72982_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0325003A322773E1CCB7374DEE77BCEE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\034FBEBD5AB7D96E932F9DB6D0CF38F4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03495070A22125E726A605203979C3BC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0370EA50FFC4BB87AFDD372E87361A4A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03B7C78B1381C3522D34CDD04527C13E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03EB9EF7E972C39FAC9AA23DDFE32475_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\041BC01780F84D948451EA9712838F09_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\046EC1AB29B1151379B0F6DEE878AE3C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\053A62B4973A35648C3FDB1D4F14DC69_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07096783CE73E1AA9EFBCDE8AA7F9A63_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0720B80869E1BF29AFAC7CBD1F64B974_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075895A86A7F12E1CFD1FC56E7321E11_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075AFDFE4D16DA20E237770BB5A49316_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07F1D244463E3478A92EEE42C8607C70_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\084D8048E338539F9F2C973FB813AFC3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\096126A516FAC74BEF9C817B4D01E0E4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09FF250B576CE53CC82C1D7096DCBACC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C4B9CEE3114F6A70063A763CB2E0C42_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D8926B02F998CFD3DB144DD8200989E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C2EBE128F5B2230BD73CA4BC2DAE068_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DB1F51FF3B7EAC6189EE5D6FC4B627A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E56D52753B92C2EE51F357CC3304BCB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EBD02AB3881E2A146852EF895F1EAE3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0ECDE63EB0B38DD1419C7D6A9BE8EC6D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EFD8D41D4BEBD729C77DA58EF26C060_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F96BA03665CDFA7A13E2406DADA672D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FD4FBDE59900985BCA50CBFCFFE3321_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10A4ECAB8AA35F949331E61B8B55EBE3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10CD4DA4B21FC6A46CEF5B960031B269_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1122C0787DEBD89F1C8C48E0DFDD2C27_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12C179D8B097D7B8597BFFE25450E11B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\126557EABF96A9668805C0649E5AC57A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14ECA1FF1EE8DDFB7851446AF98582C9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15AA15A9D3D5BE81461143CB3A175E8B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15F40EE3A2B964784E48204540F8BB28_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15D4C898F24B257EB63F3C2623F077FD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\160F88A3C25853D7F436EA627E9F2C94_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\164C14F198474281DC295EE71CF08266_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\177095E39448EEAA530E2CB390F8DE33_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1809644260975FE64D3AC09B1A643F22_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\181551EC4B945A4B52FADC74E1914A5F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\182BFCCC3BFE9DF44DC2659B50F20165_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\192955F1A8DC99C192B47B02B4EA1552_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1967B457F811E0E513B0DF00EBD4F53F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1970C5F2406DE915C651D3FBDA8C942E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CD090068831A222994FFC28E25E563F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D0AABD0C07D3E1F2CC199AF6FBF75E5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D828D5FC38EA3B4849A70A5826E49AC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DE11D71D05834D84C806A6BF266A15D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1ED5B2B917911E4034823C6D47445291_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F042D775E8D60E2882459089C7C9088_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F2AB3E809EF9C92E53FBA6BEF423797_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F2E1647DBFAE93792063C62E7674C90_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FEF103D1C2C6977566DEC0D76BC25C7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\219312F6F5AB6B426693DA5D59B52F79_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22060CBB1649C68F353F1AEACC3E1662_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\229D3FB04879DEBC78DD08903E47F641_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23205263F92669871952BBAB8249FB12_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2340695FB9380CD0D5CE70D3DC106587_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23835E58C88291035398490C238D50CE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\239786900A35BFFCA454F7AD8EE051FD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23EF1FC892140AE77E9881F68AF8D612_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23CAFDEA94D94D8F8DA45563A335B858_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24F05F91246C877586EE7BC3F3DBBB31_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25BB7548302373536A6FA913374F8FBA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25DAE919EA7C6D3F886B5EE9C3596388_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25F3C148BF5D80E6AC224383D548F632_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\266A7E871D9C71F2FABE2BC012F5850B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26E879E5ACA44F1907FD478A1142B5BB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2718ABB5900E2823A16077943B2EEA12_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A17FE77644E5C484CA3EEBE5B034F1D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A26590EC74773132C5860D5FDE69E85_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29A1D6D8C0BFC5C0F897B01842DEF772_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A5A0C414FAAA3FAA885CDAD2585BEE3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AB8403005B7722910AEE46511AC734E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CABCB9DB1905C9B453490D9633E60D6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C148D6A5BEE278A1E913F86E387E504_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D1D593423217906FA91AD553C74F3EA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D9B06C939490BB93DE822096F09EA7A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DC5E11E70BC9EB82333FF2611E5CD07_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DA12ED321CE51FB605C943FB1C8F855_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2EDA8DE121A4B9F981F77F75F29D57A3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2EDE5549DB865C4329D55C7337AAE73E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F1C5484103F8FC5CADDD0470A8FEA41_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F2BDCBF85606613235C410F0FAB654B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FC7C04D2E7A23706BE837A47F6C8495_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FDA235C53FDD121256A1C72EE6D73F9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\305286F686B04294E535418228F31C17_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\314997EAFF02C5007E7FC3715B3D009B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31B148ACF2892B8A485DC540D794EFC5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3276EAB0FA0204902C7283D89F83893B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\330DD3999B3C9EFA8124443258F6A68D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36056E5A4A26B446BEF9A09D1DC86CC7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35ACE1FBD2A1AF42FD3337A902739B8B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36179CC94254C7C355AD19D7B91F5607_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36254A0E3D5E5BB61A82DE80F311628C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36765E62563125D52CE1EF8A0B64248C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\382E2D1F40AB8D0FE3DF94BBB61E9CFD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\382ADFC73B155E11280F4D66289D5526_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38AE02A8FC70817B1D934D21FADA560D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39D77CED4E9C8F9D1BB9662961B7A3F9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\383AECB58A4104F6E59625CDA1FDC683_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A1499A418D3CC7B933799F3FEAD65A5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A3494FB29232329D03E2B7B10852888_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38FCB3FA9B82DE71630DA510480ED246_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AA163C55F3A3D7F85C92CF7E092ABD2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3ACE1B046467303B6B8BC1FCD22A5A5E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B4C9D08C3010713F6ADDA711E61EB60_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3BD63BA94B1EA804D7C3EBC7C6B128F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C2F1BEE491130D633BD5A71212E0CB7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C46EB4CB7697ABE496A6498421A8B55_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C7F72C3F63E4A84CFA9CCD2B12B3334_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E4BE26661F0F50D6B86DAA076E879CD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E931C0ACF4C0662C4E8152DA63FB1D3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EFDE1EC74C1726ACDEECF1D1DAAC5EE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40DB375EB2B28B7F45D73A2EC83E8D5D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42BF3C607317EB54BF5EE5B136EBD2B9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4142C1FFE8BF7C553332891364CE09F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42CFD54D8847E30963F275FE85A0F76C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44487FA5EB99C938C3A564721DE67E22_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42FC8DD5E8A2B886EAF9EA0732EC6C8B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44D2D75986D109ADAD9A327919A60676_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44D1551384B4645B2287FAE4B63E7024_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\465BA4ABBA8E9083D0FABED25D377D74_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45B834669DC417D6F4C667239225C580_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4661B43E44762B5F683810B21973B674_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4852EB53EDC7CD37A0D6B6F54A0713FC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48614959E3EC2A9D80AC15B5F2A1615E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4861AE53C1DC58F5C1348392DAA31C3E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48AA008D8CF0EDFE7FFBAD3CBB358225_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49210B96C21B903C9DFC812A3DD7160B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48DD1E1F4AA446953E376680D7C9FE21_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4933F1D191348226217F78DE7C1124DA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\493A82B14D64D3D47B1ACF3090E5D72B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49723B43CD245A65EFCFA23CE236B2BA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B16355530D4B80BC04F098F56482D59_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49D58748B9492A903F10004709B1AE2D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BF8C7DD15D721ED9DE240A6DB5D4AF9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BC2D9DCF8C82164F7A2C4B0E3AFE895_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C54D4B9E7FC63ECF55B523785A21C52_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D4AB4F6F7A086AABB7A2408D1423C3E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D4E951D723E998B80F973899E11F805_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D70516853E6226352EA7AB682BD0312_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D75CF63C8AB5F747F1643A61EDD542F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D8E8377B52AE9D1F27ECC4CD8D5B618_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4DA9C694E80CC892A79CF61FEEBDA03C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E11C44AF11904E2709DED824922C431_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E9DF9BEBD2FC89541E116B7BABD6CD2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F69B07910AEAFDA54148A5BD30906E7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F818BA8CF1CEDE0465E057CD7CBB967_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F9CB169DB593F4D8BF6EC9383B9188F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5062BFE2FA90E14F5169433A7C7AD4BD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\514897679E7A046283A195C5BAC27703_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5199A7868F91B78CF7EF74D7B1D5BA40_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51F3AAB5BBABD7DDBBA2B2F163956F47_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\522B483CF159F0F8F49034051E32930B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\536E097197A7116DD4DE0B4C5B92460A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53DF25DFF609BB72CD7FD6C588A94CB6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53F801F73948E262B23D3AF7596D9650_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\540CB0C4A90ACD634EFE4A4413A4D5A2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55997EBD83F4DCCF1F63E7A16F2C3264_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\559E5BD0497D0174D5CF5D3961D43982_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55C948A4705D775CC951EEC06F2D3E20_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55F0FEE6BBBD76B6A224F8B1B844F286_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55F9A02C7D75A7E5BD793C26EB03399C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5730A047BBD6B1CF40E16D436779449D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\57E062484E80A9A4029E9BA8FA37A976_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\586A36E09FED08556E36C09C195DBB8D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58ED3DE14369FE971B1774D374281DB5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\590728E28A0C1C508F5604F4BFEC6A2A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\595B988AEE34D501AA2A5B1DD306DAAD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59ED0197EA66B1BD96CC93BFDC96772B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A93CFC1BEB7959043F8A06D503C63DF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5AAAC76A8D4C8221D547B29FBBD942E7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5BADE8EF5258851AD84203E26ADC7D1E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D0BA78EEB16E5805949D1DB1C5B1362_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E4C7CEFD7D6ACDAEE21246A6DF7E4C6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\605C7E71FFF227A507181890DBDB99B2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6094531317C43C9791F7B48C7C7083AF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6109B1EFE2708A7229A5E12A6F44C2F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\618C906274345DB4F543BF0F769C9569_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\623CB5AF65D7FEA86B49C5E2FA45EFB1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6260D9B6F1089CCFFED238C0430CA10E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\646B902CA6F5CEBC165C644FC4FE27BB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64775C19A59AFC19C69C456F25892375_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6621810C07B1EEC58CC43D859D1FAC1B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\626838F7AE59C99E283A58F7AC5BFA97_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66BBE2BBE44213B94413D2CC2F418EA5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66C942C738209A006CA987161C8C2BE5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6547BF0CC1DEC4D7E23F342AE5F602B7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68A8E59CDDFF819FC79A825ED4189422_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68B2D1C877711402ABCF57C2E231D9BA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C4B41C188DC4BEB8CD248863BCD0E58_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B0FFE2FD6E8344C4ECE93C76D3893F9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CF2A57BBBD904C15F4B06F16CC8B8DB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CC752536DF375F5D9D3951A3A625807_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D0AC4B489547959DC51F98B904A4E7D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DADC710E9596F247A6BCD2A1915EA68_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DC12D00E450A628B95AD2E0DD2EC72B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4A8AE8457DFAE2939549D4A1141293_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4E2F624B502B3CDD32F090C8294791_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F1C8BFA9769302A74EF2715488B44D1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FBCDD46CC951583D0EB747B185AE7E0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70688A110C4E1BC709D3FBAEB45788D5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7041B8B74BB4E4A04A7F3CBAB788BC66_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\716ABDE81C1134391AC7E4597DB0E092_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71334F3F692055B7C4BD413E1791F1DE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\718F52215C6BC750492A0DFE1F9EB8B7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\718FABF8DE29738222B32BB28BDB2F96_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71FBDD858A6121BAA2CDDCC6069A1778_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72AE527C9220E067AB7E2AD190DC0293_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72822E82E92F965AFFA7BDA20B83197B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73977B751DA34E69BE1C4C1FA5D4B904_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74D7F90F5978F427F9D2419118F4F522_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\759C34BE337DD3E681B3E6CDD5265611_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\747D5462F191B45CDCF4DE3E18EC517D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\75A3DFCB2C987104760F11512079558D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76D1CC9AFD03090CFAAD914720B2D46B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77306B56D1B8090878EEC93673CFE82F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77593925594238F324D2C72161CC1205_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77900308C91FC6F5650B9A415F434365_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78CFE96C09DAB9AB785FB0E26A6E7FC3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79EC420E299D21B500A8878BDACAAA70_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78EC4FF62124FBF1E45B46B7BF792E96_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7975F9B1B549FA954B7183E341BC5016_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A04A3C9408748E13E58377BC3B42DD2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A86A751C5A7D37BF7127E0B66D3C1E0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7AB81A21702034A43B46F3385F81FE36_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B4E812CB39D90DBEECF738E3546A95B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BF7DCC860E1DD14DF482FD9A0BCF4AD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C9CA9BA1C49DD1381F536EE9EB02B59_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CAB8896F2DAFEF14710A5C8BA1276D3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D4FF36C382F8FCFC073077B0E56C0DB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D9AE782A66A98E6E44D91575A9C4DBA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D9823C36C7D03A283849ED8B7F66622_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F2DE00E77E957D06E28FE6BE8B9E4CA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E22B9723A4BD807B9570EF2042B3760_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81958FED41711813EBE00DB620DCB29A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B398F2FA3A4473439FA2401A6999242_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B9A26CCECFA1581BE8CBF55BFE47F03_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81A97D7D92F0FABB4911D3E3CAD802F4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82251A782FA99C09B1B857E4CF312300_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81B54D7CAB94981A50ACB8F29C05D518_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81F6F2F7B854EE2D434AF9A1A268BAE4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83F32BD86DE5464C6AC9F99943289967_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\812CF38267726C540DA1AAA878A2EE6A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85847495EF1E79BD72A0D6CD1AB38749_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\852C73272254EBDA7DAEDA9B36A7032C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84DFB4D22786E349716F16783B26550A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84E241229FAB507CA21C99C1D8964006_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87825F93EADACDF8A7469364142D06CC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D461D11F7754F931973A479A753754_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87909324A0367952586E7F78CE0C86BB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89FF6A9CBCE80C968D8ACAB3E11A2A90_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\894C3A82D6946EB357DE83D1BB22F561_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8822CA1B621600BB49047F95A609C90A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\886E2010896945F7E0342FA49F5F8D9F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A1105F25FA8E8315BC11F4407A6A368_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A81B3F89106546A325BCE88180C3ADD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8AEA07FDBCC73DDC5B5D731AB851F130_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B7FEABEC36FE53772F66E249D321E20_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BF958E647235D3D79D66F368F02D493_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C0C89B676E843348DA8A9AC5D7C22DF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CBCFB7FE5EC77A58F43E5258349E479_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E23775BDB65EC0411C1F3FEE42A6DCA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DED4C527D0625C3ED2271B11987BD87_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D5FE7274AAD956159C984CC619890D1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F88C94BCE5B22665C79C31D221108B7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F129F4E00C216024EFFE86BEF7E5FC0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E69ACEB9CB2BFC5755AF3A0A7B61A60_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9036BF0BEC4D948D0F281DD6B1D29E13_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F90A48FE25BE2CD6FFEEF48423FE4C9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9130DA1784A8FDD424C94026DEE4950C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8EA0460B10F7AF9F76899B7DCB6099D8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\927152C031E56DC4B4B26412DEE1183C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9056DA49588504120AFA170E2F25EBA1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9156DB77AE77FAFBA40E6F6E75E18716_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9388291F1C47F850B5C0B02973E12441_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93BF8F1B2D737A0080B80BD60EE18FB2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94415E2E5FFEE0A8C9D820301C4E2B5F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\949C0E7B9A2F613203E1A87CA8D93DA0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94C1868E6F8AC6555CD368D7CCCAE448_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\952F44B5E8C5188DFF2CE5B6C3C85968_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95356156C094E9231DF0947EE19780C0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\961302E13A07C98AC340EDD321AD160A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96311C7CB8F4589730FB21C86F5F79CC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96F4C3B6EDB942704551F1C37AFBD145_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96F96B7BAAC13E51C62A48BD5631C621_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9736E12DE2630CEDADDA0A172A4791A7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ABEAF7C164705F4F779580548C162BF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\980BC27DCD8716AF99980A9268C37096_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\997BFB3F17BF78504014E64426FDB131_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ABEF70821AF3119BFC3AFF5D5A01144_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B28B3467EBF8B4EDD84F8F3906479AD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B6388335332DFBB1F0B73DC977FD253_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B75DB24786950A1E2AD8C8E1BFD6AF1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C6B88E0F6E83DA1C92B96606B907FB0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C10673F942822190B79B711C3BAAB5C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C4EAEF33270D967DA28BE77BF0D2DDC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D06DED8C8313879FD04C8EEBE62F3B3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F2A58B158313AD6462182581E516805_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E227C2AAB0F3526329C8A84704F3DD3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DE459132FDC831529EB832951C64CAE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F7DE9C77A9792EC127C824AE000FEED_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A071293EE4D9C2825099508AAA1488AF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A016B405CE40F4D5B31C33154F5F422D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A026959528B6072453B46489A9FC2144_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0C717ACB3005A8EDECA39FD8A50D5A1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1166246B0FC6590C1D03D572880364D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A17CE61412BE69735256661F187B3535_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2613D86522FE1AA957C7CF283C0B9C5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A32B597FEC8B898EF2DF92DA9B7B1483_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A342BAD938363A154CBF5536FF4DD5D5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A36276371A25E489482D5BF2BB37A837_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4ADCE3AC7F3C9CD53122E54D59F34D9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A523CF9607078663781B2B0D96458D73_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A55C562CBDD4F38945EAEDAEB97D5157_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5A51ABCBDCF356060CFB0A6B2B5D0DC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5D54B834033B99C300D986609927827_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5F55A2F360423E7C79A78D62C382042_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A66CD8B235BE0B97166345A35728BCD4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A91144EA36FE5E96D5D9D26393E1FFFE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9C05474FFD0C59C0C616B117DD14AE1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA1835C1A4B86DA63C03D5E1503CEB64_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA9A32756654EE9F608C6172E40E2049_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAC8975B3EB7B5D01FF48E273C96A9FC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAD2548D7000257F18E1DFFDCDBDF9F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8A4807A78A142155B60D3FD99B39EA7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD0905C801C11E8A892911D57E552B25_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC12ABAF1363FE081922E8524F5D970D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD93BB59300888505D850A306A2707F2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD558DD46A76DA5692617C379E2AA4CF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB6542F6D40CD4464D8E8F6B767C9907_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A77363A78FB40B3DED680D69E91815BC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEC3730A499553280ACEB7833BE1C6D1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF4EAD0EDEAD42AE0C3954FC058FB0C1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B05146317BA4807AB8F688C0C1F18689_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B069053C419AFEC46B2E72305B7A6889_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B08BA80CA627F14DEE1E373152C4EFCF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B09C3675BBBBB3D746066006DC4B292F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B248C89BA5791B4DB7F835C1A14B9B4D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B265EA368AC0E4B059D1F86B481BB2C1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B272BF414D12A6AFFB8F442ABD3598D0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2D0B5480FC91C12F3D0A8F7EB60AD63_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4784074F5434617C2F9539AD4E760D3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2BAA3C205AD589809D866D6DBD0502E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B353B05ADE0EF1C24046ECBE3591C0D0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6833EE2296CB6771BAFAF04C120D135_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B748256E93B73D9F32AB7EFAFF978FB0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7FD7B1941F6317CB30BCA49EBE61561_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B80A7A56DC8690F3C01325A968FDB8C0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B890E19754746066CA66FB9FE1E4A07B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B95207C3244BB5F6692AEA66CA20FB0A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA2DFCBC655C443B3B736963A2502632_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA5F73B40DFE8854DD392A6892EF5B7E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB3AF356A87AB1715B88006540B8DC71_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB671D383F5C834520D60F7B0B811BE4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB8ADE7CDC1EE690C4D5CC7BE885A97B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD0FE1D75A5150C3FE1C49FB7C5BBB33_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC25E8B52725E93422C0F1058913B021_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC672FA6EA05B8A57DC5BA8DDB2853D6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C01AEBB50911C00F7EB26FE437E9C5C2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE11B993876DF294DD5CC2AD00EDC4FE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFAD3ED8D95BF4BAA34B6E8A5DCDD7A3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C074DB2A9AD9AACC417E825AA60EF8F8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C08FB66C38C59C57B7AEF734E7939463_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C113FFDA1CBD83B8DDD1EE5C5438B65E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1BB40B662F7ADA7EDEB6BC8CF39D641_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2723B9AC07F24FA6F111BCF6BAB62AA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2A3DCD00B358570BF169829914883EE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2AFAEF09005C03DFB7B9A7BF2AFC948_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2B16F12ABB8FE6F51404F4A364726E3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C486B48E5328382FB0448CA3E067CD7F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4A6DE49E3D2E26D1A93D9785496B7C3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2D47D902E59DACC107EC65DA1812C59_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2D6B3E3CB439C64D9C8CA211C032097_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4B533595611E026F7854CA8D7AD1711_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C534E0946364CC00A819320A2692E05A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5552440B3D8311A8367FDC9BF22A5D2_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C589EA0292C5E5F7D66B376751F94785_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7A346DFE8E55D3EC73667F9D5B85212_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C64B3D0CE3BFE48117E88AA33FC57273_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C628EF45CE5CAD895D153F0525FED324_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C65A07FFC06566EE28733972FC1D68B0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5D343A47DA431461F9FF1D704F713EA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8FF21A4B776362DF762A2623F7BBAC0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8365C0DF681EDD53E8F5D414FB35370_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8B9A7E612FE8CF2FCC98C301519A18E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C905E3E1BA5976E405C53E55DF66C6A1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9D520BB008280B99B6E29A405BA7310_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9DE9619270D0E3E74E5C6DCF1C23B8E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA7DB0BE0CCE10AF57042346F97BA69A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA8C7E9C861A6E10CB53D87ACF873285_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CAD1F57E9EF1034B3D06A58C522A4DA1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB4803914ADBE70B2B73FB6643815550_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB892917A62A707C4EFAD5C6D607149C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC1DA74AC8F65590453FD9DAC901CB8F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC460A7E209EE838956DA4253B505BDC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC7B3FA3F5378859B684994586F0172E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD06F924E4F75B45D258E57D50107EC4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD6DB7AFCA33E782DA4191BAF2629B92_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD76613765A4FB8D7FFA4204FFBCFFD0_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE7B2E335FF82619C319DFD8CC0045E1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF7466C2B4284034F63110CF39751455_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D00474D9AE7A64186D67BD320FD31816_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D07AE7EE1CDA7FEBF4812E714C1A2C55_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0B8AE683CAFFE5B0DAB28E18BF90301_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0C22C11394E40B2F107D4ECCEC87CF8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1C09A206AD256060BDA807BF93A42A9_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2C3EC3514DAFF326849CC74DE6E7786_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3248232BBE802352B4ECF284C1ACA28_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D34663A50FA9747F36436A96DB927315_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D435770B38CBC39268E4B448F55BE403_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D438E85F6C3E119C86C762912392F676_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D63919DFF6A2541A729D92D887C749ED_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D741FDC962C6959F1B5E3BFB4C8298F4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9A3F1DE67C7D81C32877151DCEA2E4E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D96016F8057CDF6771C85DB5A4B47A97_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB98897D358F7D8F619DDD861B173630_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA7950606CCA7DC3037E59025E2D53CE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC9C691CC7FAF3502BB71C622B832CCB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBDE9F9C484F2F07FD0DF3B0CC9659E8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCB1098364279F349CDBA530E0331993_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD1FAB15766910B6B6D6CBE202633D43_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD5402A01C6963B9719A3A54C994AD29_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE028E0EBB58286803E470E7E73E559E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE921A30B04C4101499615E6591989A1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEDE6BB84B452AB19F9E934DEE32D7FB_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEE28D784F5B1BD4D2AD9556C5D32092_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF25B21E8C3CC4C0BD07677CE93D758D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFCF4E3150BC00485170F1F7F5DE63F7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E02867D349A8BC82ACA7A71DA2E3D511_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2291F4634A29BD650091C2723AAF059_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E16D30B1901CF4790FC19622684C82F8_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E46DE92BBAD2ECA75CF22BA4365A54B1_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E42BA85A180DCE260AEA58540878762A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4AA540193F3B92FB2CF97BF9E1EA756_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5036CB1215CAD56A8CDBAF9C1DDC7DE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E50F5813351B9E7608BC6BE8EC217330_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5749F3C58D64B68EA723F78FC134B3A_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E74F7241B2466BFC80FF218CB625851B_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E759614F65DA9242D8A5BB91E51F9F6D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E789DE0035434EA134067B032E0A6601_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7DB0F11B6EAC68E82299AA066C523EE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8065710AC6127D200B3FE410C023B50_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E916C4E078CE2931D88F921929A7B2DD_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E80F1C4E32667172CCD310F01A1701BE_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB63528972361AF061E107424E783209_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAFE58CA5ADDCF6ABAE6A4A987E0E660_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECB7D4B6EC32B59EC70D89357E2FA90C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB9FCDA0C396BA43D3F5435387D241E6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECF4389843F6AAB2041E5182077FEA10_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECE3A3E2D0E96A8BFA7407837746A54D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED02BDE71DFEEFB98616C785F9DD6443_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED7B68FAC118F3C9F2E5C3C2022BCF27_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDE572D777488679394BB16F3191105E_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE294B3E0A55762C09A83B7AC1E00A95_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEBD4E541481A0DF2605EDD1B1B0D9B6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE2ADDB6FD7DCA3CE0C4F84FC020D8CC_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEDAE374F786E02B8251B57074D91CEA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF44CE22B05B10BB023D620BCCD35DBF_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFCB1188063E685A190B76E787EDA927_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F26782E1AC1F7B60DE8149FF77917840_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F13125F3130F121AACC76E975C166A14_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3BBA1F0CE9CAFB572224287AD795D70_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3BE5F626CFAD07BE7EA538742D397B7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4276790D11EBC7CAD04AA4A4BEF8C15_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F49D7B185C52F93726C538B7B2220E84_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4BF87F4A338AEB7BC822E0A73F80CE7_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F53B42EBB8A0F4B454B135319521B344_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F619C5AFA4C4DEDA59EEDB89B62B52F5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F67251BF16811E21DA5328C790E94D9F_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7279D2EFE243DA2E07CAEF97BE0BF35_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F727FDC98AFD4BB9C2E130536C8C5AAA_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F78C19DE9F93B5EC95DB486BE63E3DB3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8702A9F984B61751ED5B75C5A210226_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7BCA8F7FF6A239EECA7490FD9AC3E36_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8CFDB1D8128202CCE2058ED8A3A16C4_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F88529EA37DEE3D7C02C10CED1EA484C_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA58DD449BCFEF87BF5819C2ADCA11F3_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA691C9982B36FCEB0B896D1EB5535D5_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC5BF53704A57C040E70B97F350C2D5D_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD3D8E2EC010F4C39AC9F25FFD867763_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD43051A60A12AC1A21E254838B27BC6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDC7BFBB8D1C251D535F8BBB008CCC78_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFABDAD76DBD53DAEC9E5DC1E1722BF6_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFF27E02541BA811EA325393045AB515_24D15555-3A2F-49D6-AB5B-A3B80EA93EE6 -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Same issue after doing those things. -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
The only one that gives me trouble is yahoo.com on Firefox. Internet explorer is fine with all search engines I tested. Here is the FSS.txt: Farbar Service Scanner Version: 22-06-2012 01 Ran by John (administrator) on 23-06-2012 at 11:53:41 Running from "C:\Users\John\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Attempt to access Yahoo IP returned error: Yahoo IP is offline Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== Action Center: ============ File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Sorry about running it again. Next time i have trouble i will ask for help. And yes i did run it yesterday, was trying to see what i could do to fix it, but was obvious pretty quickly that I was in over my head and needed help. Here are the contents of that txt file. 2012-06-23 13:40:58 . 2012-06-23 13:40:58 139 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-uTorrent.reg.dat 2012-06-22 23:38:51 . 2012-06-22 23:38:51 1,276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Microsoft SQL Server 10.reg.dat 2012-06-22 23:37:01 . 2012-06-22 23:37:01 198 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Apple Computer.reg.dat 2012-06-22 23:36:58 . 2012-06-22 23:36:58 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat 2012-06-22 23:36:52 . 2012-06-22 23:36:52 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{cce665dd-f6dd-4808-968e-eaec971f70ef}.reg.dat 2012-06-22 23:30:09 . 2012-06-23 14:00:42 20,303 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-06-22 23:20:44 . 2012-06-23 13:55:18 257 ----a-w- C:\Qoobox\Quarantine\catchme.log 2012-06-18 02:28:00 . 2012-06-18 02:28:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\Users\John\AppData\Local\DFX\Apple Computer\ryspolxg.dll.vir -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Combofix log: (For some reason the first scan i did the log file was not there? Removed combofix and re-installed and re-ran.) ComboFix 12-06-23.05 - John 06/23/2012 9:55.3.1 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1043 [GMT -4:00] Running from: c:\users\John\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))) . . 2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp 2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-23 14:03 . 2012-06-23 14:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-06-23 12:35 . 2012-06-23 12:35 -------- d-----w- C:\_OTL 2012-06-23 02:19 . 2012-06-23 02:19 -------- d-----w- c:\program files\ERUNT 2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com 2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-22 14:24 . 2012-06-22 14:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-22 10:50 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6186E0E-A18A-4034-820D-3C8E137AF848}\mpengine.dll 2012-06-21 14:34 . 2012-06-21 14:34 -------- d-----w- c:\users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-06-21 11:12 . 2012-06-21 11:12 -------- d-----w- c:\windows\en 2012-06-21 11:06 . 2012-06-21 11:06 -------- d-----w- c:\program files\Adobe Download Assistant 2012-06-21 11:05 . 2012-06-21 11:05 -------- d-----w- c:\program files\Common Files\Adobe AIR 2012-06-21 11:00 . 2012-06-21 11:00 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\21d76b571cd4f9d02\MeshBetaRemover.exe 2012-06-21 11:00 . 2012-06-21 11:00 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\DXSETUP.exe 2012-06-21 11:00 . 2012-06-21 11:00 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\dsetup32.dll 2012-06-21 11:00 . 2012-06-21 11:00 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\20d316e71cd4f9d01\DSETUP.dll 2012-06-21 10:53 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 10:53 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 10:53 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 10:53 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 10:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 10:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 10:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 10:52 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 10:52 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 11:40 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 11:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 11:40 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 11:40 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 11:40 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 11:40 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 11:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 11:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 11:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 11:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-11 16:54 . 2012-06-11 16:54 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-05-28 14:05 . 2012-05-28 14:05 -------- d-----w- c:\users\John\AppData\Local\3DVIA 2012-05-28 14:04 . 2012-05-28 14:04 -------- d-----w- c:\programdata\3DVIA 2012-05-28 14:04 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2012-05-28 14:04 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2012-05-28 14:04 . 2012-05-28 14:04 -------- d-----w- c:\program files\Virtools 2012-05-28 13:36 . 2012-06-11 16:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-11 16:52 . 2011-06-30 11:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-24 16:57 . 2011-06-19 12:18 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-04-04 19:56 . 2011-08-03 13:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 04:39 . 2012-05-09 14:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-09 14:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23 . 2012-05-09 14:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 11:20 . 2011-05-14 11:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 3905408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-4 576000] RollerCoaster Tycoon 3 Registration.lnk - c:\users\John\AppData\Local\Temp\{1F622389-E184-41F9-B1DF-77198C1E351C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 40448] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080] R3 PS3 Media Server;PS3 Media Server; [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128] R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [1998-10-06 1984] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 16:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 mStart Page = hxxp://www.yahoo.com Trusted Zone: samsung.com\www TCP: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2576205366-1716655206-47981548-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17779F89-A00E-3A6E-0B2F-FCB54DCDB749}*] "hadmngcdieachhmd"=hex:6a,61,69,68,67,63,68,64,6c,6c,63,68,61,66,64,64,6a,69, 6c,66,00,00 "iajkddfkoanghocppe"=hex:6a,61,69,68,67,63,68,64,6c,6c,63,68,61,66,64,64,6a,69, 6c,66,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-23 10:08:27 ComboFix-quarantined-files.txt 2012-06-23 14:08 ComboFix2.txt 2012-06-23 13:44 ComboFix3.txt 2012-06-22 23:39 . Pre-Run: 134,139,621,376 bytes free Post-Run: 134,079,725,568 bytes free . - - End Of File - - 8E276692C8D34823905188EA7BAEB752 -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
The Whitesmoke toolbar is gone, but all yahoo search results are still being redirected to garbage sites. Here is the OTL log: All processes killed ========== OTL ========== Prefs.js: "http://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q=" removed from keyword.URL ========== FILES ========== recycler not found in C:\ C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\lib folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults\preferences folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\skin folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\sl folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\lib folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\core folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\css folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\resources folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\img folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest scheduled to be moved on reboot. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\script folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\resources folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\Css folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\buildSettings folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\images folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\css folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\img folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\css folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\404 folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\img folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\css folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\img folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\css folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gadgetFrame folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd\images folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg scheduled to be moved on reboot. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\js folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js\resources folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\images folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\css folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\myStuffDialogs folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js\resources folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features scheduled to be moved on reboot. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\api folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\res folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\img folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\css folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\js folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\images folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox folder moved successfully. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot. Folder move failed. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} scheduled to be moved on reboot. C:\Program Files\Conduit\Community Alerts folder moved successfully. C:\Program Files\Conduit folder moved successfully. C:\Users\John\AppData\Local\Conduit folder moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\conduit.xml moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56478 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes User: HomeGroupUser$ ->Temp folder emptied: 0 bytes User: John ->Temp folder emptied: 53 bytes ->Temporary Internet Files folder emptied: 7413195 bytes ->Java cache emptied: 4151062 bytes ->FireFox cache emptied: 106861506 bytes ->Flash cache emptied: 57180 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9544 bytes RecycleBin emptied: 2162306 bytes Total Files Cleaned = 115.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Guest User: HomeGroupUser$ User: John ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.52.0 log created on 06232012_083545 -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Here is the MBAM scan log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.23.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 John :: JOHN-LAPTOP [administrator] 6/22/2012 11:06:59 PM mbam-log-2012-06-22 (23-06-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 246388 Time elapsed: 7 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here are the OTL logs: OTL logfile created on: 6/23/2012 7:22:05 AM - Run 1 OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\John\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.73% Memory free 3.98 Gb Paging File | 2.82 Gb Available in Paging File | 70.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.79 Gb Total Space | 117.40 Gb Free Space | 50.43% Space Free | Partition Type: NTFS Computer Name: JOHN-LAPTOP | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/23 07:13:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012/02/09 02:06:48 | 000,312,376 | ---- | M] (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2010/08/23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe PRC - [2007/05/31 17:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 07:15:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 07:14:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/10 08:35:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012/05/10 08:34:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/10 08:34:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/10 08:34:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/10 08:34:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2009/12/12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (PS3 Media Server) SRV - [2012/06/11 12:52:48 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/08 07:20:34 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010/02/28 01:20:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2) SRV - [1998/10/06 14:36:26 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papycpu.sys -- (papycpu) SRV - [1998/10/06 14:36:26 | 000,001,888 | ---- | M] () [unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\John\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/02/09 02:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/04/08 23:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/06 23:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/13 20:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009/06/25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009/06/25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/11/22 13:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB) DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM) DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex) DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS) DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM) DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm) DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl) DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM) DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2) DRV - [1998/10/06 14:36:26 | 000,001,984 | ---- | M] () [unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papycpu.sys -- (papycpu) DRV - [1998/10/06 14:36:26 | 000,001,888 | ---- | M] () [unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2&a=DgVhNP4M09 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/25 20:21:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/09 07:59:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/14 07:26:05 | 000,000,000 | ---D | M] [2010/02/03 16:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions [2012/06/22 17:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions [2012/06/22 17:36:26 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} [2011/08/10 07:47:02 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\DeviceDetection@logitech.com [2012/03/31 00:04:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\extensions\vshare@toolbar [2012/06/21 07:08:04 | 000,000,917 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\conduit.xml [2011/04/08 18:57:14 | 000,002,183 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ffnmk6ox.default\searchplugins\MyStart Search.xml [2012/01/01 15:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/09/18 15:18:25 | 000,087,923 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FFNMK6OX.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI [2009/07/13 19:11:12 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FFNMK6OX.DEFAULT\EXTENSIONS\ZERWSJEKUJ@ZERWSJEKUJ.ORG.XPI [2012/05/08 07:20:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/20 07:55:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012/02/13 07:24:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/13 07:24:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/06/22 19:34:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" File not found O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKCU\..Trusted Domains: samsung.com ([www] https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9320F265-75F3-49E1-8F5C-85C423F568FD}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) CLEARALLRESTOREPOINTS Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/23 07:13:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe [2012/06/23 06:55:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5A48421F-6030-41E4-8433-7B8FC3AB4491} [2012/06/23 06:55:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DD62C071-3690-4A98-A5E8-3531DDCCB656} [2012/06/22 22:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/06/22 22:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/06/22 19:40:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/22 19:20:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/22 19:20:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/22 19:20:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/22 19:18:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/22 19:18:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/22 18:54:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C102EDD6-7E68-4F02-B79A-5216D1B99905} [2012/06/22 18:54:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EE5852A8-91C2-43CC-81BB-0DB6FB55D284} [2012/06/22 18:39:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr [2012/06/22 10:24:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com [2012/06/22 10:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/06/22 10:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/06/22 10:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/06/22 06:47:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5C63912F-64A9-4357-A592-D3B6FCDCC623} [2012/06/22 06:46:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{48D66B41-BBD3-48B8-AB81-66E0C5D07EDD} [2012/06/21 15:05:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AD727E21-C105-46E3-BD0C-A9FBDDBFDCA3} [2012/06/21 15:05:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{735FCF54-B3C1-477C-A284-6E3045CFD476} [2012/06/21 10:44:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair [2012/06/21 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/06/21 07:12:58 | 000,000,000 | ---D | C] -- C:\Windows\en [2012/06/21 07:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2012/06/21 07:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2012/06/21 07:05:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3AE0167D-9012-41F3-A58A-F2FC68DEDA0A} [2012/06/21 07:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012/06/21 07:04:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Conduit [2012/06/21 07:00:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{58FD684D-33C4-42FD-955A-EA9A4EFF2759} [2012/06/21 07:00:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7E08D90A-6206-4B6E-A67C-F9F1A1D557BA} [2012/06/21 06:59:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDF459AA-A107-458F-BC28-BF84B1277EE0} [2012/06/21 06:53:53 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/21 06:53:52 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/21 06:53:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{9F7C556B-138A-4C08-A717-8D8B66764E3D} [2012/06/21 06:53:23 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/21 06:53:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/21 06:53:23 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/21 06:53:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BAC24AA7-A921-4004-AF0E-03324984E623} [2012/06/21 06:52:47 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/21 06:52:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/06/20 09:37:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D4FD3AB5-3316-47EA-87C9-5DDE9B1C27B0} [2012/06/20 09:37:25 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{95881B8A-0EBA-40E4-B504-D89128B130B4} [2012/06/15 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{49D61010-7B3F-42DB-B396-9911E33223EF} [2012/06/15 09:54:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6F23AAB4-13B6-4EA6-BB4C-B4BB2942B2C0} [2012/06/14 21:04:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DC1D7565-84E0-4BC2-BF99-9B8D3CEFC244} [2012/06/13 22:33:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/06/13 22:33:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/06/13 22:33:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/06/13 22:33:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/06/13 22:33:22 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/06/13 22:33:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/06/13 22:33:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/06/13 07:40:54 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/06/13 07:40:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012/06/13 07:40:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012/06/13 07:40:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012/06/11 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Macromedia [2012/06/09 07:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/06/09 07:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/06/09 07:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/06/06 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A23D4AC7-8DAF-4282-94BD-23391ED1229E} [2012/06/06 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5ADF7BBA-1F5C-4F81-B093-42210A008A94} [2012/06/06 12:45:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{502BA10A-2CD7-4F9E-86C5-14532F5A0F64} [2012/06/06 12:44:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2AFCFD8C-E193-4353-A5D9-7157F65D5E1D} [2012/06/03 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7E6E0E4B-E1D9-4891-8A69-2D0A19F68302} [2012/06/03 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{973C4EE3-AEFA-4154-A1FC-51B302A0354E} [2012/05/28 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{07E6DAB2-8ACA-49D4-868F-AFAC19089DDA} [2012/05/28 10:05:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\3DVIA [2012/05/28 10:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\3DVIA [2012/05/28 10:04:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2012/05/28 10:04:55 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2012/05/28 10:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Virtools [2012/05/28 09:36:31 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe ========== Files - Modified Within 30 Days ========== [2012/06/23 07:23:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/23 07:13:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe [2012/06/23 06:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/23 06:19:51 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/23 06:19:51 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 22:19:11 | 000,000,894 | ---- | M] () -- C:\Users\John\Desktop\NTREGOPT.lnk [2012/06/22 22:19:11 | 000,000,875 | ---- | M] () -- C:\Users\John\Desktop\ERUNT.lnk [2012/06/22 19:34:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/06/22 18:39:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr [2012/06/22 17:43:58 | 000,689,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/22 17:43:58 | 000,131,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/22 13:59:25 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys [2012/06/22 10:24:17 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/06/21 10:44:02 | 000,001,001 | ---- | M] () -- C:\Users\John\Desktop\Free Window Registry Repair.lnk [2012/06/21 08:20:57 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/14 07:26:06 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/06/14 07:12:02 | 002,333,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/11 12:52:48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/06/11 12:52:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/06/09 07:59:36 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/05/24 12:57:34 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys ========== Files Created - No Company Name ========== [2012/06/22 22:19:11 | 000,000,894 | ---- | C] () -- C:\Users\John\Desktop\NTREGOPT.lnk [2012/06/22 22:19:11 | 000,000,875 | ---- | C] () -- C:\Users\John\Desktop\ERUNT.lnk [2012/06/22 19:20:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/22 19:20:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/22 19:20:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/22 19:20:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/22 19:20:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/22 10:24:17 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/06/21 10:44:02 | 000,001,001 | ---- | C] () -- C:\Users\John\Desktop\Free Window Registry Repair.lnk [2012/06/21 08:20:57 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/21 07:06:05 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/06/14 07:26:06 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/06/09 07:59:36 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/28 09:36:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/02/29 08:58:55 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2012/02/26 17:39:41 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2012/02/18 12:45:00 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat [2011/10/30 14:52:38 | 000,000,292 | ---- | C] () -- C:\Users\John\AppData\Local\HamsterBookConverter.cfg [2011/08/23 11:19:30 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys [2011/05/06 11:27:49 | 000,173,045 | ---- | C] () -- C:\Windows\hpoins46.dat [2011/05/06 11:27:49 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat [2011/04/22 10:50:30 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2011/04/22 10:50:30 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2011/04/22 10:50:30 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2011/04/22 10:50:30 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2011/04/22 10:50:30 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2011/04/03 12:06:22 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu.sys [2011/02/27 07:32:18 | 000,000,036 | ---- | C] () -- C:\Users\John\AppData\Local\housecall.guid.cache [2011/01/21 11:34:03 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2010/08/14 11:10:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010/06/25 13:09:42 | 000,000,192 | ---- | C] () -- C:\Users\John\AppData\Roaming\default.rss [2010/05/20 08:07:21 | 000,004,608 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/15 08:52:05 | 000,002,682 | ---- | C] () -- C:\Users\John\.recently-used.xbel ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %ALLUSERSPROFILE%\Application Data\*.dll /s > < %APPDATA%\*. > [2010/04/14 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Adobe [2012/01/08 18:59:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon [2011/11/05 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Apple Computer [2012/02/29 09:14:16 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Atari [2011/10/30 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre [2011/10/20 07:55:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Catalina Marketing Corp [2012/06/21 10:34:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/02/18 01:15:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite [2012/02/26 17:40:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FreeAudioPack [2010/02/15 08:52:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gtk-2.0 [2011/12/04 16:31:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HandBrake [2010/02/03 16:10:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Identities [2012/01/08 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit [2011/05/12 17:34:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech [2011/05/12 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Logishrd [2011/05/12 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Logitech [2010/02/03 16:48:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Macromedia [2010/02/10 10:04:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MAGIX [2010/04/14 08:00:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Malwarebytes [2009/07/14 03:48:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Media Center Programs [2012/06/11 12:54:00 | 000,000,000 | --SD | M] -- C:\Users\John\AppData\Roaming\Microsoft [2011/12/26 10:55:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mjusbsp [2011/02/27 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Motacore [2010/02/03 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla [2012/04/22 17:02:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mp3tag [2010/06/25 09:45:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nero [2011/05/20 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PMS [2011/04/16 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\rockbox.org [2010/04/30 08:28:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SanDisk [2010/04/27 18:08:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sibelius Software [2010/08/14 11:45:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony [2012/06/22 10:24:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com [2011/09/11 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Unity [2012/06/22 22:28:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent [2012/02/18 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\vlc [2012/01/20 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer [2010/02/04 09:18:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WinRAR [2010/02/10 10:39:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Xara [2010/06/04 20:08:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2012/06/21 07:04:37 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\John\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011/06/21 14:55:12 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011/10/20 07:54:54 | 000,485,576 | ---- | M] (Catalina Marketing Corp. ) -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe [2011/08/23 16:01:22 | 000,446,384 | ---- | M] (magicJack L.P.) -- C:\Users\John\AppData\Roaming\mjusbsp\magicJackSplash.exe [2011/04/16 18:29:32 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2011/04/16 18:29:45 | 000,582,536 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe [2010/04/30 08:28:19 | 000,354,744 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe < %SYSTEMDRIVE%\*.exe > < c:|Fun4IM;true;true;true; /FP > < c:|Bandoo;true;true;true; /FP > < c:|Searchn;true;true;true; /FP > < c:|Searchq;true;true;true; /FP > < c:|datamngr;true;true;true; /FP > < c:|iLivid;true;true;true; /FP > < c:|whitesmoke;true;true;true; /FP > < %USERPROFILE%\..|smtmp;true;true;true /FP > < %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:6B9ADB51 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Extras.txt: OTL Extras logfile created on: 6/23/2012 7:22:05 AM - Run 1 OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\John\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.73% Memory free 3.98 Gb Paging File | 2.82 Gb Available in Paging File | 70.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.79 Gb Total Space | 117.40 Gb Free Space | 50.43% Space Free | Partition Type: NTFS Computer Name: JOHN-LAPTOP | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EB61A2E-17F2-4268-A071-8D364C14BEB1}" = rport=137 | protocol=17 | dir=out | app=system | "{12924728-534B-4B67-968A-F12EAF756087}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{12A37AFC-02C1-465D-9956-2B23C651AE6C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{15F3C870-08F4-4D1D-8965-D11584308933}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{20634523-7618-4F2F-ABE9-4C35C56D399D}" = lport=139 | protocol=6 | dir=in | app=system | "{22596AD2-6E7A-4828-BE38-B22A5642B84C}" = lport=2869 | protocol=6 | dir=in | app=system | "{24C75EBD-593E-4594-ABAB-2919AA81FE77}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2D31B0BC-1971-488E-99DA-20C5F40048B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2EEBFE73-283C-4DF2-B8B4-28145FAB3650}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{397D001D-CFB6-4349-B0FE-11BF72BC2F08}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3BCACCDE-21F3-482D-B317-6296858595BD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{4BE09B40-3644-4F66-97B5-836D66686842}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{65480BD0-8C03-4F9C-B0D1-16A6FCB88D4B}" = rport=445 | protocol=6 | dir=out | app=system | "{687FD186-19A5-4EAE-B5DE-89A2C93F4101}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{693B70A6-C5FB-4CF7-A218-412178332F9B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{733253C8-428E-47BA-BD12-5BF497D7E980}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{7758C9D7-229D-48B6-B2DF-A71574B98E5E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7781EFBE-3838-4CBD-9BA8-FB91E4BCC475}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{78CADCE6-EAAE-476E-A1A9-F4C4435E933B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7BD9CF99-E0B8-49DB-A3AC-5DCD6139B16F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7FB8F152-AA56-406D-A684-6CCECEE99289}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8B51958D-542C-43E1-BB61-4F97129762D4}" = lport=445 | protocol=6 | dir=in | app=system | "{AEAC5E37-985A-4BE2-B82E-B7A33AD6B265}" = lport=138 | protocol=17 | dir=in | app=system | "{B35833C5-3E19-4D08-ADF8-00AE55026E48}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B62BB39C-4CAF-4D55-9122-B4E48ABE9D9F}" = lport=10243 | protocol=6 | dir=in | app=system | "{B69DBB31-14BA-4AD4-B849-E49FDC15566D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B94038DE-59BD-4E6D-9CF4-F9191ED57886}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C2895181-7A17-429D-A4CD-5B2612946D15}" = lport=137 | protocol=17 | dir=in | app=system | "{CFFA2A4E-CC84-49DE-B285-916148226026}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D943EEFE-05A8-4C1D-88E3-4AE3FFCC1890}" = rport=138 | protocol=17 | dir=out | app=system | "{DFBF32A4-8DEA-43A9-A6C1-A8D6CAC60CDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E3DE20EC-EF30-44F5-9B62-98D8ADEF8210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E9F104F5-1D91-496A-8D1F-953D7A1914E4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{ED48C23A-71BA-49D7-90EF-6586467FB1F4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EF3B9682-AF05-4F2E-9BEC-024AF0D7F70C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F668BD21-1CCB-40D4-AA37-8206F4A84DBE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F78880CD-2B63-4526-92CE-392DD8570964}" = rport=10243 | protocol=6 | dir=out | app=system | "{FC44DA34-1573-4217-AAAE-5D99805D1320}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006ADD75-1BDF-446D-8417-7F23F2E9C68F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0B1FAE33-6F4D-497C-9DD7-0D884357F5F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{102E1B8B-68A8-4E19-90D3-2D2B3A5BBDDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{12849527-FB07-49EF-9E78-4B4B73B159E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{196ABC68-7CEE-4E47-AFCA-CD50793E9ECE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1A19BE57-C9B9-448E-A39A-1982691D7868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1C9202CC-6374-4627-86AE-C32AF6D1DA55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{25A1BED6-20DF-4453-948E-517FEA09A00F}" = protocol=6 | dir=out | app=system | "{25A86C24-DFC1-403F-BC97-9FB706C5844C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{2C905FFA-2539-485C-B911-601B917D8C1A}" = dir=in | app=c:\users\john\appdata\local\temp\7zs4a6e\setup\hpznui01.exe | "{3DF6EF5A-96FD-4189-B05D-4D5DF9DDB1FD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{4A336C2C-9355-4FD2-9E65-7ACEAAFECABC}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{50487E0E-ED1A-493F-81DD-EAEF9DC25664}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{56449E41-0183-4782-90DE-CFC013828A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{565382B7-1D25-4917-9B80-B0E40A3DFF93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5738892E-0993-4437-ACC8-E92C053A4598}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{7544AE55-4D97-49E6-9C06-83EF120A2F4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{815FEC47-0F71-4A94-84DB-88A0B9DD2427}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8580551F-CD95-4028-A1C8-6BD70AC438EA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8C6D7755-9598-4D33-87B9-BEC73975D081}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{902FC235-477D-4C00-9C5D-32402471CC62}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{A01B9B16-6A85-42F6-ABB5-CC8F56F97725}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A2F449B3-7F16-4FEA-BEE4-F546CD966A04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{ADBFAD63-B978-473D-BED9-B50434498AC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF7354FC-5620-4AFA-B396-A0CBA14D8ADE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B07F8039-68DF-4C30-B039-ACCA0C4CCD36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B3AF6F71-E513-4EE4-AFEA-2FD96F5650F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B4813AFF-DC03-4A0E-B76F-544890BDF098}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{B55B2F14-70F2-440C-AEEA-C8E0444497F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BCB90CC7-B060-45B7-A459-A1738FC95E09}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C58E5E66-2F60-4112-8D65-E5B9F9D9B511}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CA690D68-1106-4914-8210-90FB70B365FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D78264EB-A609-471F-8988-9376F3CEF9C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D8A69F15-7FB2-499C-97E0-E59549AACF93}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC258C8D-518C-4239-B9A4-62F28B4958CA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{0F3D55DA-C02F-487C-BEAC-E0D661482EDE}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe | "TCP Query User{1D6679DD-8A68-45B4-ABFD-6A749F743E6F}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe | "TCP Query User{1FCA0CDE-A37B-4474-A20A-7607152068C0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{239CC2A4-477F-4F21-8ADF-6D8E23E8ACEC}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe | "TCP Query User{5331F0D6-1B86-45E0-A58F-035C32EB5F47}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{6952C296-8750-4F62-B326-620A34B51131}C:\users\john\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\filehunter\pumpa.exe | "TCP Query User{6FA424B1-E1D6-41E6-94DF-FB273F4D96D4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{725D4E3E-393A-4259-8468-560C446C3AA3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{74DDE5F9-D683-498D-82DA-179A3E86D5EE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{81527746-8CC7-4319-B90D-605676C3B4C3}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{90BB588E-6643-4A3A-8EEF-E2CD35F35D16}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{A4060B52-7F17-4E25-82DA-BD9215AA0163}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{ADAC2A9F-FA61-4E44-AC29-DED27B11EACA}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe | "TCP Query User{C55BD324-655F-40C7-8FD0-486F2FB96769}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe | "UDP Query User{29D9251E-3773-4FF5-844C-23B322361FB6}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{32659803-A203-4BBA-81D7-86232AD99819}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{5817C7ED-903A-412E-B6F4-E37209086496}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe | "UDP Query User{8A9BA07C-21DC-4953-9DFC-CE2FA79A6931}C:\users\john\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\filehunter\pumpa.exe | "UDP Query User{8F1A29B4-CC2C-432C-BCEC-AFA7654CAF29}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{9196BE39-2A41-449B-8EB8-58781D2D5D1F}C:\users\john\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\mediaget2\mediaget.exe | "UDP Query User{9DFD12E7-41C8-4F7C-86AB-F52AFB7E3F82}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe | "UDP Query User{A26A6700-F239-41D5-975C-7603CBECFC93}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe | "UDP Query User{A41C37DB-EC87-4E8C-9D7D-CE60EDBB91AD}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{B4509093-B4E1-4D9B-9493-2B79BE1C734D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{C5DA069F-11A4-4F54-B7E3-6DBCC6DE7970}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{CB83A25C-4CB1-46BD-AB73-72964EA0D79C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{E350C6D5-EEBB-444E-8E47-FE0E62AA36F5}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{FDA93628-718C-46CE-81DA-0B93CEA828A4}C:\users\john\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\mjusbsp\magicjack.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers "{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java 7 Update 2 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min "{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4C5D15D2-5351-4F05-A96E-56C20554F977}" = RollerCoaster Tycoon 2 Triple Thrill Pack "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02 "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A5425D07-D972-47DA-8133-4D33876D44A4}" = calibre "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}" = 3DVIA player 5.0.0.20 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network "{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Free Antivirus "Canon MP640 series User Registration" = Canon MP640 series User Registration "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition "ERUNT_is1" = ERUNT 1.1j "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2 "Free Window Registry Repair" = Free Window Registry Repair "HDMI" = Intel® Graphics Media Accelerator Driver "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49 "MS Access 97 SP2" = MS Access 97 SP2 "PowerISO" = PowerISO "PROPLUS" = Microsoft Office Professional Plus 2007 "PS3 Media Server" = PS3 Media Server "sp6" = Logitech SetPoint 6.22 "TVWiz" = Intel® TV Wizard "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Sansa Updater" = Sansa Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/20/2011 4:09:19 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 2.0.1.4120 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b6c Start Time: 01cc2f85d3c1a40a Termination Time: 36 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 29ba8a59-9b79-11e0-aec0-001d094ccc0d Error - 7/5/2011 10:38:09 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 5.0.0.4183 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: afc Start Time: 01cc3b2082a8584b Termination Time: 22 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 5ea8981f-a714-11e0-be03-001d094ccc0d Error - 8/16/2011 6:39:56 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 5.0.0.4183 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10bc Start Time: 01cc5c00b6e453d7 Termination Time: 16 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 102f57c8-c7f4-11e0-beaf-001d094ccc0d Error - 9/14/2011 6:44:46 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 6.0.2.4262 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 964 Start Time: 01cc72cb27c4f9fc Termination Time: 42 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 8ad72fd4-debe-11e0-93dd-001d094ccc0d Error - 9/25/2011 7:03:18 PM | Computer Name = John-Laptop | Source = Application Error | ID = 1000 Description = Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc225 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0824548b Faulting process id: 0x5ac Faulting application start time: 0x01cc79dba962cac3 Faulting application path: C:\Windows\system32\Dwm.exe Faulting module path: unknown Report Id: 8deeb71c-e7ca-11e0-960e-001d094ccc0d Error - 9/26/2011 2:52:26 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002 Description = The program IncMail.exe version 6.2.9.5006 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2674 Start Time: 01cc7c688513a843 Termination Time: 200 Application Path: C:\Program Files\IncrediMail\Bin\IncMail.exe Report Id: a62be079-e870-11e0-960e-001d094ccc0d Error - 10/5/2011 12:07:38 PM | Computer Name = John-Laptop | Source = Windows Search Service | ID = 3100 Description = Error - 10/16/2011 1:49:12 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 7.0.1.4288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10a8 Start Time: 01cc8c2ba1895dc1 Termination Time: 38 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 22b9ac5e-f81f-11e0-8510-001d094ccc0d Error - 10/30/2011 2:58:38 PM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002 Description = The program Hamster.EBookConverter.exe version 1.0.0.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b58 Start Time: 01cc973516c3d134 Termination Time: 99 Application Path: C:\Program Files\Hamster Soft\Free eBbook Converter\Hamster.EBookConverter.exe Report Id: Error - 10/31/2011 7:06:34 AM | Computer Name = John-Laptop | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 7.0.1.4288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1124 Start Time: 01cc97bcd4d63460 Termination Time: 43 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 5dea47d1-03b0-11e1-ac3d-001d094ccc0d [ OSession Events ] Error - 7/7/2010 11:13:51 PM | Computer Name = John-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5635 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/22/2012 7:22:54 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/22/2012 7:28:20 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/22/2012 7:34:33 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/22/2012 10:16:30 PM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 6/22/2012 10:16:33 PM | Computer Name = John-Laptop | Source = DCOM | ID = 10010 Description = Error - 6/22/2012 10:21:27 PM | Computer Name = John-Laptop | Source = bowser | ID = 8003 Description = Error - 6/22/2012 10:33:30 PM | Computer Name = John-Laptop | Source = bowser | ID = 8003 Description = Error - 6/22/2012 11:29:59 PM | Computer Name = John-Laptop | Source = BROWSER | ID = 8032 Description = Error - 6/23/2012 6:49:13 AM | Computer Name = John-Laptop | Source = Microsoft-Windows-HAL | ID = 12 Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. Error - 6/23/2012 6:54:46 AM | Computer Name = John-Laptop | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service. < End of report > -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Disregard that last post. Here is the TDSSKiller report: 00:21:00.0307 4384 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 00:21:00.0650 4384 ============================================================ 00:21:00.0650 4384 Current date / time: 2012/06/23 00:21:00.0650 00:21:00.0650 4384 SystemInfo: 00:21:00.0650 4384 00:21:00.0650 4384 OS Version: 6.1.7601 ServicePack: 1.0 00:21:00.0650 4384 Product type: Workstation 00:21:00.0651 4384 ComputerName: JOHN-LAPTOP 00:21:00.0651 4384 UserName: John 00:21:00.0651 4384 Windows directory: C:\Windows 00:21:00.0651 4384 System windows directory: C:\Windows 00:21:00.0651 4384 Processor architecture: Intel x86 00:21:00.0651 4384 Number of processors: 1 00:21:00.0651 4384 Page size: 0x1000 00:21:00.0651 4384 Boot type: Normal boot 00:21:00.0651 4384 ============================================================ 00:21:02.0657 4384 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 00:21:02.0663 4384 ============================================================ 00:21:02.0663 4384 \Device\Harddisk0\DR0: 00:21:02.0664 4384 MBR partitions: 00:21:02.0664 4384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 00:21:02.0664 4384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800 00:21:02.0664 4384 ============================================================ 00:21:02.0697 4384 C: <-> \Device\Harddisk0\DR0\Partition1 00:21:02.0697 4384 ============================================================ 00:21:02.0697 4384 Initialize success 00:21:02.0697 4384 ============================================================ 00:21:04.0997 1652 ============================================================ 00:21:04.0997 1652 Scan started 00:21:04.0997 1652 Mode: Manual; 00:21:04.0997 1652 ============================================================ 00:21:05.0825 1652 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 00:21:05.0827 1652 !SASCORE - ok 00:21:06.0055 1652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 00:21:06.0057 1652 1394ohci - ok 00:21:06.0108 1652 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 00:21:06.0111 1652 ACPI - ok 00:21:06.0160 1652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 00:21:06.0161 1652 AcpiPmi - ok 00:21:06.0189 1652 adfs - ok 00:21:06.0295 1652 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 00:21:06.0297 1652 AdobeFlashPlayerUpdateSvc - ok 00:21:06.0375 1652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 00:21:06.0379 1652 adp94xx - ok 00:21:06.0419 1652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 00:21:06.0422 1652 adpahci - ok 00:21:06.0448 1652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 00:21:06.0450 1652 adpu320 - ok 00:21:06.0496 1652 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 00:21:06.0498 1652 AeLookupSvc - ok 00:21:06.0576 1652 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 00:21:06.0580 1652 AFD - ok 00:21:06.0623 1652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 00:21:06.0624 1652 agp440 - ok 00:21:06.0661 1652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 00:21:06.0663 1652 aic78xx - ok 00:21:06.0706 1652 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 00:21:06.0708 1652 ALG - ok 00:21:06.0725 1652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 00:21:06.0726 1652 aliide - ok 00:21:06.0771 1652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 00:21:06.0773 1652 amdagp - ok 00:21:06.0798 1652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 00:21:06.0800 1652 amdide - ok 00:21:06.0856 1652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 00:21:06.0858 1652 AmdK8 - ok 00:21:06.0880 1652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 00:21:06.0882 1652 AmdPPM - ok 00:21:06.0923 1652 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 00:21:06.0924 1652 amdsata - ok 00:21:06.0960 1652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 00:21:06.0962 1652 amdsbs - ok 00:21:06.0975 1652 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 00:21:06.0976 1652 amdxata - ok 00:21:07.0061 1652 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 00:21:07.0063 1652 AppID - ok 00:21:07.0101 1652 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 00:21:07.0104 1652 AppIDSvc - ok 00:21:07.0168 1652 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 00:21:07.0172 1652 Appinfo - ok 00:21:07.0248 1652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 00:21:07.0249 1652 arc - ok 00:21:07.0272 1652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 00:21:07.0273 1652 arcsas - ok 00:21:07.0328 1652 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys 00:21:07.0329 1652 aswFsBlk - ok 00:21:07.0376 1652 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys 00:21:07.0377 1652 aswMonFlt - ok 00:21:07.0434 1652 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys 00:21:07.0436 1652 aswRdr - ok 00:21:07.0559 1652 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys 00:21:07.0565 1652 aswSnx - ok 00:21:07.0627 1652 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys 00:21:07.0630 1652 aswSP - ok 00:21:07.0667 1652 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys 00:21:07.0669 1652 aswTdi - ok 00:21:07.0707 1652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 00:21:07.0709 1652 AsyncMac - ok 00:21:07.0745 1652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 00:21:07.0746 1652 atapi - ok 00:21:07.0837 1652 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 00:21:07.0842 1652 AudioEndpointBuilder - ok 00:21:07.0856 1652 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 00:21:07.0866 1652 Audiosrv - ok 00:21:07.0945 1652 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 00:21:07.0946 1652 avast! Antivirus - ok 00:21:08.0010 1652 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 00:21:08.0012 1652 AxInstSV - ok 00:21:08.0091 1652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 00:21:08.0095 1652 b06bdrv - ok 00:21:08.0162 1652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 00:21:08.0165 1652 b57nd60x - ok 00:21:08.0384 1652 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys 00:21:08.0405 1652 BCM43XX - ok 00:21:08.0704 1652 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 00:21:08.0707 1652 BDESVC - ok 00:21:08.0778 1652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 00:21:08.0779 1652 Beep - ok 00:21:09.0063 1652 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 00:21:09.0070 1652 BFE - ok 00:21:09.0306 1652 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll 00:21:09.0319 1652 BITS - ok 00:21:09.0347 1652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 00:21:09.0348 1652 blbdrive - ok 00:21:09.0412 1652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 00:21:09.0413 1652 bowser - ok 00:21:09.0436 1652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:21:09.0437 1652 BrFiltLo - ok 00:21:09.0539 1652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:21:09.0540 1652 BrFiltUp - ok 00:21:09.0603 1652 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 00:21:09.0605 1652 BridgeMP - ok 00:21:09.0670 1652 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 00:21:09.0672 1652 Browser - ok 00:21:09.0881 1652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 00:21:09.0884 1652 Brserid - ok 00:21:09.0906 1652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 00:21:09.0907 1652 BrSerWdm - ok 00:21:09.0938 1652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 00:21:09.0939 1652 BrUsbMdm - ok 00:21:10.0061 1652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 00:21:10.0062 1652 BrUsbSer - ok 00:21:10.0190 1652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 00:21:10.0192 1652 BTHMODEM - ok 00:21:10.0263 1652 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 00:21:10.0266 1652 bthserv - ok 00:21:10.0353 1652 catchme - ok 00:21:10.0480 1652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 00:21:10.0482 1652 cdfs - ok 00:21:10.0638 1652 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 00:21:10.0640 1652 cdrom - ok 00:21:10.0717 1652 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 00:21:10.0719 1652 CertPropSvc - ok 00:21:10.0750 1652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 00:21:10.0752 1652 circlass - ok 00:21:10.0826 1652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 00:21:10.0833 1652 CLFS - ok 00:21:11.0028 1652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:21:11.0030 1652 clr_optimization_v2.0.50727_32 - ok 00:21:11.0134 1652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:21:11.0137 1652 clr_optimization_v4.0.30319_32 - ok 00:21:11.0174 1652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 00:21:11.0175 1652 CmBatt - ok 00:21:11.0342 1652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 00:21:11.0343 1652 cmdide - ok 00:21:11.0406 1652 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 00:21:11.0410 1652 CNG - ok 00:21:11.0450 1652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 00:21:11.0452 1652 Compbatt - ok 00:21:11.0493 1652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 00:21:11.0496 1652 CompositeBus - ok 00:21:11.0525 1652 COMSysApp - ok 00:21:11.0553 1652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 00:21:11.0554 1652 crcdisk - ok 00:21:11.0658 1652 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll 00:21:11.0661 1652 CryptSvc - ok 00:21:11.0741 1652 dc3d (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys 00:21:11.0743 1652 dc3d - ok 00:21:11.0816 1652 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 00:21:11.0824 1652 DcomLaunch - ok 00:21:11.0863 1652 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 00:21:11.0869 1652 defragsvc - ok 00:21:11.0918 1652 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 00:21:11.0920 1652 DfsC - ok 00:21:12.0003 1652 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 00:21:12.0007 1652 Dhcp - ok 00:21:12.0031 1652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 00:21:12.0043 1652 discache - ok 00:21:12.0104 1652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 00:21:12.0106 1652 Disk - ok 00:21:12.0159 1652 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 00:21:12.0163 1652 Dnscache - ok 00:21:12.0221 1652 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 00:21:12.0225 1652 dot3svc - ok 00:21:12.0307 1652 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 00:21:12.0310 1652 Dot4 - ok 00:21:12.0359 1652 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys 00:21:12.0361 1652 Dot4Print - ok 00:21:12.0387 1652 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 00:21:12.0389 1652 dot4usb - ok 00:21:12.0437 1652 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 00:21:12.0441 1652 DPS - ok 00:21:12.0487 1652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 00:21:12.0489 1652 drmkaud - ok 00:21:12.0550 1652 dualshock3 (d9d593f97d2004e92e18fab0b6f7fe48) C:\Windows\system32\DRIVERS\dualshock3.sys 00:21:12.0552 1652 dualshock3 - ok 00:21:12.0653 1652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 00:21:12.0660 1652 DXGKrnl - ok 00:21:12.0703 1652 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 00:21:12.0707 1652 EapHost - ok 00:21:12.0944 1652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 00:21:12.0968 1652 ebdrv - ok 00:21:13.0100 1652 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 00:21:13.0106 1652 EFS - ok 00:21:13.0221 1652 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 00:21:13.0231 1652 ehRecvr - ok 00:21:13.0299 1652 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 00:21:13.0301 1652 ehSched - ok 00:21:13.0403 1652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 00:21:13.0407 1652 elxstor - ok 00:21:13.0475 1652 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys 00:21:13.0483 1652 epmntdrv - ok 00:21:13.0550 1652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 00:21:13.0552 1652 ErrDev - ok 00:21:13.0640 1652 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys 00:21:13.0643 1652 EuGdiDrv - ok 00:21:13.0741 1652 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 00:21:13.0745 1652 EventSystem - ok 00:21:13.0782 1652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 00:21:13.0784 1652 exfat - ok 00:21:13.0814 1652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 00:21:13.0816 1652 fastfat - ok 00:21:13.0898 1652 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 00:21:13.0905 1652 Fax - ok 00:21:13.0927 1652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 00:21:13.0929 1652 fdc - ok 00:21:13.0973 1652 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 00:21:13.0978 1652 fdPHost - ok 00:21:14.0015 1652 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 00:21:14.0018 1652 FDResPub - ok 00:21:14.0044 1652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 00:21:14.0046 1652 FileInfo - ok 00:21:14.0075 1652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 00:21:14.0076 1652 Filetrace - ok 00:21:14.0098 1652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 00:21:14.0099 1652 flpydisk - ok 00:21:14.0141 1652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 00:21:14.0144 1652 FltMgr - ok 00:21:14.0297 1652 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 00:21:14.0306 1652 FontCache - ok 00:21:14.0425 1652 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 00:21:14.0426 1652 FontCache3.0.0.0 - ok 00:21:14.0476 1652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 00:21:14.0477 1652 FsDepends - ok 00:21:14.0516 1652 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 00:21:14.0517 1652 Fs_Rec - ok 00:21:14.0591 1652 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 00:21:14.0594 1652 fvevol - ok 00:21:14.0642 1652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 00:21:14.0644 1652 gagp30kx - ok 00:21:14.0712 1652 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 00:21:14.0719 1652 gpsvc - ok 00:21:14.0750 1652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 00:21:14.0751 1652 hcw85cir - ok 00:21:14.0849 1652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 00:21:14.0852 1652 HdAudAddService - ok 00:21:14.0888 1652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 00:21:14.0892 1652 HDAudBus - ok 00:21:14.0910 1652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 00:21:14.0911 1652 HidBatt - ok 00:21:14.0950 1652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 00:21:14.0952 1652 HidBth - ok 00:21:14.0995 1652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 00:21:14.0997 1652 HidIr - ok 00:21:15.0035 1652 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 00:21:15.0038 1652 hidserv - ok 00:21:15.0094 1652 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 00:21:15.0096 1652 HidUsb - ok 00:21:15.0148 1652 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 00:21:15.0152 1652 hkmsvc - ok 00:21:15.0202 1652 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 00:21:15.0207 1652 HomeGroupListener - ok 00:21:15.0273 1652 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 00:21:15.0282 1652 HomeGroupProvider - ok 00:21:15.0353 1652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 00:21:15.0355 1652 HpSAMD - ok 00:21:15.0584 1652 HPSLPSVC (9d23402d305869844bc6004a05cc74ba) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 00:21:15.0590 1652 HPSLPSVC - ok 00:21:15.0690 1652 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 00:21:15.0695 1652 HTTP - ok 00:21:15.0745 1652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 00:21:15.0746 1652 hwpolicy - ok 00:21:15.0807 1652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 00:21:15.0811 1652 i8042prt - ok 00:21:15.0888 1652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 00:21:15.0891 1652 iaStorV - ok 00:21:16.0036 1652 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 00:21:16.0044 1652 idsvc - ok 00:21:16.0379 1652 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 00:21:16.0417 1652 igfx - ok 00:21:16.0614 1652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 00:21:16.0616 1652 iirsp - ok 00:21:16.0714 1652 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 00:21:16.0722 1652 IKEEXT - ok 00:21:16.0777 1652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 00:21:16.0780 1652 intelide - ok 00:21:16.0817 1652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 00:21:16.0818 1652 intelppm - ok 00:21:16.0877 1652 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 00:21:16.0882 1652 IPBusEnum - ok 00:21:16.0917 1652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:21:16.0919 1652 IpFilterDriver - ok 00:21:16.0996 1652 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 00:21:17.0004 1652 iphlpsvc - ok 00:21:17.0069 1652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 00:21:17.0070 1652 IPMIDRV - ok 00:21:17.0114 1652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 00:21:17.0116 1652 IPNAT - ok 00:21:17.0151 1652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 00:21:17.0152 1652 IRENUM - ok 00:21:17.0178 1652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 00:21:17.0182 1652 isapnp - ok 00:21:17.0246 1652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 00:21:17.0249 1652 iScsiPrt - ok 00:21:17.0289 1652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 00:21:17.0291 1652 kbdclass - ok 00:21:17.0341 1652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 00:21:17.0343 1652 kbdhid - ok 00:21:17.0393 1652 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:21:17.0399 1652 KeyIso - ok 00:21:17.0423 1652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 00:21:17.0425 1652 KSecDD - ok 00:21:17.0457 1652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 00:21:17.0459 1652 KSecPkg - ok 00:21:17.0516 1652 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 00:21:17.0522 1652 KtmRm - ok 00:21:17.0577 1652 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll 00:21:17.0601 1652 LanmanServer - ok 00:21:17.0653 1652 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 00:21:17.0660 1652 LanmanWorkstation - ok 00:21:17.0850 1652 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 00:21:17.0853 1652 LBTServ - ok 00:21:17.0916 1652 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys 00:21:17.0918 1652 LHidFilt - ok 00:21:18.0013 1652 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys 00:21:18.0017 1652 libusb0 - ok 00:21:18.0067 1652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 00:21:18.0069 1652 lltdio - ok 00:21:18.0121 1652 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 00:21:18.0126 1652 lltdsvc - ok 00:21:18.0151 1652 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 00:21:18.0155 1652 lmhosts - ok 00:21:18.0206 1652 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys 00:21:18.0208 1652 LMouFilt - ok 00:21:18.0258 1652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 00:21:18.0260 1652 LSI_FC - ok 00:21:18.0289 1652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 00:21:18.0290 1652 LSI_SAS - ok 00:21:18.0320 1652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:21:18.0322 1652 LSI_SAS2 - ok 00:21:18.0354 1652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:21:18.0356 1652 LSI_SCSI - ok 00:21:18.0380 1652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 00:21:18.0384 1652 luafv - ok 00:21:18.0441 1652 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys 00:21:18.0443 1652 mcdbus - ok 00:21:18.0504 1652 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 00:21:18.0508 1652 Mcx2Svc - ok 00:21:18.0537 1652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 00:21:18.0538 1652 megasas - ok 00:21:18.0572 1652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 00:21:18.0575 1652 MegaSR - ok 00:21:18.0624 1652 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 00:21:18.0629 1652 MMCSS - ok 00:21:18.0652 1652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 00:21:18.0654 1652 Modem - ok 00:21:18.0693 1652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 00:21:18.0694 1652 monitor - ok 00:21:18.0757 1652 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys 00:21:18.0759 1652 MotioninJoyXFilter - ok 00:21:18.0819 1652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 00:21:18.0821 1652 mouclass - ok 00:21:18.0855 1652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 00:21:18.0856 1652 mouhid - ok 00:21:18.0905 1652 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 00:21:18.0907 1652 mountmgr - ok 00:21:18.0999 1652 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 00:21:19.0003 1652 MozillaMaintenance - ok 00:21:19.0066 1652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 00:21:19.0070 1652 mpio - ok 00:21:19.0107 1652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 00:21:19.0108 1652 mpsdrv - ok 00:21:19.0175 1652 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 00:21:19.0184 1652 MpsSvc - ok 00:21:19.0253 1652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 00:21:19.0255 1652 MRxDAV - ok 00:21:19.0327 1652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 00:21:19.0329 1652 mrxsmb - ok 00:21:19.0392 1652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:21:19.0395 1652 mrxsmb10 - ok 00:21:19.0426 1652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:21:19.0428 1652 mrxsmb20 - ok 00:21:19.0454 1652 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 00:21:19.0456 1652 msahci - ok 00:21:19.0485 1652 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 00:21:19.0489 1652 msdsm - ok 00:21:19.0541 1652 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 00:21:19.0546 1652 MSDTC - ok 00:21:19.0606 1652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 00:21:19.0608 1652 Msfs - ok 00:21:19.0640 1652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 00:21:19.0641 1652 mshidkmdf - ok 00:21:19.0660 1652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 00:21:19.0661 1652 msisadrv - ok 00:21:19.0723 1652 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 00:21:19.0727 1652 MSiSCSI - ok 00:21:19.0741 1652 msiserver - ok 00:21:19.0786 1652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 00:21:19.0788 1652 MSKSSRV - ok 00:21:19.0817 1652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 00:21:19.0818 1652 MSPCLOCK - ok 00:21:19.0834 1652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 00:21:19.0838 1652 MSPQM - ok 00:21:19.0892 1652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 00:21:19.0894 1652 MsRPC - ok 00:21:19.0944 1652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 00:21:19.0945 1652 mssmbios - ok 00:21:20.0288 1652 MSSQL$SQLEXPRESS - ok 00:21:20.0342 1652 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 00:21:20.0344 1652 MSSQLServerADHelper100 - ok 00:21:20.0428 1652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 00:21:20.0429 1652 MSTEE - ok 00:21:20.0573 1652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 00:21:20.0574 1652 MTConfig - ok 00:21:21.0027 1652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 00:21:21.0029 1652 Mup - ok 00:21:22.0256 1652 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 00:21:22.0264 1652 napagent - ok 00:21:22.0306 1652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 00:21:22.0311 1652 NativeWifiP - ok 00:21:22.0391 1652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 00:21:22.0397 1652 NDIS - ok 00:21:22.0433 1652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 00:21:22.0434 1652 NdisCap - ok 00:21:22.0469 1652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 00:21:22.0471 1652 NdisTapi - ok 00:21:22.0511 1652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 00:21:22.0512 1652 Ndisuio - ok 00:21:22.0557 1652 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 00:21:22.0559 1652 NdisWan - ok 00:21:22.0636 1652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 00:21:22.0638 1652 NDProxy - ok 00:21:22.0684 1652 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll 00:21:22.0688 1652 Net Driver HPZ12 - ok 00:21:22.0745 1652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 00:21:22.0747 1652 NetBIOS - ok 00:21:22.0805 1652 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 00:21:22.0808 1652 NetBT - ok 00:21:22.0850 1652 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:21:22.0854 1652 Netlogon - ok 00:21:22.0936 1652 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 00:21:22.0947 1652 Netman - ok 00:21:22.0997 1652 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 00:21:23.0005 1652 netprofm - ok 00:21:23.0140 1652 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:21:23.0142 1652 NetTcpPortSharing - ok 00:21:23.0206 1652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 00:21:23.0208 1652 nfrd960 - ok 00:21:23.0278 1652 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 00:21:23.0289 1652 NlaSvc - ok 00:21:23.0316 1652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 00:21:23.0317 1652 Npfs - ok 00:21:23.0335 1652 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 00:21:23.0341 1652 nsi - ok 00:21:23.0366 1652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 00:21:23.0367 1652 nsiproxy - ok 00:21:23.0495 1652 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 00:21:23.0505 1652 Ntfs - ok 00:21:23.0566 1652 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys 00:21:23.0568 1652 NuidFltr - ok 00:21:23.0593 1652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 00:21:23.0597 1652 Null - ok 00:21:23.0644 1652 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 00:21:23.0648 1652 nvraid - ok 00:21:23.0674 1652 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 00:21:23.0676 1652 nvstor - ok 00:21:23.0733 1652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 00:21:23.0735 1652 nv_agp - ok 00:21:23.0854 1652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:21:23.0858 1652 odserv - ok 00:21:23.0897 1652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 00:21:23.0899 1652 ohci1394 - ok 00:21:23.0952 1652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:21:23.0953 1652 ose - ok 00:21:24.0009 1652 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 00:21:24.0016 1652 p2pimsvc - ok 00:21:24.0061 1652 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 00:21:24.0069 1652 p2psvc - ok 00:21:24.0164 1652 papycpu (8051a829dc5544c55fb647447c4b0286) C:\Windows\system32\drivers\papycpu.sys 00:21:24.0166 1652 papycpu - ok 00:21:24.0251 1652 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\Windows\System32\DRIVERS\papycpu2.sys 00:21:24.0252 1652 papycpu2 - ok 00:21:24.0273 1652 papyjoy (a4b3fb04a3f6367bc264e8addcae2a48) C:\Windows\system32\drivers\papyjoy.sys 00:21:24.0274 1652 papyjoy - ok 00:21:24.0320 1652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 00:21:24.0321 1652 Parport - ok 00:21:24.0361 1652 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 00:21:24.0363 1652 partmgr - ok 00:21:24.0386 1652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 00:21:24.0387 1652 Parvdm - ok 00:21:24.0495 1652 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys 00:21:24.0496 1652 pbfilter - ok 00:21:24.0542 1652 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 00:21:24.0550 1652 PcaSvc - ok 00:21:24.0607 1652 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 00:21:24.0610 1652 pci - ok 00:21:24.0635 1652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 00:21:24.0637 1652 pciide - ok 00:21:24.0675 1652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 00:21:24.0678 1652 pcmcia - ok 00:21:24.0703 1652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 00:21:24.0710 1652 pcw - ok 00:21:24.0767 1652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 00:21:24.0773 1652 PEAUTH - ok 00:21:24.0952 1652 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 00:21:24.0972 1652 pla - ok 00:21:25.0162 1652 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 00:21:25.0170 1652 PlugPlay - ok 00:21:25.0221 1652 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll 00:21:25.0224 1652 Pml Driver HPZ12 - ok 00:21:25.0272 1652 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 00:21:25.0277 1652 PNRPAutoReg - ok 00:21:25.0322 1652 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 00:21:25.0329 1652 PNRPsvc - ok 00:21:25.0410 1652 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys 00:21:25.0412 1652 Point32 - ok 00:21:25.0483 1652 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 00:21:25.0489 1652 PolicyAgent - ok 00:21:25.0546 1652 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 00:21:25.0555 1652 Power - ok 00:21:25.0603 1652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 00:21:25.0605 1652 PptpMiniport - ok 00:21:25.0626 1652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 00:21:25.0627 1652 Processor - ok 00:21:25.0686 1652 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll 00:21:25.0692 1652 ProfSvc - ok 00:21:25.0740 1652 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:21:25.0745 1652 ProtectedStorage - ok 00:21:25.0828 1652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 00:21:25.0831 1652 Psched - ok 00:21:25.0948 1652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 00:21:25.0960 1652 ql2300 - ok 00:21:26.0113 1652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 00:21:26.0115 1652 ql40xx - ok 00:21:26.0176 1652 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 00:21:26.0184 1652 QWAVE - ok 00:21:26.0205 1652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 00:21:26.0207 1652 QWAVEdrv - ok 00:21:26.0294 1652 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll 00:21:26.0296 1652 RapiMgr - ok 00:21:26.0323 1652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 00:21:26.0325 1652 RasAcd - ok 00:21:26.0377 1652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 00:21:26.0379 1652 RasAgileVpn - ok 00:21:26.0407 1652 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 00:21:26.0413 1652 RasAuto - ok 00:21:26.0439 1652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 00:21:26.0442 1652 Rasl2tp - ok 00:21:26.0531 1652 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 00:21:26.0539 1652 RasMan - ok 00:21:26.0561 1652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 00:21:26.0563 1652 RasPppoe - ok 00:21:26.0591 1652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 00:21:26.0593 1652 RasSstp - ok 00:21:26.0651 1652 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 00:21:26.0655 1652 rdbss - ok 00:21:26.0682 1652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 00:21:26.0683 1652 rdpbus - ok 00:21:26.0722 1652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 00:21:26.0724 1652 RDPCDD - ok 00:21:26.0765 1652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 00:21:26.0766 1652 RDPENCDD - ok 00:21:26.0795 1652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 00:21:26.0797 1652 RDPREFMP - ok 00:21:26.0839 1652 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys 00:21:26.0842 1652 RDPWD - ok 00:21:26.0898 1652 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 00:21:26.0901 1652 rdyboost - ok 00:21:26.0948 1652 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 00:21:26.0955 1652 RemoteAccess - ok 00:21:27.0015 1652 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 00:21:27.0021 1652 RemoteRegistry - ok 00:21:27.0080 1652 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys 00:21:27.0082 1652 rimmptsk - ok 00:21:27.0141 1652 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys 00:21:27.0143 1652 rimsptsk - ok 00:21:27.0195 1652 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys 00:21:27.0197 1652 rismxdp - ok 00:21:27.0227 1652 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 00:21:27.0233 1652 RpcEptMapper - ok 00:21:27.0280 1652 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 00:21:27.0284 1652 RpcLocator - ok 00:21:27.0347 1652 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 00:21:27.0355 1652 RpcSs - ok 00:21:27.0410 1652 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys 00:21:27.0413 1652 RsFx0102 - ok 00:21:27.0484 1652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 00:21:27.0486 1652 rspndr - ok 00:21:27.0534 1652 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 00:21:27.0536 1652 s0016bus - ok 00:21:27.0579 1652 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 00:21:27.0581 1652 s0016mdfl - ok 00:21:27.0636 1652 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 00:21:27.0641 1652 s0016mdm - ok 00:21:27.0699 1652 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 00:21:27.0701 1652 s0016mgmt - ok 00:21:27.0757 1652 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 00:21:27.0758 1652 s0016nd5 - ok 00:21:27.0818 1652 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 00:21:27.0820 1652 s0016obex - ok 00:21:27.0902 1652 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 00:21:27.0904 1652 s0016unic - ok 00:21:27.0970 1652 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys 00:21:27.0972 1652 s616bus - ok 00:21:27.0994 1652 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys 00:21:27.0995 1652 s616mdfl - ok 00:21:28.0031 1652 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys 00:21:28.0033 1652 s616mdm - ok 00:21:28.0060 1652 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\Windows\system32\DRIVERS\s616mgmt.sys 00:21:28.0062 1652 s616mgmt - ok 00:21:28.0092 1652 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys 00:21:28.0093 1652 s616nd5 - ok 00:21:28.0126 1652 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys 00:21:28.0128 1652 s616obex - ok 00:21:28.0164 1652 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys 00:21:28.0166 1652 s616unic - ok 00:21:28.0219 1652 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:21:28.0225 1652 SamSs - ok 00:21:28.0329 1652 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 00:21:28.0330 1652 SASDIFSV - ok 00:21:28.0405 1652 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 00:21:28.0407 1652 SASKUTIL - ok 00:21:28.0477 1652 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 00:21:28.0479 1652 sbp2port - ok 00:21:28.0533 1652 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 00:21:28.0539 1652 SCardSvr - ok 00:21:28.0590 1652 SCDEmu (52402149e66200c2c2bda115bca757d6) C:\Windows\system32\drivers\SCDEmu.sys 00:21:28.0594 1652 SCDEmu - ok 00:21:28.0636 1652 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 00:21:28.0638 1652 scfilter - ok 00:21:28.0817 1652 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 00:21:28.0830 1652 Schedule - ok 00:21:28.0886 1652 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 00:21:28.0888 1652 SCPolicySvc - ok 00:21:28.0954 1652 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 00:21:28.0956 1652 sdbus - ok 00:21:29.0017 1652 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 00:21:29.0024 1652 SDRSVC - ok 00:21:29.0116 1652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 00:21:29.0119 1652 secdrv - ok 00:21:29.0233 1652 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 00:21:29.0239 1652 seclogon - ok 00:21:29.0297 1652 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll 00:21:29.0353 1652 SENS - ok 00:21:29.0404 1652 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 00:21:29.0412 1652 SensrSvc - ok 00:21:29.0464 1652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 00:21:29.0466 1652 Serenum - ok 00:21:29.0518 1652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 00:21:29.0520 1652 Serial - ok 00:21:29.0584 1652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 00:21:29.0600 1652 sermouse - ok 00:21:29.0701 1652 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 00:21:29.0733 1652 SessionEnv - ok 00:21:29.0793 1652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 00:21:29.0796 1652 sffdisk - ok 00:21:29.0832 1652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 00:21:29.0834 1652 sffp_mmc - ok 00:21:29.0866 1652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys 00:21:29.0882 1652 sffp_sd - ok 00:21:29.0931 1652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 00:21:29.0933 1652 sfloppy - ok 00:21:30.0028 1652 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 00:21:30.0033 1652 SharedAccess - ok 00:21:30.0201 1652 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 00:21:30.0235 1652 ShellHWDetection - ok 00:21:30.0296 1652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 00:21:30.0298 1652 sisagp - ok 00:21:30.0349 1652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:21:30.0351 1652 SiSRaid2 - ok 00:21:30.0377 1652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 00:21:30.0381 1652 SiSRaid4 - ok 00:21:30.0410 1652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 00:21:30.0414 1652 Smb - ok 00:21:30.0465 1652 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 00:21:30.0471 1652 SNMPTRAP - ok 00:21:30.0490 1652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 00:21:30.0492 1652 spldr - ok 00:21:30.0556 1652 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 00:21:30.0564 1652 Spooler - ok 00:21:30.0806 1652 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 00:21:30.0835 1652 sppsvc - ok 00:21:30.0985 1652 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 00:21:30.0993 1652 sppuinotify - ok 00:21:31.0139 1652 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 00:21:31.0150 1652 SQLAgent$SQLEXPRESS - ok 00:21:31.0227 1652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 00:21:31.0231 1652 srv - ok 00:21:31.0279 1652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 00:21:31.0288 1652 srv2 - ok 00:21:31.0353 1652 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 00:21:31.0356 1652 SrvHsfHDA - ok 00:21:31.0443 1652 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 00:21:31.0452 1652 SrvHsfV92 - ok 00:21:31.0513 1652 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 00:21:31.0519 1652 SrvHsfWinac - ok 00:21:31.0551 1652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 00:21:31.0553 1652 srvnet - ok 00:21:31.0601 1652 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 00:21:31.0608 1652 SSDPSRV - ok 00:21:31.0632 1652 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 00:21:31.0641 1652 SstpSvc - ok 00:21:31.0731 1652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 00:21:31.0733 1652 stexstor - ok 00:21:31.0868 1652 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 00:21:31.0883 1652 StiSvc - ok 00:21:31.0931 1652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 00:21:31.0932 1652 swenum - ok 00:21:31.0969 1652 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 00:21:31.0977 1652 swprv - ok 00:21:32.0105 1652 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 00:21:32.0119 1652 SysMain - ok 00:21:32.0164 1652 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 00:21:32.0173 1652 TabletInputService - ok 00:21:32.0245 1652 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 00:21:32.0253 1652 TapiSrv - ok 00:21:32.0274 1652 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 00:21:32.0281 1652 TBS - ok 00:21:32.0466 1652 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 00:21:32.0476 1652 Tcpip - ok 00:21:32.0508 1652 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 00:21:32.0518 1652 TCPIP6 - ok 00:21:32.0573 1652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 00:21:32.0575 1652 tcpipreg - ok 00:21:32.0637 1652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 00:21:32.0639 1652 TDPIPE - ok 00:21:32.0672 1652 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 00:21:32.0674 1652 TDTCP - ok 00:21:32.0717 1652 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 00:21:32.0721 1652 tdx - ok 00:21:32.0767 1652 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 00:21:32.0771 1652 TermDD - ok 00:21:32.0841 1652 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 00:21:32.0851 1652 TermService - ok 00:21:32.0884 1652 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 00:21:32.0893 1652 Themes - ok 00:21:32.0945 1652 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 00:21:32.0949 1652 THREADORDER - ok 00:21:32.0994 1652 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 00:21:33.0001 1652 TrkWks - ok 00:21:33.0077 1652 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 00:21:33.0079 1652 TrustedInstaller - ok 00:21:33.0110 1652 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 00:21:33.0112 1652 tssecsrv - ok 00:21:33.0147 1652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 00:21:33.0149 1652 TsUsbFlt - ok 00:21:33.0219 1652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 00:21:33.0224 1652 tunnel - ok 00:21:33.0275 1652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 00:21:33.0277 1652 uagp35 - ok 00:21:33.0343 1652 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 00:21:33.0346 1652 udfs - ok 00:21:33.0402 1652 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 00:21:33.0415 1652 UI0Detect - ok 00:21:33.0460 1652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 00:21:33.0462 1652 uliagpkx - ok 00:21:33.0520 1652 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 00:21:33.0524 1652 umbus - ok 00:21:33.0542 1652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 00:21:33.0544 1652 UmPass - ok 00:21:33.0656 1652 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 00:21:33.0669 1652 upnphost - ok 00:21:33.0729 1652 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 00:21:33.0731 1652 usbaudio - ok 00:21:33.0780 1652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 00:21:33.0782 1652 usbccgp - ok 00:21:33.0827 1652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 00:21:33.0829 1652 usbcir - ok 00:21:33.0874 1652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 00:21:33.0876 1652 usbehci - ok 00:21:33.0948 1652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 00:21:33.0951 1652 usbhub - ok 00:21:33.0997 1652 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 00:21:33.0999 1652 usbohci - ok 00:21:34.0021 1652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 00:21:34.0025 1652 usbprint - ok 00:21:34.0079 1652 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 00:21:34.0081 1652 usbscan - ok 00:21:34.0129 1652 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:21:34.0131 1652 USBSTOR - ok 00:21:34.0173 1652 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 00:21:34.0180 1652 usbuhci - ok 00:21:34.0233 1652 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 00:21:34.0235 1652 usb_rndisx - ok 00:21:34.0281 1652 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 00:21:34.0288 1652 UxSms - ok 00:21:34.0326 1652 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 00:21:34.0330 1652 VaultSvc - ok 00:21:34.0379 1652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 00:21:34.0381 1652 vdrvroot - ok 00:21:34.0459 1652 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 00:21:34.0468 1652 vds - ok 00:21:34.0525 1652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 00:21:34.0526 1652 vga - ok 00:21:34.0545 1652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 00:21:34.0547 1652 VgaSave - ok 00:21:34.0617 1652 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 00:21:34.0620 1652 vhdmp - ok 00:21:34.0656 1652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 00:21:34.0660 1652 viaagp - ok 00:21:34.0690 1652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 00:21:34.0694 1652 ViaC7 - ok 00:21:34.0720 1652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 00:21:34.0722 1652 viaide - ok 00:21:34.0744 1652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 00:21:34.0746 1652 volmgr - ok 00:21:34.0789 1652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 00:21:34.0794 1652 volmgrx - ok 00:21:34.0836 1652 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 00:21:34.0839 1652 volsnap - ok 00:21:34.0884 1652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 00:21:34.0886 1652 vsmraid - ok 00:21:35.0011 1652 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 00:21:35.0025 1652 VSS - ok 00:21:35.0055 1652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 00:21:35.0057 1652 vwifibus - ok 00:21:35.0096 1652 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 00:21:35.0099 1652 vwififlt - ok 00:21:35.0151 1652 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 00:21:35.0153 1652 vwifimp - ok 00:21:35.0236 1652 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 00:21:35.0245 1652 W32Time - ok 00:21:35.0286 1652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 00:21:35.0288 1652 WacomPen - ok 00:21:35.0339 1652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 00:21:35.0342 1652 WANARP - ok 00:21:35.0354 1652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 00:21:35.0356 1652 Wanarpv6 - ok 00:21:35.0519 1652 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 00:21:35.0530 1652 WatAdminSvc - ok 00:21:35.0648 1652 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 00:21:35.0663 1652 wbengine - ok 00:21:35.0702 1652 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 00:21:35.0717 1652 WbioSrvc - ok 00:21:35.0807 1652 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll 00:21:35.0811 1652 WcesComm - ok 00:21:35.0884 1652 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 00:21:35.0892 1652 wcncsvc - ok 00:21:35.0912 1652 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 00:21:35.0919 1652 WcsPlugInService - ok 00:21:35.0991 1652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 00:21:35.0993 1652 Wd - ok 00:21:36.0045 1652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 00:21:36.0050 1652 Wdf01000 - ok 00:21:36.0070 1652 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 00:21:36.0080 1652 WdiServiceHost - ok 00:21:36.0091 1652 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 00:21:36.0100 1652 WdiSystemHost - ok 00:21:36.0156 1652 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 00:21:36.0166 1652 WebClient - ok 00:21:36.0192 1652 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 00:21:36.0202 1652 Wecsvc - ok 00:21:36.0233 1652 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 00:21:36.0240 1652 wercplsupport - ok 00:21:36.0284 1652 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 00:21:36.0291 1652 WerSvc - ok 00:21:36.0343 1652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 00:21:36.0346 1652 WfpLwf - ok 00:21:36.0372 1652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 00:21:36.0374 1652 WIMMount - ok 00:21:36.0539 1652 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 00:21:36.0545 1652 WinDefend - ok 00:21:36.0571 1652 WinHttpAutoProxySvc - ok 00:21:36.0669 1652 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 00:21:36.0672 1652 Winmgmt - ok 00:21:36.0786 1652 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 00:21:36.0802 1652 WinRM - ok 00:21:36.0907 1652 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 00:21:36.0909 1652 WinUsb - ok 00:21:37.0006 1652 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 00:21:37.0020 1652 Wlansvc - ok 00:21:37.0122 1652 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 00:21:37.0124 1652 wlcrasvc - ok 00:21:37.0304 1652 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:21:37.0317 1652 wlidsvc - ok 00:21:37.0477 1652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 00:21:37.0478 1652 WmiAcpi - ok 00:21:37.0572 1652 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 00:21:37.0575 1652 wmiApSrv - ok 00:21:37.0757 1652 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 00:21:37.0766 1652 WMPNetworkSvc - ok 00:21:37.0800 1652 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 00:21:37.0807 1652 WPCSvc - ok 00:21:37.0863 1652 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 00:21:37.0873 1652 WPDBusEnum - ok 00:21:37.0954 1652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 00:21:37.0956 1652 ws2ifsl - ok 00:21:37.0987 1652 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll 00:21:37.0995 1652 wscsvc - ok 00:21:38.0049 1652 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys 00:21:38.0051 1652 WSDPrintDevice - ok 00:21:38.0076 1652 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys 00:21:38.0078 1652 WSDScan - ok 00:21:38.0093 1652 WSearch - ok 00:21:38.0250 1652 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 00:21:38.0275 1652 wuauserv - ok 00:21:38.0437 1652 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 00:21:38.0440 1652 WudfPf - ok 00:21:38.0477 1652 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 00:21:38.0479 1652 WUDFRd - ok 00:21:38.0538 1652 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 00:21:38.0546 1652 wudfsvc - ok 00:21:38.0590 1652 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 00:21:38.0600 1652 WwanSvc - ok 00:21:38.0688 1652 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys 00:21:38.0690 1652 xusb21 - ok 00:21:38.0762 1652 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys 00:21:38.0770 1652 yukonw7 - ok 00:21:38.0864 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 00:21:39.0084 1652 \Device\Harddisk0\DR0 - ok 00:21:39.0093 1652 Boot (0x1200) (70409ae6fda6998c556926a11c1486d4) \Device\Harddisk0\DR0\Partition0 00:21:39.0094 1652 \Device\Harddisk0\DR0\Partition0 - ok 00:21:39.0112 1652 Boot (0x1200) (6ad65bcc9aeff9679cbf3165053cbc05) \Device\Harddisk0\DR0\Partition1 00:21:39.0114 1652 \Device\Harddisk0\DR0\Partition1 - ok 00:21:39.0120 1652 ============================================================ 00:21:39.0120 1652 Scan finished 00:21:39.0120 1652 ============================================================ 00:21:39.0142 3740 Detected object count: 0 00:21:39.0142 3740 Actual detected object count: 0 -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Having an issue on step 3, getting a pop-up box that says: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" refers to a location that is unavailable. Followed the directions exactly,not sure what happened. -
Yet another WhiteSmoke infection
jwill80 replied to jwill80's topic in Resolved Malware Removal Logs
Here is contents of the ATTACH.txt file: . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/3/2010 3:10:25 PM System Uptime: 6/22/2012 4:22:38 PM (2 hours ago) . Motherboard: Dell Inc. | | 0U990C Processor: Intel® Celeron® CPU 550 @ 2.00GHz | Microprocessor | 1995/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 114.626 GiB free. D: is CDROM () F: is FIXED (FAT32) - 75 GiB total, 45.213 GiB free. G: is CDROM () X: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP415: 6/5/2012 7:14:22 AM - Windows Update RP416: 6/8/2012 7:36:42 AM - Windows Update RP417: 6/12/2012 7:34:13 AM - Windows Update RP418: 6/13/2012 10:31:51 PM - Windows Update RP419: 6/19/2012 7:40:19 AM - Windows Update RP420: 6/21/2012 6:52:16 AM - Windows Update RP422: 6/21/2012 7:00:53 AM - Windows Live Essentials RP424: 6/21/2012 7:03:21 AM - Installed DirectX RP426: 6/21/2012 7:04:54 AM - Installed DirectX RP428: 6/21/2012 8:18:25 AM - Windows Live Essentials RP430: 6/21/2012 8:20:28 AM - Installed DirectX RP432: 6/21/2012 8:21:43 AM - Installed DirectX RP433: 6/21/2012 8:22:09 AM - WLSetup RP435: 6/21/2012 10:40:46 AM - Removed RollerCoaster Tycoon 2 Triple Thrill Pack . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 32 Bit HP CIO Components Installer 3DVIA player 5.0.0.20 Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.1 Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Audacity 1.2.6 avast! Free Antivirus calibre Canon IJ Network Scan Utility Canon IJ Network Tool Canon MP640 series MP Drivers Canon MP640 series User Registration Canon Utilities My Printer D3DX10 EASEUS Partition Master 8.0.1 Home Edition eReg Free M4a to MP3 Converter 7.0 Free Mp3 Wma Converter V 2.2 Free Window Registry Repair Hamster Free EbookConverter Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 ImagXpress Intel® Graphics Media Accelerator Driver Intel® TV Wizard Java Auto Updater Java 6 Update 29 Java 7 Update 2 Junk Mail filter update LAME v3.98.2 for Audacity Logitech SetPoint 6.22 Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Management Studio Microsoft SQL Server 2008 RsFx Driver Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio Tools for Applications 2.0 - ENU Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.49 MS Access 97 SP2 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) neroxml Network OGA Notifier 2.0.0048.0 PeerBlock 1.1 (r518) PowerISO PS_AIO_07_D110_SW_Min PS3 Media Server QuickTime RCT3 Soaked RICOH R5U8xx Media Driver ver.3.62.02 RollerCoaster Tycoon 2 Triple Thrill Pack RollerCoaster Tycoon® 3 Sansa Updater Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Sql Server Customer Experience Improvement Program SUPERAntiSpyware swMSM Toolbox Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 6/22/2012 6:46:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service. 6/22/2012 5:35:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/22/2012 4:43:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 6/22/2012 10:14:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSLPSVC service. 6/22/2012 1:59:54 PM, Error: Service Control Manager [7000] - The DUALSHOCK3 Controller HID Minidriver (USB) Beta service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 6/22/2012 1:59:54 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified. 6/22/2012 1:59:28 PM, Error: volmgr [46] - Crash dump initialization failed! 6/21/2012 12:46:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 6/21/2012 12:38:54 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 6/17/2012 2:25:17 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting. 6/16/2012 9:08:08 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer EDWIN-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD4B7C28-244C-43F0-8FA2-14EDF80. The master browser is stopping or an election is being forced. 6/15/2012 11:57:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUDITHSTUSS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD4B7C28-244C-43F0-8FA2-14E. The master browser is stopping or an election is being forced. 6/15/2012 11:08:55 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.123. The computer with the IP address 192.168.1.125 did not allow the name to be claimed by this computer. . ==== End Of File =========================== Utorrent has been uninstalled. Thank you for the fast reply. -
Whitesmoke toolbar showing up on Firefox. Here is the DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0 Run by John at 18:49:00 on 2012-06-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.979 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\WindowsMobile\wmdcBase.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\System32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 uSearch Bar = Preserve mDefault_Page_URL = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live \WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [Apple Computer] rundll32.exe "c:\users\john\appdata\local\dfx\apple computer\ryspolxg.dll",CreateInstance uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\john\appdata\local\temp\{1f622389-e184-41f9- b1df-77198c1e351c}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: samsung.com\www DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199 TCP: Interfaces\{9320F265-75F3-49E1-8F5C-85C423F568FD} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733} : DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199 TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\4646D2772747 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\7596C6C69616D637 : DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199 TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\7657563747 : DhcpNameServer = 10.12.10.1 10.21.35.10 10.18.35.10 TCP: Interfaces\{AD4B7C28-244C-43F0-8FA2-14EDF80DC733}\8416E637 : DhcpNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q= FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\ffnmk6ox.default\extensions\devicedetection@logitech.com\plugins \npLogitechDeviceDetection.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-21 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-3 337880] R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2011-4-3 1984] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-3 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-3 57688] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-25 44768] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2011-8-23 11392] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-28 257224] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-22 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-22 8456] S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-1-21 33792] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-4-3 81168] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976] S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-2-8 20080] S3 PS3 Media Server;PS3 Media Server; [x] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-8-14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-8-14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-8-14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-8-14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-8-14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-8-14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-8-14 115752] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-12 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-06-22 14:24:39 -------- d-----w- c:\users\john\appdata\roaming\SUPERAntiSpyware.com 2012-06-22 14:24:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-22 14:24:03 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-22 10:51:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6186e0e-a18a-4034-820d- 3c8e137af848}\offreg.dll 2012-06-22 10:50:04 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6186e0e-a18a-4034-820d- 3c8e137af848}\mpengine.dll 2012-06-22 10:47:09 -------- d-----w- c:\users\john\appdata\local\{5C63912F-64A9-4357-A592-D3B6FCDCC623} 2012-06-22 10:46:43 -------- d-----w- c:\users\john\appdata\local\{48D66B41-BBD3-48B8-AB81-66E0C5D07EDD} 2012-06-21 19:05:45 -------- d-----w- c:\users\john\appdata\local\{AD727E21-C105-46E3-BD0C-A9FBDDBFDCA3} 2012-06-21 19:05:34 -------- d-----w- c:\users\john\appdata\local\{735FCF54-B3C1-477C-A284-6E3045CFD476} 2012-06-21 14:34:04 -------- d-----w- c:\users\john\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-06-21 11:12:58 -------- d-----w- c:\windows\en 2012-06-21 11:06:03 -------- d-----w- c:\program files\Adobe Download Assistant 2012-06-21 11:05:30 -------- d-----w- c:\users\john\appdata\local\{3AE0167D-9012-41F3-A58A-F2FC68DEDA0A} 2012-06-21 11:04:37 -------- d-----w- c:\program files\Conduit 2012-06-21 11:04:28 -------- d-----w- c:\users\john\appdata\local\Conduit 2012-06-21 11:00:56 15712 ----a-w- c:\program files\common files\windows live\.cache\21d76b571cd4f9d02\MeshBetaRemover.exe 2012-06-21 11:00:55 537432 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\DXSETUP.exe 2012-06-21 11:00:54 89944 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\DSETUP.dll 2012-06-21 11:00:54 1801048 ----a-w- c:\program files\common files\windows live\.cache\20d316e71cd4f9d01\dsetup32.dll 2012-06-21 11:00:39 -------- d-----w- c:\users\john\appdata\local\{58FD684D-33C4-42FD-955A-EA9A4EFF2759} 2012-06-21 11:00:02 -------- d-----w- c:\users\john\appdata\local\{7E08D90A-6206-4B6E-A67C-F9F1A1D557BA} 2012-06-21 10:59:52 -------- d-----w- c:\users\john\appdata\local\{FDF459AA-A107-458F-BC28-BF84B1277EE0} 2012-06-21 10:53:52 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 10:53:52 -------- d-----w- c:\users\john\appdata\local\{9F7C556B-138A-4C08-A717-8D8B66764E3D} 2012-06-21 10:53:23 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 10:53:13 -------- d-----w- c:\users\john\appdata\local\{BAC24AA7-A921-4004-AF0E-03324984E623} 2012-06-21 10:52:47 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 10:52:47 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-20 13:37:43 -------- d-----w- c:\users\john\appdata\local\{D4FD3AB5-3316-47EA-87C9-5DDE9B1C27B0} 2012-06-20 13:37:25 -------- d-----w- c:\users\john\appdata\local\{95881B8A-0EBA-40E4-B504-D89128B130B4} 2012-06-16 02:19:26 -------- d-----w- c:\users\john\appdata\local\{49D61010-7B3F-42DB-B396-9911E33223EF} 2012-06-15 13:54:07 -------- d-----w- c:\users\john\appdata\local\{6F23AAB4-13B6-4EA6-BB4C-B4BB2942B2C0} 2012-06-15 01:04:07 -------- d-----w- c:\users\john\appdata\local\{DC1D7565-84E0-4BC2-BF99-9B8D3CEFC244} 2012-06-13 11:40:58 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 11:40:56 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 11:40:54 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 11:40:52 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 11:40:52 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 11:40:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 11:40:49 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 11:40:38 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 11:40:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 11:40:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-11 16:54:00 -------- d-----w- c:\users\john\appdata\local\Macromedia 2012-06-06 22:02:21 -------- d-----w- c:\users\john\appdata\local\{A23D4AC7-8DAF-4282-94BD-23391ED1229E} 2012-06-06 22:02:10 -------- d-----w- c:\users\john\appdata\local\{5ADF7BBA-1F5C-4F81-B093-42210A008A94} 2012-06-06 16:45:01 -------- d-----w- c:\users\john\appdata\local\{502BA10A-2CD7-4F9E-86C5-14532F5A0F64} 2012-06-06 16:44:49 -------- d-----w- c:\users\john\appdata\local\{2AFCFD8C-E193-4353-A5D9-7157F65D5E1D} 2012-06-03 23:55:21 -------- d-----w- c:\users\john\appdata\local\{7E6E0E4B-E1D9-4891-8A69-2D0A19F68302} 2012-06-03 23:55:08 -------- d-----w- c:\users\john\appdata\local\{973C4EE3-AEFA-4154-A1FC-51B302A0354E} 2012-05-29 01:33:32 -------- d-----w- c:\users\john\appdata\local\{07E6DAB2-8ACA-49D4-868F-AFAC19089DDA} 2012-05-28 14:05:18 -------- d-----w- c:\users\john\appdata\local\3DVIA 2012-05-28 14:04:57 -------- d-----w- c:\programdata\3DVIA 2012-05-28 14:04:56 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2012-05-28 14:04:55 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2012-05-28 14:04:51 -------- d-----w- c:\program files\Virtools 2012-05-28 13:36:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-06-11 16:52:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-24 16:57:34 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys . ============= FINISH: 18:49:50.72 ===============