dakotawolf04
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dakotawolf04
-
-
I really appreciate all of your help. One last question, do you have any advice on the Windows Vista product key validation error?
-
I ran JavaRe and removed the old versions. Then downloaded the latest version of Java. The validation issue is the only problem that i've noticed. Ran another scan with Malwarebytes and nothing detected. Seems to be looking good so far.
-
Here's the ESET log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b116f3437150d648ac9aa80dcbfb0c42
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-30 02:39:44
# local_time=2012-06-29 09:39:44 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 2190179 2190179 0 0
# compatibility_mode=5892 16776574 100 100 52644117 177624091 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=241140
# found=17
# cleaned=17
# scan_time=7420
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win32/Sirefef.FB.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.06.2012_10.43.53\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-348466c0 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-711b6879 a variant of Java/TrojanDownloader.OpenStream.NBM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Michael&Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-77d11ed3 a variant of Java/TrojanDownloader.OpenStream.NBM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Michael&Mary\Desktop\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Michael&Mary\Documents\Program Files\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79WM0YSE\mx_nan_a[1].txt HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRM6ORQE\mx_nan_a[1].txt HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9ALQRDM\firstload_com[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272012_104945\C_Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272012_104945\C_Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
I believe those are from Power Tab editor. Here's the link https://www.virustotal.com/file/240d073240eff10bbeab58c8ef0652f5e2929ac54cd441d7d50eb93402a68f77/analysis/
I tried to validate my Windows Vista but, when i input the product from the sticker it keeps coming up with an error and cant validate it.
-
After I turned on and logged in to my computer today, the desktop background was black, normally have a picture set as the background, and after a bit a window popped up that said "An unauthorized change was made to Windows. You must retype your Windows Vista product key to activate." This is really odd. Would any of the tools I've run so far cause this to happen? I did not put the key in yet, i just hit cancel. I ran the Combofix program and here is the log.
ComboFix 12-06-28.01 - Michael&Mary 06/28/2012 10:48:24.1.2 - x86
Running from: c:\users\Michael&Mary\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael&Mary\AppData\Roaming\Microsoft\Windows\Recent\scan0001.jpg
c:\users\Michael&Mary\AppData\Roaming\Microsoft\Windows\Recent\scan0002.jpg
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\spsys.log
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 15:54 . 2012-06-28 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 15:50 . 2012-06-27 15:50 -------- d-sh--w- c:\users\Michael&Mary\%APPDATA%
2012-06-27 15:49 . 2012-06-27 15:49 -------- d-----w- C:\_OTL
2012-06-27 15:47 . 2012-06-27 15:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-09 17:07 . 2012-06-09 17:07 -------- d-----w- c:\users\Michael&Mary\AppData\Roaming\Sibelius Software
2012-06-09 17:07 . 2012-06-09 17:07 -------- d-----w- c:\program files\Sibelius Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
2012-06-09 17:07 . 2012-06-09 17:07 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT
2012-06-02 22:19 . 2012-06-22 12:32 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 12:32 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 12:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 12:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 12:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 12:32 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 12:32 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-22 12:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 19:51 . 2012-06-13 22:25 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 06:37 . 2012-06-13 22:25 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 22:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 22:25 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 03:23 . 2012-06-13 22:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-05 00:27 . 2012-04-02 16:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 00:27 . 2011-06-06 01:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2012-05-25 03:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-09 23:34 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-09 23:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2007-10-28 19:57 . 2007-10-28 19:57 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-13 07:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-01-19 18:49 4670968 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:27]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:47]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:47]
.
2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} - hxxps://server.userzoom.com/uz/UserZoom.cab
DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} - hxxp://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 10:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\SLUI.exe
c:\windows\System32\SLLUA.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-06-28 11:07:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 16:07
.
Pre-Run: 153,004,351,488 bytes free
Post-Run: 152,863,887,360 bytes free
.
- - End Of File - - 69290FD9F9D6B54A7C30940F8F2BBDC5
-
This is what AVG found
"";"C:\Windows\System32\services.exe";"Trojan horse Patched_c.LYT";"Object is white-listed (critical/system file that should not be removed)"
-
I ran the programs as requested. One question though, I still have AVG running and when Malwarebytes runs AVG will pop up with a message about the trojans we're trying to get rid of. Is this ok? Should I turn off AVG when running Malwarebytes? Here are the logs.
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\ElevatedDiagnostics deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\ElevatedDiagnostics deleted successfully.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ moved successfully.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@ moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@ moved successfully.
C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@ moved successfully.
C:\Users\Michael&Mary\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\Michael&Mary\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\Michael&Mary\AppData\Roaming\LimeWire\themes\windows_theme folder moved successfully.
C:\Users\Michael&Mary\AppData\Roaming\LimeWire\themes folder moved successfully.
C:\Users\Michael&Mary\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\Michael&Mary\AppData\Roaming\LimeWire folder moved successfully.
========== FILES ==========
C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully.
C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\L folder moved successfully.
C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} folder moved successfully.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\L folder moved successfully.
Folder move failed. C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael&Mary\Desktop\cmd.bat deleted successfully.
C:\Users\Michael&Mary\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
User: Michael&Mary
->Temporary Internet Files folder emptied: 294804 bytes
->Flash cache emptied: 60068 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14508 bytes
RecycleBin emptied: 5184989 bytes
Total Files Cleaned = 5.00 mb
System Restore Service not available.
OTL by OldTimer - Version 3.2.53.0 log created on 06272012_104945
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U folder moved successfully.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} folder moved successfully.
PendingFileRenameOperations files...
[2012/06/27 10:55:24 | 000,003,696 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5
[2012/06/27 10:55:24 | 000,003,696 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5
File C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4} not found!
Registry entries deleted on Reboot...
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.27.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Michael&Mary :: MMSCOMP [administrator]
6/27/2012 11:14:20 AM
mbam-log-2012-06-27 (11-14-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205192
Time elapsed: 1 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
OTL logfile created on: 6/26/2012 1:21:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Michael&Mary\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.37 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 58.26% Memory free
6.10 Gb Paging File | 4.60 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): c:\pagefile.sys 2875 2875 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 142.77 Gb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.90 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Computer Name: MMSCOMP | User Name: Michael&Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/26 13:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe
PRC - [2012/06/21 00:18:22 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/17 20:10:55 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/02 06:08:34 | 000,967,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgscanx.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/11 22:34:40 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2007/03/11 22:32:42 | 000,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2007/03/11 22:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/26 10:58:11 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/26 10:58:11 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/05 08:20:54 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/05 08:20:54 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2010/01/27 07:18:57 | 000,163,728 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/05/04 19:27:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/17 20:10:55 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/04/02 22:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/03/30 18:31:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/23 20:21:51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/04 23:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 23:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\MICHAE~1\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/26 11:53:59 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\fnwg.sys -- (ryjqwor)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/05 08:17:19 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/05 08:17:19 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 79 7E A2 01 C2 A9 C7 46 8A C5 85 75 8D EF 96 ED [binary data]
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{0B0219F8-2B01-4167-BD43-A36C53CD08E8}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{5E21637A-9BD5-4ED5-9A15-F6C95F06AB2A}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS365
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={7A7941BE-96CA-4810-8DF3-8C565390C872}&mid=4ca587aa215cf3075cd69d3275846ec1-2793da85c7042633c4b74aabcfbe61472fe2a859〈=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{BFB66404-4CC9-4A7D-9BC7-8216115A8AB2}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\..\SearchScopes\{CD34A348-F951-4788-AB5B-A54131B373F8}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\Michael&Mary\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/03 14:12:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/05 16:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/24 19:15:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/03 14:12:13 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (UserZoomBHO Class) - {246E2928-34B8-48D9-BE73-38BA37241E5B} - C:\Windows\Downloaded Program Files\UserZoom.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Michael&Mary\AppData\Local\Help\ElevatedDiagnostics\airlock32.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Michael&Mary\AppData\Local\Help\ElevatedDiagnostics\airlock32.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2334938911-1074720391-1350934541-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.commissarycoupons.com/scriptx/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab (Citrix ICA Client)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab (BewitchedGameClass Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} https://server.userzoom.com/uz/UserZoom.cab (CUZControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} http://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab (CPlayFirstDDPrilosecControl Object)
O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} http://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab (CPlayFirstDressShopHControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/26 04:21:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46b8b70f-dd03-11db-9ae5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46b8b70f-dd03-11db-9ae5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe
O33 - MountPoints2\{f264cf93-bc99-11db-9e35-001a92100efa}\Shell\AutoRun\command - "" = K:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/26 13:13:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe
[2012/06/26 13:11:12 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael&Mary\Desktop\tdsskiller.exe
[2012/06/26 11:50:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Michael&Mary\Desktop\dds.scr
[2012/06/15 11:48:29 | 000,000,000 | ---D | C] -- C:\Users\Michael&Mary\Documents\Utility Receipts
[2012/06/09 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\Michael&Mary\AppData\Roaming\Sibelius Software
[2012/06/09 12:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sibelius Software
[2007/10/28 14:57:13 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/26 13:27:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 13:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Michael&Mary\Desktop\OTL.exe
[2012/06/26 13:11:19 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael&Mary\Desktop\tdsskiller.exe
[2012/06/26 12:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 12:56:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 12:56:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 11:53:59 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fnwg.sys
[2012/06/26 11:50:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Michael&Mary\Desktop\dds.scr
[2012/06/26 10:56:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/26 10:56:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 10:56:19 | 3622,363,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 10:46:20 | 100,725,600 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/25 21:50:15 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job
[2012/06/25 16:33:53 | 000,664,798 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/18 02:28:21 | 000,287,289 | ---- | M] () -- C:\Users\Michael&Mary\Documents\Bolt Type-Chart.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/26 11:56:59 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@
[2012/06/26 11:56:59 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@
[2012/06/26 11:56:57 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@
[2012/06/26 11:53:59 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fnwg.sys
[2012/06/18 02:28:21 | 000,287,289 | ---- | C] () -- C:\Users\Michael&Mary\Documents\Bolt Type-Chart.pdf
[2012/01/10 16:45:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@
[2012/01/10 16:45:11 | 000,002,048 | -HS- | C] () -- C:\Users\Michael&Mary\AppData\Local\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\@
[2011/12/16 18:35:42 | 000,000,358 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\com.mcmguides.pdg.NCO.2011_state.xml
[2010/12/25 23:06:02 | 3622,363,136 | -HS- | C] () -- \hiberfil.sys
[2010/12/15 12:26:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/13 06:15:03 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2010/07/13 06:15:03 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/03/29 18:38:47 | 000,077,973 | ---- | C] () -- C:\Users\Michael&Mary\water2.jpg
[2009/03/29 18:38:29 | 000,048,359 | ---- | C] () -- C:\Users\Michael&Mary\water1.jpg
[2009/03/29 16:54:11 | 000,043,626 | ---- | C] () -- C:\Users\Michael&Mary\brook-header.jpg
[2009/01/24 11:01:45 | 000,000,094 | ---- | C] () -- C:\Users\Michael&Mary\couponmanager.properties
[2008/07/09 11:45:51 | 000,000,064 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\Statdisk.prefs
[2008/05/22 22:43:15 | 000,000,058 | ---- | C] () -- C:\Users\Michael&Mary\1.feq
[2007/08/28 09:56:38 | 000,000,000 | ---- | C] () -- C:\Users\Michael&Mary\AppData\Roaming\wklnhst.dat
[2007/04/22 02:04:18 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2007/04/22 02:04:18 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2006/12/26 04:00:36 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/12/26 04:00:34 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
========== LOP Check ==========
[2009/03/28 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Alien Skin
[2008/12/15 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Amazon
[2012/05/24 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\AVG2012
[2011/01/04 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Barnes & Noble
[2011/02/26 02:04:51 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Catalina Marketing Corp
[2011/12/16 18:27:47 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\com.mcmguides.pdg.NCO.2011
[2008/03/14 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Design Science
[2010/01/18 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\E-centives
[2008/11/06 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\foobar2000
[2008/09/19 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Gamelab
[2008/06/03 14:02:17 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Hoyle Casino
[2008/06/03 13:22:55 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Hoyle FaceCreator
[2007/02/17 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\ICAClient
[2008/07/03 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Jane s Hotel Family Hero
[2009/03/21 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\KompoZer
[2008/05/20 09:24:45 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\LimeWire
[2008/11/11 13:08:02 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Math Mechanixs
[2007/04/21 00:06:26 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\muvee Technologies
[2011/03/02 22:04:39 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PDG Studyware
[2008/12/19 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PlayFirst
[2009/04/22 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PoBros
[2007/03/12 09:48:59 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\PureEdge
[2010/06/02 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Skip-Bo
[2007/08/28 09:57:30 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Template
[2010/11/16 01:40:49 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\TweakNow PowerPack 2010
[2009/12/23 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\TweakNow RegCleaner
[2008/12/19 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Valusoft
[2008/09/24 08:05:12 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\Wildgames_JanesRealty
[2009/04/20 22:02:03 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\WildTangentv1002
[2007/07/12 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Michael&Mary\AppData\Roaming\WinBatch
[2012/06/26 10:55:22 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/25 21:50:15 | 000,000,406 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E5B68E09-26C2-423A-B845-02510555A17D}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >
OTL Extras logfile created on: 6/26/2012 1:21:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Michael&Mary\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.37 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 58.26% Memory free
6.10 Gb Paging File | 4.60 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): c:\pagefile.sys 2875 2875 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 142.77 Gb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.90 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Computer Name: MMSCOMP | User Name: Michael&Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C2E50C9-1B4C-C582-2E1A-98167D48B6E8}" = PDG GOLD NCO - 2011
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B6DFA96-41E6-4FD7-B380-51764CF7A4BF}" = Trigonometry Solved!
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A11AC02-C461-42B2-B575-B29FB884FBFB}" = e-Sword
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8713CE86-5F4D-4A80-825E-AC1B2C777F85}" = honestech Audio Recorder 2.0 Deluxe
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}" = honestech Audio Recorder 2.0 Deluxe
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"BN_DesktopReader" = NOOK for PC
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.mcmguides.pdg.NCO.2011" = PDG GOLD NCO - 2011
"Coupon Printer for Windows1.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DSMT6" = MathType 6
"Eye Candy 4000" = Eye Candy 4000
"Free Window Registry Repair" = Free Window Registry Repair
"Funnix Begin Reading 1-40" = Funnix Begin Reading 1-40
"GOM Player" = GOM Player
"Google Desktop" = Google Desktop Search
"Graphmatica" = Graphmatica
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Math Mechanixs_is1" = Math Mechanixs
"Math Trek 1, 2, 3" = Math Trek 1, 2, 3
"Math Trek 4, 5, 6" = Math Trek 4, 5, 6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobTime Cell Phone Manager_is1" = MobTime Cell Phone Manager V6.6.5
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition (remove only)
"Multiplex" = Multiplex 1.0
"MyDefrag v4.2.7_is1" = MyDefrag v4.2.7
"NVIDIA Drivers" = NVIDIA Drivers
"Oracle JInitiator 1.3.1.17" = Oracle JInitiator 1.3.1.17
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Phonics" = Phonics
"PROPLUSR" = Microsoft Office Professional Plus 2007
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"Reading" = Reading
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.94
"SysInfo" = Creative System Information
"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"UMS 9.9 equation" = UMS 9.9 equation
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZENcast Organizer" = ZENcast Organizer
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2334938911-1074720391-1350934541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Master Your CDC 3.0" = Master Your CDC 3.0
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"PDG Gold 4.0" = PDG Gold 4.0
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/26/2012 11:40:18 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 6/26/2012 11:40:20 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 6/26/2012 11:40:22 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 6/26/2012 11:40:23 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 6/26/2012 11:42:01 AM | Computer Name = MMscomp | Source = WinMgmt | ID = 28
Description =
Error - 6/26/2012 11:56:37 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 6/26/2012 11:56:38 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 6/26/2012 11:56:41 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 6/26/2012 11:57:01 AM | Computer Name = MMscomp | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 6/26/2012 11:57:09 AM | Computer Name = MMscomp | Source = WinMgmt | ID = 28
Description =
[ Media Center Events ]
Error - 4/18/2008 4:26:02 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/31/2008 9:27:04 AM | Computer Name = MMscomp | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/20/2008 5:44:26 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/9/2009 3:33:57 PM | Computer Name = MMscomp | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 6/26/2012 1:40:36 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/26/2012 1:40:45 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/26/2012 1:41:04 AM | Computer Name = MMscomp | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Photosmart C4200 series
with shared resource name HP Photosmart C4200 series. Error 1753. The printer cannot
be used by others on the network.
Error - 6/26/2012 11:39:51 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/26/2012 11:40:01 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/26/2012 11:40:11 AM | Computer Name = MMscomp | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001A92100EFA has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).
Error - 6/26/2012 11:40:19 AM | Computer Name = MMscomp | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Photosmart C4200 series
with shared resource name HP Photosmart C4200 series. Error 2114. The printer cannot
be used by others on the network.
Error - 6/26/2012 11:55:59 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/26/2012 11:56:16 AM | Computer Name = MMscomp | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/26/2012 11:56:38 AM | Computer Name = MMscomp | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Photosmart C4200 series
with shared resource name HP Photosmart C4200 series. Error 2114. The printer cannot
be used by others on the network.
< End of report >
-
Thank you very much Maniac for helping me with this. I ran the tools and the logs follow. The system says my post is too long. I will post the other logs in another post.
13:13:32.0579 4940 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
13:13:34.0592 4940 ============================================================
13:13:34.0592 4940 Current date / time: 2012/06/26 13:13:34.0592
13:13:34.0592 4940 SystemInfo:
13:13:34.0592 4940
13:13:34.0592 4940 OS Version: 6.0.6002 ServicePack: 2.0
13:13:34.0592 4940 Product type: Workstation
13:13:34.0592 4940 ComputerName: MMSCOMP
13:13:34.0592 4940 UserName: Michael&Mary
13:13:34.0592 4940 Windows directory: C:\Windows
13:13:34.0592 4940 System windows directory: C:\Windows
13:13:34.0592 4940 Processor architecture: Intel x86
13:13:34.0592 4940 Number of processors: 2
13:13:34.0592 4940 Page size: 0x1000
13:13:34.0592 4940 Boot type: Normal boot
13:13:34.0592 4940 ============================================================
13:13:35.0044 4940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
13:13:35.0091 4940 ============================================================
13:13:35.0091 4940 \Device\Harddisk0\DR0:
13:13:35.0091 4940 MBR partitions:
13:13:35.0091 4940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x247A9091
13:13:35.0091 4940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x247A90D0, BlocksNum 0xC84240
13:13:35.0091 4940 ============================================================
13:13:35.0200 4940 C: <-> \Device\Harddisk0\DR0\Partition0
13:13:35.0387 4940 D: <-> \Device\Harddisk0\DR0\Partition1
13:13:35.0387 4940 ============================================================
13:13:35.0387 4940 Initialize success
13:13:35.0387 4940 ============================================================
13:13:41.0378 4656 ============================================================
13:13:41.0378 4656 Scan started
13:13:41.0378 4656 Mode: Manual; SigCheck; TDLFS;
13:13:41.0378 4656 ============================================================
13:13:42.0017 4656 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:13:42.0111 4656 !SASCORE - ok
13:13:42.0345 4656 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:13:42.0376 4656 ACPI - ok
13:13:42.0517 4656 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:13:42.0532 4656 AdobeARMservice - ok
13:13:42.0641 4656 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:13:42.0657 4656 AdobeFlashPlayerUpdateSvc - ok
13:13:42.0735 4656 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:13:42.0797 4656 adp94xx - ok
13:13:42.0829 4656 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:13:42.0860 4656 adpahci - ok
13:13:42.0891 4656 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:13:42.0907 4656 adpu160m - ok
13:13:42.0938 4656 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:13:42.0953 4656 adpu320 - ok
13:13:43.0000 4656 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:13:43.0094 4656 AeLookupSvc - ok
13:13:43.0172 4656 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:13:43.0281 4656 AFD - ok
13:13:43.0343 4656 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:13:43.0359 4656 agp440 - ok
13:13:43.0421 4656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:13:43.0437 4656 aic78xx - ok
13:13:43.0468 4656 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:13:43.0640 4656 ALG - ok
13:13:43.0671 4656 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:13:43.0687 4656 aliide - ok
13:13:43.0733 4656 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:13:43.0749 4656 amdagp - ok
13:13:43.0780 4656 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:13:43.0796 4656 amdide - ok
13:13:43.0843 4656 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:13:44.0061 4656 AmdK7 - ok
13:13:44.0108 4656 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
13:13:44.0170 4656 AmdK8 - ok
13:13:44.0217 4656 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:13:44.0295 4656 Appinfo - ok
13:13:44.0404 4656 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:13:44.0420 4656 Apple Mobile Device - ok
13:13:44.0482 4656 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:13:44.0513 4656 arc - ok
13:13:44.0576 4656 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:13:44.0607 4656 arcsas - ok
13:13:44.0716 4656 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:13:44.0747 4656 aspnet_state - ok
13:13:44.0810 4656 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:44.0872 4656 AsyncMac - ok
13:13:44.0950 4656 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:13:44.0966 4656 atapi - ok
13:13:45.0059 4656 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:13:45.0106 4656 AudioEndpointBuilder - ok
13:13:45.0122 4656 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:13:45.0184 4656 Audiosrv - ok
13:13:45.0590 4656 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
13:13:45.0793 4656 AVGIDSAgent - ok
13:13:45.0933 4656 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:13:45.0964 4656 AVGIDSDriver - ok
13:13:46.0011 4656 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:13:46.0011 4656 AVGIDSEH - ok
13:13:46.0058 4656 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:13:46.0073 4656 AVGIDSFilter - ok
13:13:46.0120 4656 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
13:13:46.0120 4656 AVGIDSShim - ok
13:13:46.0167 4656 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
13:13:46.0183 4656 Avgldx86 - ok
13:13:46.0214 4656 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
13:13:46.0229 4656 Avgmfx86 - ok
13:13:46.0245 4656 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
13:13:46.0261 4656 Avgrkx86 - ok
13:13:46.0339 4656 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
13:13:46.0354 4656 Avgtdix - ok
13:13:46.0448 4656 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:13:46.0463 4656 avgwd - ok
13:13:46.0541 4656 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:13:46.0573 4656 BBSvc - ok
13:13:46.0604 4656 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:13:46.0666 4656 Beep - ok
13:13:46.0744 4656 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:13:46.0807 4656 BITS - ok
13:13:46.0807 4656 blbdrive - ok
13:13:46.0900 4656 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:13:46.0916 4656 Bonjour Service - ok
13:13:46.0978 4656 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:13:47.0041 4656 bowser - ok
13:13:47.0087 4656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:13:47.0134 4656 BrFiltLo - ok
13:13:47.0165 4656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:13:47.0228 4656 BrFiltUp - ok
13:13:47.0275 4656 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:13:47.0337 4656 Browser - ok
13:13:47.0368 4656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:13:47.0431 4656 Brserid - ok
13:13:47.0462 4656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:13:47.0524 4656 BrSerWdm - ok
13:13:47.0555 4656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:13:47.0602 4656 BrUsbMdm - ok
13:13:47.0649 4656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:13:47.0711 4656 BrUsbSer - ok
13:13:47.0758 4656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:13:47.0821 4656 BTHMODEM - ok
13:13:47.0867 4656 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:13:47.0914 4656 cdfs - ok
13:13:47.0961 4656 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:13:48.0008 4656 cdrom - ok
13:13:48.0039 4656 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:13:48.0070 4656 CertPropSvc - ok
13:13:48.0086 4656 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:13:48.0133 4656 circlass - ok
13:13:48.0179 4656 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:13:48.0211 4656 CLFS - ok
13:13:48.0304 4656 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:48.0320 4656 clr_optimization_v2.0.50727_32 - ok
13:13:48.0351 4656 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:13:48.0367 4656 cmdide - ok
13:13:48.0382 4656 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
13:13:48.0398 4656 Compbatt - ok
13:13:48.0398 4656 COMSysApp - ok
13:13:48.0413 4656 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:13:48.0429 4656 crcdisk - ok
13:13:48.0445 4656 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:13:48.0507 4656 Crusoe - ok
13:13:48.0538 4656 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:13:48.0585 4656 CryptSvc - ok
13:13:48.0663 4656 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:13:48.0725 4656 DcomLaunch - ok
13:13:48.0788 4656 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:13:48.0819 4656 DfsC - ok
13:13:49.0006 4656 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:13:49.0225 4656 DFSR - ok
13:13:49.0412 4656 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:13:49.0459 4656 Dhcp - ok
13:13:49.0521 4656 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:13:49.0537 4656 disk - ok
13:13:49.0583 4656 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:13:49.0646 4656 Dnscache - ok
13:13:49.0693 4656 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:13:49.0739 4656 dot3svc - ok
13:13:49.0786 4656 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:13:49.0833 4656 Dot4 - ok
13:13:49.0880 4656 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:13:49.0911 4656 Dot4Print - ok
13:13:49.0927 4656 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:13:49.0973 4656 dot4usb - ok
13:13:50.0051 4656 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:13:50.0129 4656 DPS - ok
13:13:50.0176 4656 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:13:50.0207 4656 drmkaud - ok
13:13:50.0270 4656 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:13:50.0332 4656 DXGKrnl - ok
13:13:50.0363 4656 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:13:50.0426 4656 E1G60 - ok
13:13:50.0488 4656 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:13:50.0504 4656 EapHost - ok
13:13:50.0566 4656 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:13:50.0582 4656 Ecache - ok
13:13:50.0675 4656 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:13:50.0738 4656 ehRecvr - ok
13:13:50.0785 4656 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:13:50.0816 4656 ehSched - ok
13:13:50.0847 4656 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:13:50.0878 4656 ehstart - ok
13:13:50.0909 4656 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:13:50.0941 4656 elxstor - ok
13:13:51.0003 4656 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:13:51.0081 4656 EMDMgmt - ok
13:13:51.0143 4656 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:13:51.0175 4656 EventSystem - ok
13:13:51.0221 4656 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:13:51.0268 4656 exfat - ok
13:13:51.0299 4656 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:13:51.0346 4656 fastfat - ok
13:13:51.0393 4656 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:13:51.0455 4656 fdc - ok
13:13:51.0518 4656 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:13:51.0549 4656 fdPHost - ok
13:13:51.0596 4656 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:13:51.0643 4656 FDResPub - ok
13:13:51.0674 4656 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:13:51.0689 4656 FileInfo - ok
13:13:51.0721 4656 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:13:51.0767 4656 Filetrace - ok
13:13:51.0908 4656 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:13:52.0001 4656 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:13:52.0001 4656 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:13:52.0064 4656 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:13:52.0173 4656 flpydisk - ok
13:13:52.0220 4656 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:13:52.0235 4656 FltMgr - ok
13:13:52.0345 4656 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
13:13:52.0438 4656 FontCache - ok
13:13:52.0516 4656 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:52.0532 4656 FontCache3.0.0.0 - ok
13:13:52.0579 4656 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:13:52.0625 4656 Fs_Rec - ok
13:13:52.0672 4656 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:13:52.0688 4656 gagp30kx - ok
13:13:52.0735 4656 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:13:52.0859 4656 gpsvc - ok
13:13:53.0047 4656 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:53.0078 4656 gupdate - ok
13:13:53.0109 4656 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:53.0140 4656 gupdatem - ok
13:13:53.0187 4656 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:13:53.0218 4656 gusvc - ok
13:13:53.0281 4656 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:13:53.0374 4656 HdAudAddService - ok
13:13:53.0437 4656 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:13:53.0530 4656 HDAudBus - ok
13:13:53.0561 4656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:13:53.0624 4656 HidBth - ok
13:13:53.0655 4656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:13:53.0733 4656 HidIr - ok
13:13:53.0780 4656 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:13:53.0827 4656 hidserv - ok
13:13:53.0858 4656 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
13:13:53.0905 4656 HidUsb - ok
13:13:53.0951 4656 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:13:53.0983 4656 hkmsvc - ok
13:13:54.0014 4656 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:13:54.0029 4656 HpCISSs - ok
13:13:54.0154 4656 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
13:13:54.0201 4656 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:13:54.0201 4656 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:13:54.0232 4656 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
13:13:54.0248 4656 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:13:54.0248 4656 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:13:54.0341 4656 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
13:13:54.0451 4656 HSF_DP - ok
13:13:54.0497 4656 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
13:13:54.0529 4656 HSXHWBS2 - ok
13:13:54.0591 4656 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:13:54.0716 4656 HTTP - ok
13:13:54.0747 4656 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:13:54.0763 4656 i2omp - ok
13:13:54.0841 4656 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:13:54.0856 4656 i8042prt - ok
13:13:54.0887 4656 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:13:54.0934 4656 iaStorV - ok
13:13:55.0043 4656 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:55.0137 4656 idsvc - ok
13:13:55.0199 4656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:13:55.0231 4656 iirsp - ok
13:13:55.0309 4656 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:13:55.0418 4656 IKEEXT - ok
13:13:55.0605 4656 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
13:13:55.0855 4656 IntcAzAudAddService - ok
13:13:56.0026 4656 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:13:56.0042 4656 intelide - ok
13:13:56.0089 4656 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
13:13:56.0245 4656 intelppm - ok
13:13:56.0291 4656 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:13:56.0354 4656 IPBusEnum - ok
13:13:56.0401 4656 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:13:56.0432 4656 IpFilterDriver - ok
13:13:56.0432 4656 IpInIp - ok
13:13:56.0463 4656 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:13:56.0510 4656 IPMIDRV - ok
13:13:56.0557 4656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:13:56.0603 4656 IPNAT - ok
13:13:56.0635 4656 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:13:56.0666 4656 IRENUM - ok
13:13:56.0681 4656 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:13:56.0697 4656 isapnp - ok
13:13:56.0744 4656 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:13:56.0759 4656 iScsiPrt - ok
13:13:56.0791 4656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:13:56.0791 4656 iteatapi - ok
13:13:56.0822 4656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:13:56.0837 4656 iteraid - ok
13:13:56.0853 4656 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:13:56.0869 4656 kbdclass - ok
13:13:56.0900 4656 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
13:13:56.0962 4656 kbdhid - ok
13:13:57.0009 4656 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:13:57.0056 4656 KeyIso - ok
13:13:57.0103 4656 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:13:57.0196 4656 KSecDD - ok
13:13:57.0290 4656 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:13:57.0337 4656 KtmRm - ok
13:13:57.0399 4656 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:13:57.0493 4656 LanmanServer - ok
13:13:57.0539 4656 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:13:57.0586 4656 LanmanWorkstation - ok
13:13:57.0695 4656 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:13:57.0727 4656 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:13:57.0727 4656 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:13:57.0758 4656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:13:57.0820 4656 lltdio - ok
13:13:57.0883 4656 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:13:57.0961 4656 lltdsvc - ok
13:13:58.0007 4656 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:13:58.0117 4656 lmhosts - ok
13:13:58.0179 4656 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:13:58.0210 4656 LSI_FC - ok
13:13:58.0226 4656 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:13:58.0257 4656 LSI_SAS - ok
13:13:58.0288 4656 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:13:58.0319 4656 LSI_SCSI - ok
13:13:58.0351 4656 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:13:58.0366 4656 luafv - ok
13:13:58.0444 4656 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
13:13:58.0460 4656 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:13:58.0460 4656 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:13:58.0491 4656 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:13:58.0507 4656 Mcx2Svc - ok
13:13:58.0616 4656 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:13:58.0631 4656 MDM - ok
13:13:58.0663 4656 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:13:58.0694 4656 mdmxsdk - ok
13:13:58.0741 4656 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:13:58.0756 4656 megasas - ok
13:13:58.0787 4656 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:13:58.0834 4656 MMCSS - ok
13:13:58.0865 4656 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:13:58.0912 4656 Modem - ok
13:13:58.0959 4656 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:13:59.0006 4656 monitor - ok
13:13:59.0068 4656 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
13:13:59.0099 4656 motmodem - ok
13:13:59.0162 4656 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:13:59.0177 4656 mouclass - ok
13:13:59.0209 4656 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
13:13:59.0255 4656 mouhid - ok
13:13:59.0302 4656 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:13:59.0318 4656 MountMgr - ok
13:13:59.0349 4656 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:13:59.0365 4656 mpio - ok
13:13:59.0411 4656 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:13:59.0443 4656 mpsdrv - ok
13:13:59.0489 4656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:13:59.0505 4656 Mraid35x - ok
13:13:59.0536 4656 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:13:59.0552 4656 MRxDAV - ok
13:13:59.0599 4656 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:13:59.0630 4656 mrxsmb - ok
13:13:59.0661 4656 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:13:59.0770 4656 mrxsmb10 - ok
13:13:59.0786 4656 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:13:59.0848 4656 mrxsmb20 - ok
13:13:59.0879 4656 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:13:59.0895 4656 msahci - ok
13:13:59.0926 4656 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:13:59.0942 4656 msdsm - ok
13:13:59.0973 4656 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:14:00.0004 4656 MSDTC - ok
13:14:00.0051 4656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:14:00.0098 4656 Msfs - ok
13:14:00.0160 4656 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:14:00.0176 4656 msisadrv - ok
13:14:00.0238 4656 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:14:00.0332 4656 MSiSCSI - ok
13:14:00.0332 4656 msiserver - ok
13:14:00.0441 4656 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:14:00.0472 4656 MSKSSRV - ok
13:14:00.0503 4656 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:14:00.0519 4656 MSPCLOCK - ok
13:14:00.0535 4656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:14:00.0581 4656 MSPQM - ok
13:14:00.0613 4656 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:14:00.0644 4656 MsRPC - ok
13:14:00.0659 4656 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:14:00.0675 4656 mssmbios - ok
13:14:00.0706 4656 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:14:00.0737 4656 MSTEE - ok
13:14:00.0769 4656 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:14:00.0784 4656 Mup - ok
13:14:00.0831 4656 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:14:00.0893 4656 napagent - ok
13:14:00.0940 4656 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:14:00.0987 4656 NativeWifiP - ok
13:14:01.0034 4656 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:14:01.0096 4656 NDIS - ok
13:14:01.0174 4656 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:14:01.0205 4656 NdisTapi - ok
13:14:01.0237 4656 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:14:01.0283 4656 Ndisuio - ok
13:14:01.0315 4656 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:14:01.0346 4656 NdisWan - ok
13:14:01.0377 4656 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:14:01.0408 4656 NDProxy - ok
13:14:01.0471 4656 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
13:14:01.0471 4656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:14:01.0471 4656 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:14:01.0486 4656 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:14:01.0533 4656 NetBIOS - ok
13:14:01.0580 4656 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:14:01.0642 4656 netbt - ok
13:14:01.0673 4656 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:14:01.0689 4656 Netlogon - ok
13:14:01.0767 4656 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:14:01.0876 4656 Netman - ok
13:14:01.0907 4656 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:14:01.0970 4656 netprofm - ok
13:14:02.0609 4656 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:14:02.0781 4656 NetTcpPortSharing - ok
13:14:03.0202 4656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:14:03.0233 4656 nfrd960 - ok
13:14:03.0296 4656 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:14:03.0358 4656 NlaSvc - ok
13:14:03.0436 4656 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:14:03.0452 4656 Npfs - ok
13:14:03.0608 4656 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:14:03.0717 4656 nsi - ok
13:14:03.0873 4656 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:14:03.0935 4656 nsiproxy - ok
13:14:07.0664 4656 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:14:08.0553 4656 Ntfs - ok
13:14:08.0709 4656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:14:08.0818 4656 ntrigdigi - ok
13:14:09.0005 4656 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:14:09.0130 4656 Null - ok
13:14:15.0776 4656 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:14:17.0866 4656 NVENETFD - ok
13:14:54.0230 4656 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:15:09.0159 4656 nvlddmkm - ok
13:15:16.0149 4656 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:15:16.0196 4656 nvraid - ok
13:15:16.0430 4656 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys
13:15:16.0523 4656 nvstor - ok
13:15:16.0601 4656 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys
13:15:16.0632 4656 nvstor32 - ok
13:15:17.0256 4656 nvsvc (cf7769f13b3ecc5e2bf1b3d1c5831ae8) C:\Windows\system32\nvvsvc.exe
13:15:17.0381 4656 nvsvc - ok
13:15:17.0631 4656 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:15:17.0771 4656 nv_agp - ok
13:15:17.0771 4656 NwlnkFlt - ok
13:15:17.0802 4656 NwlnkFwd - ok
13:15:18.0972 4656 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:15:19.0503 4656 odserv - ok
13:15:19.0986 4656 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:15:20.0142 4656 ohci1394 - ok
13:15:22.0015 4656 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:15:22.0218 4656 ose - ok
13:15:27.0569 4656 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:15:28.0911 4656 p2pimsvc - ok
13:15:28.0942 4656 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:15:29.0113 4656 p2psvc - ok
13:15:30.0003 4656 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:15:30.0221 4656 Parport - ok
13:15:31.0048 4656 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:15:31.0110 4656 partmgr - ok
13:15:31.0438 4656 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:15:31.0703 4656 Parvdm - ok
13:15:32.0062 4656 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:15:32.0577 4656 PcaSvc - ok
13:15:34.0074 4656 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:15:34.0246 4656 pci - ok
13:15:34.0511 4656 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:15:34.0558 4656 pciide - ok
13:15:36.0586 4656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:15:36.0820 4656 pcmcia - ok
13:15:45.0150 4656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:15:45.0649 4656 PEAUTH - ok
13:15:48.0863 4656 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:15:49.0425 4656 pla - ok
13:15:54.0339 4656 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:15:54.0604 4656 PlugPlay - ok
13:15:55.0228 4656 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
13:15:55.0306 4656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:15:55.0306 4656 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:16:00.0782 4656 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:16:01.0859 4656 PNRPAutoReg - ok
13:16:01.0874 4656 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:16:01.0968 4656 PNRPsvc - ok
13:16:04.0214 4656 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:16:04.0573 4656 PolicyAgent - ok
13:16:04.0932 4656 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:16:04.0994 4656 PptpMiniport - ok
13:16:05.0509 4656 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:16:05.0681 4656 Processor - ok
13:16:05.0884 4656 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:16:05.0915 4656 ProfSvc - ok
13:16:06.0102 4656 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:16:06.0118 4656 ProtectedStorage - ok
13:16:06.0523 4656 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
13:16:06.0742 4656 Ps2 - ok
13:16:07.0506 4656 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:16:07.0646 4656 PSched - ok
13:16:08.0021 4656 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
13:16:08.0036 4656 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
13:16:08.0036 4656 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
13:16:13.0247 4656 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:16:14.0261 4656 ql2300 - ok
13:16:15.0384 4656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:16:15.0462 4656 ql40xx - ok
13:16:17.0989 4656 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:16:18.0395 4656 QWAVE - ok
13:16:19.0112 4656 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:16:19.0300 4656 QWAVEdrv - ok
13:16:19.0612 4656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:16:19.0814 4656 RasAcd - ok
13:16:21.0905 4656 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:16:22.0108 4656 RasAuto - ok
13:16:22.0669 4656 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:16:22.0856 4656 Rasl2tp - ok
13:16:24.0884 4656 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:16:24.0994 4656 RasMan - ok
13:16:25.0337 4656 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:16:25.0493 4656 RasPppoe - ok
13:16:25.0711 4656 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:16:25.0789 4656 RasSstp - ok
13:16:27.0396 4656 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:16:27.0599 4656 rdbss - ok
13:16:27.0724 4656 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:16:27.0833 4656 RDPCDD - ok
13:16:29.0050 4656 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:16:29.0206 4656 rdpdr - ok
13:16:29.0299 4656 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:16:29.0346 4656 RDPENCDD - ok
13:16:30.0344 4656 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:16:30.0563 4656 RDPWD - ok
13:16:30.0890 4656 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:16:31.0015 4656 RemoteAccess - ok
13:16:31.0609 4656 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:16:31.0749 4656 RemoteRegistry - ok
13:16:31.0921 4656 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:16:32.0405 4656 RpcLocator - ok
13:16:34.0933 4656 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:16:35.0354 4656 RpcSs - ok
13:16:35.0728 4656 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:16:35.0775 4656 rspndr - ok
13:16:35.0962 4656 ryjqwor (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\fnwg.sys
13:16:35.0978 4656 ryjqwor ( UnsignedFile.Multi.Generic ) - warning
13:16:35.0978 4656 ryjqwor - detected UnsignedFile.Multi.Generic (1)
13:16:36.0181 4656 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:16:36.0228 4656 SamSs - ok
13:16:36.0914 4656 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:16:36.0976 4656 SASDIFSV - ok
13:16:37.0585 4656 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:16:37.0600 4656 SASKUTIL - ok
13:16:37.0897 4656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:16:37.0959 4656 sbp2port - ok
13:16:38.0521 4656 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:16:38.0614 4656 SCardSvr - ok
13:16:39.0940 4656 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:16:40.0471 4656 Schedule - ok
13:16:40.0533 4656 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:16:40.0580 4656 SCPolicySvc - ok
13:16:41.0235 4656 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:16:41.0360 4656 SDRSVC - ok
13:16:43.0747 4656 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:16:43.0762 4656 SeaPort - ok
13:16:43.0965 4656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:16:44.0152 4656 secdrv - ok
13:16:44.0433 4656 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:16:44.0511 4656 seclogon - ok
13:16:45.0369 4656 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:16:45.0478 4656 SENS - ok
13:16:45.0666 4656 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:16:45.0790 4656 Serenum - ok
13:16:46.0118 4656 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:16:46.0227 4656 Serial - ok
13:16:46.0461 4656 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:16:46.0508 4656 sermouse - ok
13:16:47.0116 4656 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:16:47.0241 4656 SessionEnv - ok
13:16:47.0522 4656 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:16:47.0709 4656 sffdisk - ok
13:16:47.0896 4656 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:16:48.0084 4656 sffp_mmc - ok
13:16:48.0286 4656 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:16:48.0411 4656 sffp_sd - ok
13:16:48.0614 4656 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:16:48.0786 4656 sfloppy - ok
13:16:50.0408 4656 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:16:50.0689 4656 ShellHWDetection - ok
13:16:51.0079 4656 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:16:51.0172 4656 sisagp - ok
13:16:51.0328 4656 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:16:51.0360 4656 SiSRaid2 - ok
13:16:52.0140 4656 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:16:52.0280 4656 SiSRaid4 - ok
13:17:01.0297 4656 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:17:05.0041 4656 slsvc - ok
13:17:07.0162 4656 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:17:07.0303 4656 SLUINotify - ok
13:17:08.0067 4656 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:17:08.0114 4656 Smb - ok
13:17:08.0270 4656 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:17:08.0317 4656 SNMPTRAP - ok
13:17:08.0676 4656 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
13:17:08.0707 4656 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
13:17:08.0707 4656 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
13:17:08.0754 4656 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:17:08.0769 4656 spldr - ok
13:17:08.0863 4656 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:17:08.0941 4656 Spooler - ok
13:17:09.0112 4656 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:17:09.0190 4656 srv - ok
13:17:09.0346 4656 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:17:09.0409 4656 srv2 - ok
13:17:09.0456 4656 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:17:09.0471 4656 srvnet - ok
13:17:09.0534 4656 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
13:17:09.0565 4656 sscdbus - ok
13:17:09.0580 4656 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:17:09.0596 4656 sscdmdfl - ok
13:17:09.0627 4656 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
13:17:09.0643 4656 sscdmdm - ok
13:17:09.0674 4656 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
13:17:09.0690 4656 sscdserd - ok
13:17:10.0002 4656 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:17:10.0111 4656 SSDPSRV - ok
13:17:10.0158 4656 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:17:10.0220 4656 SstpSvc - ok
13:17:10.0329 4656 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:17:10.0407 4656 stisvc - ok
13:17:10.0750 4656 stllssvr (d4ce4d370a26ae1bf41be9f69d24d049) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:17:10.0782 4656 stllssvr - ok
13:17:10.0828 4656 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:17:10.0844 4656 swenum - ok
13:17:10.0922 4656 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:17:11.0000 4656 swprv - ok
13:17:11.0000 4656 sxuptp - ok
13:17:11.0047 4656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:17:11.0062 4656 Symc8xx - ok
13:17:11.0078 4656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:17:11.0094 4656 Sym_hi - ok
13:17:11.0125 4656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:17:11.0140 4656 Sym_u3 - ok
13:17:11.0562 4656 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:17:11.0655 4656 SysMain - ok
13:17:11.0702 4656 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:17:11.0780 4656 TabletInputService - ok
13:17:12.0061 4656 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:17:12.0123 4656 TapiSrv - ok
13:17:12.0170 4656 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:17:12.0201 4656 TBS - ok
13:17:12.0654 4656 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:17:12.0732 4656 Tcpip - ok
13:17:12.0747 4656 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:17:12.0810 4656 Tcpip6 - ok
13:17:12.0919 4656 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:17:12.0950 4656 tcpipreg - ok
13:17:12.0997 4656 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:17:13.0044 4656 TDPIPE - ok
13:17:13.0075 4656 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:17:13.0106 4656 TDTCP - ok
13:17:13.0184 4656 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:17:13.0215 4656 tdx - ok
13:17:13.0246 4656 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:17:13.0278 4656 TermDD - ok
13:17:13.0356 4656 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:17:13.0402 4656 TermService - ok
13:17:13.0543 4656 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:17:13.0590 4656 Themes - ok
13:17:13.0652 4656 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:17:13.0683 4656 THREADORDER - ok
13:17:13.0699 4656 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:17:13.0761 4656 TrkWks - ok
13:17:13.0824 4656 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:17:13.0855 4656 TrustedInstaller - ok
13:17:13.0902 4656 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:17:13.0964 4656 tssecsrv - ok
13:17:14.0026 4656 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:17:14.0058 4656 tunmp - ok
13:17:14.0089 4656 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:17:14.0120 4656 tunnel - ok
13:17:14.0182 4656 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:17:14.0198 4656 uagp35 - ok
13:17:14.0214 4656 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:17:14.0276 4656 udfs - ok
13:17:14.0385 4656 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:17:14.0432 4656 UI0Detect - ok
13:17:14.0463 4656 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:17:14.0479 4656 uliagpkx - ok
13:17:14.0494 4656 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:17:14.0526 4656 uliahci - ok
13:17:14.0557 4656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:17:14.0572 4656 UlSata - ok
13:17:14.0588 4656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:17:14.0604 4656 ulsata2 - ok
13:17:14.0635 4656 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:17:14.0682 4656 umbus - ok
13:17:14.0791 4656 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:17:14.0853 4656 upnphost - ok
13:17:14.0884 4656 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:17:14.0916 4656 USBAAPL - ok
13:17:14.0962 4656 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:17:14.0994 4656 usbaudio - ok
13:17:15.0040 4656 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:17:15.0087 4656 usbccgp - ok
13:17:15.0259 4656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:17:15.0337 4656 usbcir - ok
13:17:15.0384 4656 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:17:15.0430 4656 usbehci - ok
13:17:15.0477 4656 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:17:15.0524 4656 usbhub - ok
13:17:15.0555 4656 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:17:15.0586 4656 usbohci - ok
13:17:15.0586 4656 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
13:17:15.0664 4656 usbprint - ok
13:17:15.0711 4656 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:17:15.0727 4656 usbscan - ok
13:17:15.0742 4656 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:17:15.0774 4656 USBSTOR - ok
13:17:15.0805 4656 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:17:15.0867 4656 usbuhci - ok
13:17:15.0898 4656 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:17:15.0930 4656 UxSms - ok
13:17:16.0210 4656 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:17:16.0288 4656 vds - ok
13:17:16.0304 4656 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:17:16.0351 4656 vga - ok
13:17:16.0366 4656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:17:16.0398 4656 VgaSave - ok
13:17:16.0413 4656 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:17:16.0429 4656 viaagp - ok
13:17:16.0460 4656 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:17:16.0522 4656 ViaC7 - ok
13:17:16.0585 4656 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:17:16.0600 4656 viaide - ok
13:17:16.0632 4656 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:17:16.0647 4656 volmgr - ok
13:17:16.0710 4656 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:17:16.0725 4656 volmgrx - ok
13:17:16.0866 4656 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:17:16.0912 4656 volsnap - ok
13:17:16.0959 4656 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:17:16.0975 4656 vsmraid - ok
13:17:17.0053 4656 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:17:17.0209 4656 VSS - ok
13:17:17.0287 4656 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:17:17.0334 4656 W32Time - ok
13:17:17.0427 4656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:17:17.0490 4656 WacomPen - ok
13:17:17.0802 4656 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:17:17.0864 4656 Wanarp - ok
13:17:17.0880 4656 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:17:17.0926 4656 Wanarpv6 - ok
13:17:17.0989 4656 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:17:18.0051 4656 wcncsvc - ok
13:17:18.0098 4656 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:17:18.0129 4656 WcsPlugInService - ok
13:17:18.0192 4656 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:17:18.0192 4656 Wd - ok
13:17:18.0254 4656 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:17:18.0301 4656 Wdf01000 - ok
13:17:18.0332 4656 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:17:18.0363 4656 WdiServiceHost - ok
13:17:18.0379 4656 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:17:18.0410 4656 WdiSystemHost - ok
13:17:18.0660 4656 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:17:18.0706 4656 WebClient - ok
13:17:18.0738 4656 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:17:18.0769 4656 Wecsvc - ok
13:17:18.0816 4656 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:17:18.0878 4656 wercplsupport - ok
13:17:18.0925 4656 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:17:18.0956 4656 WerSvc - ok
13:17:19.0018 4656 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:17:19.0096 4656 winachsf - ok
13:17:19.0112 4656 WinHttpAutoProxySvc - ok
13:17:19.0221 4656 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:17:19.0284 4656 Winmgmt - ok
13:17:19.0627 4656 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:17:19.0783 4656 WinRM - ok
13:17:19.0908 4656 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:17:20.0032 4656 Wlansvc - ok
13:17:20.0188 4656 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:17:20.0298 4656 WmiAcpi - ok
13:17:20.0625 4656 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:17:20.0703 4656 wmiApSrv - ok
13:17:21.0187 4656 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:17:21.0312 4656 WMPNetworkSvc - ok
13:17:21.0390 4656 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:17:21.0452 4656 WPCSvc - ok
13:17:21.0530 4656 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:17:21.0561 4656 WPDBusEnum - ok
13:17:21.0686 4656 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:17:21.0702 4656 WpdUsb - ok
13:17:21.0733 4656 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:17:21.0795 4656 ws2ifsl - ok
13:17:21.0811 4656 WSearch - ok
13:17:22.0029 4656 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:17:22.0154 4656 wuauserv - ok
13:17:22.0310 4656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:17:22.0388 4656 WUDFRd - ok
13:17:22.0497 4656 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:17:22.0528 4656 wudfsvc - ok
13:17:22.0575 4656 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
13:17:22.0591 4656 XAudio - ok
13:17:22.0638 4656 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
13:17:22.0669 4656 XAudioService - ok
13:17:22.0950 4656 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:17:23.0059 4656 YahooAUService - ok
13:17:23.0090 4656 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
13:17:23.0262 4656 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:17:23.0262 4656 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:17:23.0277 4656 Boot (0x1200) (5018e2ce3e0478ba009695899db10f16) \Device\Harddisk0\DR0\Partition0
13:17:23.0277 4656 \Device\Harddisk0\DR0\Partition0 - ok
13:17:23.0293 4656 Boot (0x1200) (c83fb83e25bc24c226da38c40380c01e) \Device\Harddisk0\DR0\Partition1
13:17:23.0293 4656 \Device\Harddisk0\DR0\Partition1 - ok
13:17:23.0293 4656 ============================================================
13:17:23.0293 4656 Scan finished
13:17:23.0293 4656 ============================================================
13:17:23.0308 2380 Detected object count: 11
13:17:23.0308 2380 Actual detected object count: 11
13:18:03.0653 2380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0653 2380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0653 2380 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0653 2380 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0669 2380 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0669 2380 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0669 2380 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0669 2380 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0669 2380 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0669 2380 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0669 2380 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0669 2380 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0684 2380 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0684 2380 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0684 2380 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0684 2380 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0700 2380 ryjqwor ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0700 2380 ryjqwor ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0700 2380 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:03.0700 2380 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:03.0700 2380 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:18:03.0700 2380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:19:36.0473 5608 Deinitialize success
-
Recently I ran a scan and Malwarebytes found the following trojan.small, trojan.sirefef, and rootkit.0access. I went through the removal procedures as the program required but after rebooting and another scan it was still there. Any help with removing these would be much appreciated.
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.26.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Michael&Mary :: MMSCOMP [administrator]
6/26/2012 11:28:01 AM
mbam-log-2012-06-26 (11-28-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205497
Time elapsed: 7 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7545cdec-4528-ad10-63ef-2b0029fa9fc4}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272
Run by Michael&Mary at 11:55:10 on 2012-06-26
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UserZoomBHO Class: {246e2928-34b8-48d9-be73-38ba37241e5b} - c:\windows\downloaded program
files\UserZoom.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google
toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program
files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web
printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google
toolbar\GoogleToolbar_32.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default
manager\DefMgr.exe" -resume
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-
packard\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11
\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital
imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b
-a074-469358f075a6/OGAControl.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} -
hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.commissarycoupons.com/scriptx/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-
9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} -
hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} -
hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} -
hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://myspace.oberon-media.com/gameshell/games/channel--
110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -
hxxp://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-
i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-
i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} -
hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
DPF: {D9944C1C-C6BB-4E90-8E37-55F9FFABC6B8} - hxxps://server.userzoom.com/uz/UserZoom.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EEA3945F-2702-45A0-BBE1-BC88E252AED1} - hxxp://www.lifetimetv.com/games/dinerdash/DDPrilosec.1.0.0.30.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} -
hxxp://download.dinerdash.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C6F86646-8A1F-4FA3-B4AF-7531341EE00D} : DhcpNameServer = 192.168.2.1
Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design
science\mathplayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design
science\mathplayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design
science\mathplayer\MathMLMimer.dll
Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design
science\mathplayer\MathMLMimer.dll
Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design
science\mathplayer\MathMLMimer.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program
files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32
\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-06-26 16:53:59 54016 ----a-w- c:\windows\system32\drivers\fnwg.sys
2012-06-26 16:27:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-22 12:32:40 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 12:32:14 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 12:32:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 12:32:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 17:07:06 -------- d-----w- c:\program files\Sibelius Software
.
==================== Find3M ====================
.
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-05 00:27:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 00:27:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2007-10-28 19:57:08 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 11:55:36.72 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.3)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIO_Scan
Amazon Kindle
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Audacity 1.2.6
AutoUpdate
AVG 2012
Bing Bar
Bing Rewards Client Installer
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
CCleaner
Citrix Presentation Server Web Client for Win32
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
Creative System Information
Creative ZEN
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX
DocProc
DocProcQFolder
e-Sword
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Eye Candy 4000
Feedback Tool
Free Window Registry Repair
Funnix Begin Reading 1-40
GOM Player
Google Desktop Search
Google Toolbar for Internet Explorer
Google Update Helper
Graphmatica
Hardware Diagnostic Tools
honestech Audio Recorder 2.0 Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
Internet Explorer (Enable DEP)
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java 6 Update 2
Java 6 Update 23
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Java SE Runtime Environment 6
Java SE Runtime Environment 6 Update 1
LightScribe 1.4.124.1
Macromedia Dreamweaver 8
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX
Malwarebytes Anti-Malware version 1.61.0.1400
Master Your CDC 3.0
Math Mechanixs
Math Trek 1, 2, 3
Math Trek 4, 5, 6
MathPlayer
MathType 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobTime Cell Phone Manager V6.6.5
Monopoly Here & Now Edition (remove only)
Motorola Driver Installation 3.2.0
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multiplex 1.0
muvee autoProducer 5.0
MyDefrag v4.2.7
NOOK for PC
NVIDIA Drivers
OcxSetup
OGA Notifier 2.0.0048.0
Oracle JInitiator 1.3.1.17
PDF Settings
PDG Gold 4.0
PDG GOLD NCO - 2011
Phonics
Power Tab Editor 1.7
PRS-500 USB driver
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
PureEdge Viewer 6.5
Python 2.4.3
QuickTime
QuickTime Alternative 1.81
Reader Library by Sony
Reading
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.94
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sibelius Scorch (ActiveX Only)
SimCity 4 Deluxe
Soft Data Fax Modem with SmartCP
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware
Toolbox
TrayApp
Trigonometry Solved!
TweakNow PowerPack 2010
TweakNow RegCleaner
UMS 9.9 equation
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx Support Manager for Internet Explorer
WebReg
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
WinRAR archiver
Yahoo! BrowserPlus 2.8.1
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
ZENcast Organizer
.
==== End Of File ===========================
Help with trojan.small, trojan.sirefef, and rootkit.0access removal
in Resolved Malware Removal Logs
Posted
The message said "An unauthorized change was made to Windows. You must retype your Windows Vista product key to activate." When I input the product key it says it's invalid. The error code is 0xC004E003 which is "The software licensing service reported that license evaluation failed."