Jump to content

Recommended Posts

Trying to clean up a friend's computer. He has Avast Internet Security and a boot time scan found and removed two Java based infections. Malwarebytes finds no problems. However, Combofix keeps reporting that:

Infected copy of c:\windows\System32\xpsrchvw.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835\xpsrchvw.exe

Subsequent Combofix scans continue to detect the same infection, restoring the copy and claiming success.

I would appreciate any help on this. Below is the Combofix report from the most recent run.

==========================

ComboFix 13-02-03.03 - B Equip 02/05/2013 11:21:47.9.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.3324 [GMT -8:00]

Running from: c:\temp\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\System32\xpsrchvw.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835\xpsrchvw.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))

.

.

2013-02-05 19:25 . 2013-02-05 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-05 18:40 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5272D237-D156-40DC-AB99-2EC05D7234B5}\mpengine.dll

2013-02-05 00:17 . 2013-02-05 00:17 -------- d-----w- c:\users\B Equipment\AppData\Roaming\Malwarebytes

2013-02-05 00:17 . 2013-02-05 00:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-05 00:17 . 2013-02-05 00:17 -------- d-----w- c:\programdata\Malwarebytes

2013-02-05 00:17 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-05 00:16 . 2013-02-05 00:16 -------- d-----w- c:\users\B Equipment\AppData\Local\Programs

2013-02-04 21:39 . 2013-02-05 04:43 -------- d-----w- C:\temp

2013-02-04 21:16 . 2013-02-04 21:16 -------- d-----w- c:\program files (x86)\VS Revo Group

2013-01-09 14:46 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-17 09:28 . 2010-12-17 18:35 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-10 05:22 . 2009-11-17 14:07 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-09 14:31 . 2012-04-04 15:14 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-09 14:31 . 2011-05-13 14:49 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-16 17:11 . 2012-12-22 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-02 00:35 . 2010-01-29 05:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-12-02 00:34 . 2010-05-19 02:36 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-12-02 00:34 . 2010-05-19 02:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-11-30 04:45 . 2013-01-09 14:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-20 18:37 . 2009-11-14 19:13 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-11-20 18:37 . 2010-06-03 03:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-11-20 17:36 . 2009-11-14 19:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-11-14 07:06 . 2012-12-13 11:02 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 11:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 11:02 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 11:02 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 11:02 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 11:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 11:02 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 11:02 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 11:02 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 11:02 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 11:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 11:02 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 11:02 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 11:02 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 11:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 11:02 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 11:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 11:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 11:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 11:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 11:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 11:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-12 20:07 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-12 20:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-08 19:29 . 2012-11-08 19:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-08-28 46368]

"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-08-28 29984]

"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]

"PDFHook"="c:\program files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe" [2009-08-26 1365280]

"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDFViewerPlus\RegistryController.exe" [2009-08-26 62752]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-28 5550840]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

.

c:\users\Beaver Equipment\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-12 3246040]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-15 203264]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2012-10-30 133912]

R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2009-01-21 65536]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-08-28 144672]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-08-12 285280]

R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-10 16032]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-10 50208]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-01-10 12368]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-08-12 1263200]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-24 22:57 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:31]

.

2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 20:34]

.

2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 20:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-18 03:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-18 03:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-18 03:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-18 03:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [bU]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 390728]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/webhp?rls=ig

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

Trusted Zone: netflix.com\www

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-02-05 11:30:32 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-05 19:30

ComboFix2.txt 2013-02-05 19:16

ComboFix3.txt 2013-02-05 06:01

ComboFix4.txt 2013-02-05 03:03

ComboFix5.txt 2013-02-05 19:21

.

Pre-Run: 537,046,773,760 bytes free

Post-Run: 536,758,116,352 bytes free

.

- - End Of File - - 43A71157110AB13ED86F8D71D0D0D75D

DDS Log

=====================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16457

Run by B Equipment at 17:04:28 on 2013-02-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.3267 [GMT -8:00]

.

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/webhp?rls=ig

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRunOnce: [Z1] cmd /c "C:\Users\B Equipment\Downloads\mbar-1.01.0.1017\mbar\mbar.exe" /cleanup /s

dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

StartupFolder: C:\Users\B~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\B~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.logging.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cstindustries.webex.com/client/T27LB/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{DDAD32C1-F043-439F-BE3B-C97351DAE33B} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2011-1-11 12368]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2011-1-11 262656]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-4 55280]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2010-12-29 1263200]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2011-1-11 132864]

R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-2-25 21136]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-4 317480]

S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-1-11 984144]

S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-11 370288]

S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-4 92160]

S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-8-12 3246040]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-4 203264]

S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-11 25232]

S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-11 71600]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-13 44808]

S2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2012-11-13 133912]

S2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2009-11-15 65536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-8-27 144672]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-8-12 285280]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-5 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]

S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-9 16032]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-9 50208]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2013-02-05 19:27:03 -------- d-----w- C:\$RECYCLE.BIN

2013-02-05 18:40:37 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5272D237-D156-40DC-AB99-2EC05D7234B5}\mpengine.dll

2013-02-05 01:42:40 256000 ----a-w- C:\Windows\PEV.exe

2013-02-05 01:42:40 208896 ----a-w- C:\Windows\MBR.exe

2013-02-05 01:42:39 98816 ----a-w- C:\Windows\sed.exe

2013-02-05 00:17:25 -------- d-----w- C:\Users\B Equipment\AppData\Roaming\Malwarebytes

2013-02-05 00:17:15 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-05 00:17:15 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-05 00:17:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-05 00:16:58 -------- d-----w- C:\Users\B Equipment\AppData\Local\Programs

2013-02-04 21:39:48 -------- d-----w- C:\temp

2013-02-04 21:16:38 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2013-01-09 14:46:53 424448 ----a-w- C:\Windows\System32\KernelBase.dll

.

==================== Find3M ====================

.

2013-01-17 09:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 14:31:29 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-09 14:31:29 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-08 19:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll

.

============= FINISH: 17:05:18.16 ===============

Link to post
Share on other sites

Hello ocdan,

It is best that "your friend" joing the forum and work this case directly. Going thru a middle-man is not the best way.

Secondly, eusa_hand.gif use of Combofix by untrained folks is ill-advised and may lead to turning a system unbootable. i_rolleyes.gif

Has this system been fully scanned with an up-to-date antivirus ?

Do the following:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Hi Maurice,

Thanks for your help. This really is a friends computer. He left it with me, which is why I'm the one seeking help. I do have a image backup of the drive, just in case, but I appreciate your warning regarding Combofix.

FRST results:

=====================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02

Ran by SYSTEM at 06-02-2013 08:29:20

Running from J:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)

HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]

HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390728 2010-12-06] (Acronis)

HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2009-08-27] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2009-08-27] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [362 2013-02-05] ()

HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe [1365280 2009-08-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe [62752 2009-08-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5550840 2011-06-27] (Acronis)

HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)

HKU\B Equipment\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)

HKU\B Equipment\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16328976 2012-12-17] (Google)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\B Equipment\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\B Equipment\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1112240 2010-12-06] (Acronis)

2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-08-12] (Acronis)

2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)

2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [133912 2012-10-30] (AVAST Software)

2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2009-01-21] ()

2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2009-08-27] (Nuance Communications, Inc.)

2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)

1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [132864 2012-10-30] (AVAST Software)

1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)

0 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12368 2011-01-10] (ALWIL Software)

0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [262656 2012-10-30] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)

0 PxHelp20; C:\Windows\SysWow64\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions)

1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-02-05 17:05 - 2013-02-05 17:05 - 00021780 ____A C:\Users\B Equipment\Desktop\attach.txt

2013-02-05 17:05 - 2013-02-05 17:05 - 00019295 ____A C:\Users\B Equipment\Desktop\dds.txt

2013-02-05 17:01 - 2013-02-05 17:01 - 00688992 ____R (Swearware) C:\Users\B Equipment\Desktop\dds.com

2013-02-05 14:31 - 2013-02-05 14:31 - 13562257 ____A C:\Users\B Equipment\Downloads\mbar-1.01.0.1017.zip

2013-02-05 14:31 - 2013-02-05 14:31 - 00000000 ____D C:\Users\B Equipment\Downloads\mbar-1.01.0.1017

2013-02-05 11:30 - 2013-02-05 11:30 - 00020671 ____A C:\ComboFix.txt

2013-02-04 18:41 - 2013-02-04 18:42 - 00270672 ____A C:\Windows\Minidump\020413-27393-01.dmp

2013-02-04 17:42 - 2013-02-05 11:30 - 00000000 ____D C:\Qoobox

2013-02-04 17:42 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2013-02-04 17:42 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2013-02-04 17:42 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-02-04 17:42 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-02-04 17:42 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2013-02-04 17:42 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2013-02-04 17:42 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2013-02-04 16:17 - 2013-02-04 16:17 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-04 16:17 - 2013-02-04 16:17 - 00000000 ____D C:\Users\B Equipment\AppData\Roaming\Malwarebytes

2013-02-04 16:17 - 2013-02-04 16:17 - 00000000 ____D C:\Users\All Users\Malwarebytes

2013-02-04 16:17 - 2013-02-04 16:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-04 16:17 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-02-04 14:26 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-02-04 14:25 - 2013-02-05 11:27 - 00000000 ____D C:\Windows\erdnt

2013-02-04 13:40 - 2013-02-04 20:43 - 00002470 ____A C:\Users\B Equipment\Desktop\Rkill.txt

2013-02-04 13:40 - 2013-02-04 13:40 - 00000000 ____D C:\Users\B Equipment\Desktop\rkill

2013-02-04 13:16 - 2013-02-04 13:16 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\B Equipment\Downloads\revosetup.exe

2013-02-04 13:16 - 2013-02-04 13:16 - 00001266 ____A C:\Users\B Equipment\Desktop\Revo Uninstaller.lnk

2013-02-04 13:16 - 2013-02-04 13:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-02-04 13:08 - 2013-02-04 13:09 - 00271600 ____A C:\Windows\Minidump\020413-26270-01.dmp

2013-01-31 10:52 - 2013-01-31 10:52 - 00349176 ____A C:\Users\B Equipment\Downloads\348_38-MGD-_2013-01-31-10-52-29_12109.zip

2013-01-17 18:58 - 2013-01-17 18:58 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle

2013-01-17 18:58 - 2013-01-17 18:58 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle

2013-01-17 14:17 - 2013-01-17 14:17 - 00274912 ____A C:\Windows\Minidump\011713-30404-01.dmp

2013-01-09 21:20 - 2013-01-09 21:21 - 00260426 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-01-09 06:47 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll

2013-01-09 06:47 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2013-01-09 06:47 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2013-01-09 06:47 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll

2013-01-09 06:47 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs

2013-01-09 06:47 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs

2013-01-09 06:47 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs

2013-01-09 06:47 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs

2013-01-09 06:47 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs

2013-01-09 06:47 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs

2013-01-09 06:47 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs

2013-01-09 06:47 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs

2013-01-09 06:47 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs

2013-01-09 06:47 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs

2013-01-09 06:47 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs

2013-01-09 06:47 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs

2013-01-09 06:47 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs

2013-01-09 06:47 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs

2013-01-09 06:47 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs

2013-01-09 06:47 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll

2013-01-09 06:47 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2013-01-09 06:47 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-01-09 06:47 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-01-09 06:47 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-01-09 06:47 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-01-09 06:47 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-01-09 06:47 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2013-01-09 06:47 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2013-01-09 06:47 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2013-01-09 06:46 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-01-09 06:46 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-01-09 06:46 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-01-09 06:46 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-01-09 06:46 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-01-09 06:46 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-01-09 06:46 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-01-09 06:46 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-01-09 06:46 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-01-09 06:46 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-01-09 06:46 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-01-09 06:46 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-01-09 06:46 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-01-09 06:46 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-01-09 06:46 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls

2013-01-09 06:46 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls

2013-01-09 06:46 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-01-09 06:46 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe

==================== One Month Modified Files and Folders =======

2013-02-06 08:21 - 2013-02-06 08:20 - 00000000 ____D C:\FRST

2013-02-06 08:17 - 2012-12-18 10:59 - 00000000 ___SD C:\Users\B Equipment\Google Drive

2013-02-06 08:16 - 2011-12-23 12:34 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-02-06 08:16 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-02-06 08:16 - 2009-07-13 20:51 - 00112932 ____A C:\Windows\setupact.log

2013-02-05 17:05 - 2013-02-05 17:05 - 00021780 ____A C:\Users\B Equipment\Desktop\attach.txt

2013-02-05 17:05 - 2013-02-05 17:05 - 00019295 ____A C:\Users\B Equipment\Desktop\dds.txt

2013-02-05 17:01 - 2013-02-05 17:01 - 00688992 ____R (Swearware) C:\Users\B Equipment\Desktop\dds.com

2013-02-05 14:31 - 2013-02-05 14:31 - 13562257 ____A C:\Users\B Equipment\Downloads\mbar-1.01.0.1017.zip

2013-02-05 14:31 - 2013-02-05 14:31 - 00000000 ____D C:\Users\B Equipment\Downloads\mbar-1.01.0.1017

2013-02-05 11:30 - 2013-02-05 11:30 - 00020671 ____A C:\ComboFix.txt

2013-02-05 11:30 - 2013-02-04 17:42 - 00000000 ____D C:\Qoobox

2013-02-05 11:27 - 2013-02-04 14:25 - 00000000 ____D C:\Windows\erdnt

2013-02-05 11:27 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2013-02-05 11:26 - 2009-11-04 05:15 - 00547190 ____A C:\Windows\PFRO.log

2013-02-05 11:03 - 2009-07-13 21:10 - 01416148 ____A C:\Windows\WindowsUpdate.log

2013-02-05 10:56 - 2011-12-23 12:34 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-02-05 10:46 - 2012-04-04 07:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-02-05 10:43 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-02-05 10:43 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-02-04 21:39 - 2012-04-05 05:53 - 00000000 ____D C:\Windows\Minidump

2013-02-04 21:39 - 2012-04-05 05:52 - 2045885259 ____A C:\Windows\MEMORY.DMP

2013-02-04 20:43 - 2013-02-04 13:40 - 00002470 ____A C:\Users\B Equipment\Desktop\Rkill.txt

2013-02-04 18:48 - 2009-07-13 21:13 - 00736642 ____A C:\Windows\System32\PerfStringBackup.INI

2013-02-04 18:42 - 2013-02-04 18:41 - 00270672 ____A C:\Windows\Minidump\020413-27393-01.dmp

2013-02-04 16:17 - 2013-02-04 16:17 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-04 16:17 - 2013-02-04 16:17 - 00000000 ____D C:\Users\B Equipment\AppData\Roaming\Malwarebytes

2013-02-04 16:17 - 2013-02-04 16:17 - 00000000 ____D C:\Users\All Users\Malwarebytes

2013-02-04 16:17 - 2013-02-04 16:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-04 14:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2013-02-04 14:31 - 2009-11-12 17:04 - 00000000 ____D C:\users\B Equipment

2013-02-04 13:40 - 2013-02-04 13:40 - 00000000 ____D C:\Users\B Equipment\Desktop\rkill

2013-02-04 13:16 - 2013-02-04 13:16 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\B Equipment\Downloads\revosetup.exe

2013-02-04 13:16 - 2013-02-04 13:16 - 00001266 ____A C:\Users\B Equipment\Desktop\Revo Uninstaller.lnk

2013-02-04 13:16 - 2013-02-04 13:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-02-04 13:12 - 2011-01-11 06:09 - 00001971 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk

2013-02-04 13:12 - 2010-12-17 10:47 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2013-02-04 13:09 - 2013-02-04 13:08 - 00271600 ____A C:\Windows\Minidump\020413-26270-01.dmp

2013-02-04 12:55 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-02-04 12:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-02-01 14:42 - 2012-04-11 14:53 - 00097701 ____A C:\Users\B Equipment\Documents\BESCO Master Project List.xlsx

2013-02-01 11:09 - 2013-01-02 10:52 - 03353930 ____A C:\Users\B Equipment\Desktop\Varec US List Jan2013.xlsm

2013-01-31 10:52 - 2013-01-31 10:52 - 00349176 ____A C:\Users\B Equipment\Downloads\348_38-MGD-_2013-01-31-10-52-29_12109.zip

2013-01-30 19:19 - 2009-12-01 10:12 - 00000000 ____A C:\Users\B Equipment\Documents\Nuance Image Printer Writer Port

2013-01-24 14:58 - 2012-08-28 17:01 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-01-22 16:49 - 2012-01-17 15:41 - 00021745 ____A C:\Users\B Equipment\Documents\Mileage 2012.xlsx

2013-01-17 18:58 - 2013-01-17 18:58 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle

2013-01-17 18:58 - 2013-01-17 18:58 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle

2013-01-17 18:58 - 2012-02-07 11:49 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-01-17 18:58 - 2012-02-07 11:49 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-01-17 14:17 - 2013-01-17 14:17 - 00274912 ____A C:\Windows\Minidump\011713-30404-01.dmp

2013-01-17 01:28 - 2010-12-17 10:35 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-01-10 19:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-01-10 09:58 - 2009-07-13 20:45 - 00452800 ____A C:\Windows\System32\FNTCACHE.DAT

2013-01-09 21:28 - 2009-11-04 03:24 - 00000000 ____D C:\Users\All Users\Microsoft Help

2013-01-09 21:22 - 2009-11-17 06:07 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-01-09 21:21 - 2013-01-09 21:20 - 00260426 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-01-09 06:31 - 2012-04-04 07:14 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-01-09 06:31 - 2011-05-13 06:49 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-01-07 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-04 18:50:48

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 4087.12 MB

Available physical RAM: 3454.14 MB

Total Pagefile: 4085.27 MB

Available Pagefile: 3441.93 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:499.77 GB) NTFS

7 Drive j: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.61 GB) FAT32

8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

9 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.5 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 596 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 Online 3745 MB 0 B

Partitions of Disk 0:

===============

Disk ID: E05EAAD9

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 581 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 581 GB Healthy

=========================================================

Partitions of Disk 5:

===============

Disk ID: C3072E18

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 5

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 7 J KINGSTON FAT32 Removable 3741 MB Healthy

=========================================================

Last Boot: 2013-02-04 19:20

==================== End Of Log =============================

Link to post
Share on other sites

Save and disconnect and put aside the USB-flash drive.

Restart Windows in normal mode.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Had only tried TDSSKiller previously (no infected objects found). I did download a fresh copy for this scan.

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 10:22:35

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : B Equipment - BEQUIPMENT

# Boot Mode : Normal

# Running from : C:\Users\B Equipment\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Users\B Equipment\AppData\LocalLow\Conduit

Folder Found : C:\Users\B Equipment\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2399412

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\B Equipment\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1044 octets] - [06/02/2013 10:22:35]

########## EOF - C:\AdwCleaner[R1].txt - [1104 octets] ##########

===============================================

TDSSKiller Report

===============================================

10:27:16.0231 2880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

10:27:16.0697 2880 ============================================================

10:27:16.0697 2880 Current date / time: 2013/02/06 10:27:16.0697

10:27:16.0697 2880 SystemInfo:

10:27:16.0697 2880

10:27:16.0698 2880 OS Version: 6.1.7601 ServicePack: 1.0

10:27:16.0698 2880 Product type: Workstation

10:27:16.0698 2880 ComputerName: BEQUIPMENT

10:27:16.0698 2880 UserName: B Equipment

10:27:16.0698 2880 Windows directory: C:\Windows

10:27:16.0698 2880 System windows directory: C:\Windows

10:27:16.0698 2880 Running under WOW64

10:27:16.0698 2880 Processor architecture: Intel x64

10:27:16.0698 2880 Number of processors: 4

10:27:16.0698 2880 Page size: 0x1000

10:27:16.0698 2880 Boot type: Normal boot

10:27:16.0698 2880 ============================================================

10:27:17.0437 2880 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:27:17.0462 2880 ============================================================

10:27:17.0462 2880 \Device\Harddisk0\DR0:

10:27:17.0471 2880 MBR partitions:

10:27:17.0471 2880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

10:27:17.0471 2880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0

10:27:17.0471 2880 ============================================================

10:27:17.0505 2880 C: <-> \Device\Harddisk0\DR0\Partition2

10:27:17.0505 2880 ============================================================

10:27:17.0505 2880 Initialize success

10:27:17.0505 2880 ============================================================

10:27:32.0222 2156 ============================================================

10:27:32.0222 2156 Scan started

10:27:32.0222 2156 Mode: Manual;

10:27:32.0222 2156 ============================================================

10:27:32.0583 2156 ================ Scan system memory ========================

10:27:32.0583 2156 System memory - ok

10:27:32.0583 2156 ================ Scan services =============================

10:27:32.0690 2156 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

10:27:32.0692 2156 1394ohci - ok

10:27:32.0711 2156 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

10:27:32.0714 2156 ACPI - ok

10:27:32.0720 2156 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

10:27:32.0721 2156 AcpiPmi - ok

10:27:32.0827 2156 [ 2017D497D1F099CB74671539AAACADC3 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

10:27:32.0836 2156 AcrSch2Svc - ok

10:27:32.0913 2156 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:27:32.0914 2156 AdobeARMservice - ok

10:27:33.0021 2156 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:27:33.0022 2156 AdobeFlashPlayerUpdateSvc - ok

10:27:33.0068 2156 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

10:27:33.0073 2156 adp94xx - ok

10:27:33.0096 2156 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

10:27:33.0099 2156 adpahci - ok

10:27:33.0106 2156 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

10:27:33.0108 2156 adpu320 - ok

10:27:33.0132 2156 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

10:27:33.0133 2156 AeLookupSvc - ok

10:27:33.0201 2156 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

10:27:33.0202 2156 AERTFilters - ok

10:27:33.0243 2156 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys

10:27:33.0244 2156 afcdp - ok

10:27:33.0318 2156 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

10:27:33.0344 2156 afcdpsrv - ok

10:27:33.0386 2156 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

10:27:33.0390 2156 AFD - ok

10:27:33.0414 2156 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

10:27:33.0415 2156 agp440 - ok

10:27:33.0442 2156 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

10:27:33.0443 2156 ALG - ok

10:27:33.0459 2156 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

10:27:33.0459 2156 aliide - ok

10:27:33.0490 2156 [ FC07CEAF07E33344628C4415FAAE3469 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

10:27:33.0491 2156 AMD External Events Utility - ok

10:27:33.0498 2156 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

10:27:33.0499 2156 amdide - ok

10:27:33.0522 2156 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

10:27:33.0523 2156 AmdK8 - ok

10:27:33.0534 2156 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

10:27:33.0535 2156 AmdPPM - ok

10:27:33.0547 2156 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

10:27:33.0548 2156 amdsata - ok

10:27:33.0560 2156 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

10:27:33.0562 2156 amdsbs - ok

10:27:33.0584 2156 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

10:27:33.0584 2156 amdxata - ok

10:27:33.0620 2156 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

10:27:33.0621 2156 AppID - ok

10:27:33.0651 2156 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

10:27:33.0652 2156 AppIDSvc - ok

10:27:33.0682 2156 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

10:27:33.0683 2156 Appinfo - ok

10:27:33.0724 2156 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

10:27:33.0726 2156 arc - ok

10:27:33.0737 2156 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

10:27:33.0738 2156 arcsas - ok

10:27:33.0773 2156 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

10:27:33.0773 2156 aswFsBlk - ok

10:27:33.0806 2156 [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW C:\Windows\system32\drivers\aswFW.sys

10:27:33.0806 2156 aswFW - ok

10:27:33.0854 2156 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys

10:27:33.0854 2156 aswKbd - ok

10:27:33.0898 2156 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

10:27:33.0898 2156 aswMonFlt - ok

10:27:33.0935 2156 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys

10:27:33.0935 2156 aswNdis - ok

10:27:33.0980 2156 [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys

10:27:33.0982 2156 aswNdis2 - ok

10:27:34.0017 2156 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys

10:27:34.0017 2156 aswRdr - ok

10:27:34.0059 2156 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

10:27:34.0063 2156 aswSnx - ok

10:27:34.0073 2156 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys

10:27:34.0075 2156 aswSP - ok

10:27:34.0120 2156 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

10:27:34.0120 2156 aswTdi - ok

10:27:34.0161 2156 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

10:27:34.0162 2156 AsyncMac - ok

10:27:34.0187 2156 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

10:27:34.0187 2156 atapi - ok

10:27:34.0303 2156 [ 80793852021864A9ED344843EEBA5FDB ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

10:27:34.0353 2156 atikmdag - ok

10:27:34.0399 2156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

10:27:34.0405 2156 AudioEndpointBuilder - ok

10:27:34.0412 2156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

10:27:34.0416 2156 AudioSrv - ok

10:27:34.0484 2156 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

10:27:34.0485 2156 avast! Antivirus - ok

10:27:34.0528 2156 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\Alwil Software\Avast5\afwServ.exe

10:27:34.0529 2156 avast! Firewall - ok

10:27:34.0596 2156 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

10:27:34.0615 2156 AxInstSV - ok

10:27:34.0701 2156 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

10:27:34.0726 2156 b06bdrv - ok

10:27:34.0737 2156 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

10:27:34.0740 2156 b57nd60a - ok

10:27:34.0782 2156 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

10:27:34.0784 2156 BDESVC - ok

10:27:34.0792 2156 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

10:27:34.0792 2156 Beep - ok

10:27:34.0844 2156 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

10:27:34.0851 2156 BFE - ok

10:27:34.0898 2156 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

10:27:34.0904 2156 BITS - ok

10:27:34.0938 2156 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

10:27:34.0938 2156 blbdrive - ok

10:27:34.0967 2156 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

10:27:34.0969 2156 bowser - ok

10:27:35.0037 2156 [ AD5D76B93B7A277CBDB964BF678F9633 ] BRA_Scheduler C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe

10:27:35.0038 2156 BRA_Scheduler - ok

10:27:35.0047 2156 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:27:35.0048 2156 BrFiltLo - ok

10:27:35.0059 2156 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:27:35.0060 2156 BrFiltUp - ok

10:27:35.0078 2156 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

10:27:35.0079 2156 BridgeMP - ok

10:27:35.0100 2156 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

10:27:35.0101 2156 Browser - ok

10:27:35.0145 2156 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys

10:27:35.0148 2156 Brserid - ok

10:27:35.0162 2156 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

10:27:35.0163 2156 BrSerWdm - ok

10:27:35.0172 2156 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

10:27:35.0173 2156 BrUsbMdm - ok

10:27:35.0183 2156 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys

10:27:35.0184 2156 BrUsbSer - ok

10:27:35.0205 2156 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

10:27:35.0206 2156 BTHMODEM - ok

10:27:35.0244 2156 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

10:27:35.0245 2156 bthserv - ok

10:27:35.0252 2156 catchme - ok

10:27:35.0266 2156 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

10:27:35.0268 2156 cdfs - ok

10:27:35.0302 2156 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

10:27:35.0304 2156 cdrom - ok

10:27:35.0346 2156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

10:27:35.0347 2156 CertPropSvc - ok

10:27:35.0385 2156 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

10:27:35.0386 2156 circlass - ok

10:27:35.0413 2156 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

10:27:35.0416 2156 CLFS - ok

10:27:35.0472 2156 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:27:35.0473 2156 clr_optimization_v2.0.50727_32 - ok

10:27:35.0511 2156 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:27:35.0513 2156 clr_optimization_v2.0.50727_64 - ok

10:27:35.0593 2156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:27:35.0594 2156 clr_optimization_v4.0.30319_32 - ok

10:27:35.0612 2156 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:27:35.0613 2156 clr_optimization_v4.0.30319_64 - ok

10:27:35.0647 2156 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

10:27:35.0648 2156 CmBatt - ok

10:27:35.0672 2156 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

10:27:35.0672 2156 cmdide - ok

10:27:35.0704 2156 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

10:27:35.0707 2156 CNG - ok

10:27:35.0717 2156 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

10:27:35.0718 2156 Compbatt - ok

10:27:35.0737 2156 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

10:27:35.0737 2156 CompositeBus - ok

10:27:35.0743 2156 COMSysApp - ok

10:27:35.0751 2156 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

10:27:35.0752 2156 crcdisk - ok

10:27:35.0780 2156 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

10:27:35.0782 2156 CryptSvc - ok

10:27:35.0816 2156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

10:27:35.0822 2156 DcomLaunch - ok

10:27:35.0852 2156 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

10:27:35.0855 2156 defragsvc - ok

10:27:35.0880 2156 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

10:27:35.0881 2156 DfsC - ok

10:27:35.0904 2156 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

10:27:35.0907 2156 Dhcp - ok

10:27:35.0929 2156 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

10:27:35.0930 2156 discache - ok

10:27:35.0957 2156 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

10:27:35.0958 2156 Disk - ok

10:27:35.0987 2156 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

10:27:35.0990 2156 Dnscache - ok

10:27:36.0041 2156 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

10:27:36.0042 2156 DockLoginService - ok

10:27:36.0074 2156 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

10:27:36.0077 2156 dot3svc - ok

10:27:36.0106 2156 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

10:27:36.0109 2156 DPS - ok

10:27:36.0132 2156 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

10:27:36.0132 2156 drmkaud - ok

10:27:36.0175 2156 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

10:27:36.0180 2156 DXGKrnl - ok

10:27:36.0216 2156 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

10:27:36.0218 2156 EapHost - ok

10:27:36.0281 2156 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

10:27:36.0309 2156 ebdrv - ok

10:27:36.0335 2156 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

10:27:36.0337 2156 EFS - ok

10:27:36.0390 2156 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

10:27:36.0397 2156 ehRecvr - ok

10:27:36.0426 2156 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

10:27:36.0428 2156 ehSched - ok

10:27:36.0466 2156 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

10:27:36.0470 2156 elxstor - ok

10:27:36.0507 2156 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

10:27:36.0507 2156 ErrDev - ok

10:27:36.0548 2156 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

10:27:36.0552 2156 EventSystem - ok

10:27:36.0563 2156 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

10:27:36.0565 2156 exfat - ok

10:27:36.0581 2156 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

10:27:36.0583 2156 fastfat - ok

10:27:36.0618 2156 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

10:27:36.0624 2156 Fax - ok

10:27:36.0627 2156 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

10:27:36.0628 2156 fdc - ok

10:27:36.0639 2156 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

10:27:36.0640 2156 fdPHost - ok

10:27:36.0650 2156 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

10:27:36.0652 2156 FDResPub - ok

10:27:36.0673 2156 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

10:27:36.0673 2156 FileInfo - ok

10:27:36.0680 2156 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

10:27:36.0681 2156 Filetrace - ok

10:27:36.0683 2156 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

10:27:36.0684 2156 flpydisk - ok

10:27:36.0707 2156 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

10:27:36.0709 2156 FltMgr - ok

10:27:36.0752 2156 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

10:27:36.0763 2156 FontCache - ok

10:27:36.0812 2156 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:27:36.0814 2156 FontCache3.0.0.0 - ok

10:27:36.0842 2156 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

10:27:36.0843 2156 FsDepends - ok

10:27:36.0877 2156 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

10:27:36.0878 2156 fssfltr - ok

10:27:36.0961 2156 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

10:27:36.0973 2156 fsssvc - ok

10:27:36.0998 2156 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

10:27:36.0998 2156 Fs_Rec - ok

10:27:37.0032 2156 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

10:27:37.0034 2156 fvevol - ok

10:27:37.0063 2156 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

10:27:37.0064 2156 gagp30kx - ok

10:27:37.0102 2156 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

10:27:37.0109 2156 gpsvc - ok

10:27:37.0178 2156 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:27:37.0179 2156 gupdate - ok

10:27:37.0199 2156 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:27:37.0199 2156 gupdatem - ok

10:27:37.0245 2156 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

10:27:37.0247 2156 gusvc - ok

10:27:37.0272 2156 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

10:27:37.0272 2156 hcw85cir - ok

10:27:37.0309 2156 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

10:27:37.0312 2156 HdAudAddService - ok

10:27:37.0329 2156 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

10:27:37.0330 2156 HDAudBus - ok

10:27:37.0332 2156 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

10:27:37.0333 2156 HidBatt - ok

10:27:37.0341 2156 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

10:27:37.0342 2156 HidBth - ok

10:27:37.0345 2156 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

10:27:37.0346 2156 HidIr - ok

10:27:37.0371 2156 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

10:27:37.0372 2156 hidserv - ok

10:27:37.0415 2156 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

10:27:37.0416 2156 HidUsb - ok

10:27:37.0443 2156 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

10:27:37.0445 2156 hkmsvc - ok

10:27:37.0475 2156 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

10:27:37.0478 2156 HomeGroupListener - ok

10:27:37.0505 2156 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

10:27:37.0508 2156 HomeGroupProvider - ok

10:27:37.0586 2156 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

10:27:37.0589 2156 hpqcxs08 - ok

10:27:37.0612 2156 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

10:27:37.0613 2156 hpqddsvc - ok

10:27:37.0643 2156 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

10:27:37.0644 2156 HpSAMD - ok

10:27:37.0678 2156 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

10:27:37.0683 2156 HPSLPSVC - ok

10:27:37.0723 2156 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

10:27:37.0729 2156 HTTP - ok

10:27:37.0755 2156 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

10:27:37.0755 2156 hwpolicy - ok

10:27:37.0782 2156 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

10:27:37.0783 2156 i8042prt - ok

10:27:37.0808 2156 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

10:27:37.0812 2156 iaStor - ok

10:27:37.0829 2156 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

10:27:37.0833 2156 iaStorV - ok

10:27:37.0873 2156 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:27:37.0880 2156 idsvc - ok

10:27:37.0916 2156 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

10:27:37.0917 2156 iirsp - ok

10:27:37.0952 2156 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

10:27:37.0961 2156 IKEEXT - ok

10:27:38.0009 2156 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

10:27:38.0017 2156 IntcAzAudAddService - ok

10:27:38.0026 2156 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

10:27:38.0027 2156 intelide - ok

10:27:38.0046 2156 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

10:27:38.0047 2156 intelppm - ok

10:27:38.0077 2156 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

10:27:38.0079 2156 IPBusEnum - ok

10:27:38.0115 2156 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:27:38.0116 2156 IpFilterDriver - ok

10:27:38.0149 2156 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

10:27:38.0154 2156 iphlpsvc - ok

10:27:38.0179 2156 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

10:27:38.0180 2156 IPMIDRV - ok

10:27:38.0209 2156 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

10:27:38.0211 2156 IPNAT - ok

10:27:38.0234 2156 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

10:27:38.0235 2156 IRENUM - ok

10:27:38.0249 2156 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

10:27:38.0249 2156 isapnp - ok

10:27:38.0254 2156 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

10:27:38.0257 2156 iScsiPrt - ok

10:27:38.0295 2156 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

10:27:38.0296 2156 k57nd60a - ok

10:27:38.0310 2156 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

10:27:38.0311 2156 kbdclass - ok

10:27:38.0341 2156 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

10:27:38.0342 2156 kbdhid - ok

10:27:38.0352 2156 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

10:27:38.0353 2156 KeyIso - ok

10:27:38.0376 2156 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

10:27:38.0377 2156 KSecDD - ok

10:27:38.0386 2156 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

10:27:38.0387 2156 KSecPkg - ok

10:27:38.0414 2156 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

10:27:38.0414 2156 ksthunk - ok

10:27:38.0437 2156 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

10:27:38.0441 2156 KtmRm - ok

10:27:38.0469 2156 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

10:27:38.0473 2156 LanmanServer - ok

10:27:38.0500 2156 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

10:27:38.0503 2156 LanmanWorkstation - ok

10:27:38.0528 2156 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

10:27:38.0528 2156 lltdio - ok

10:27:38.0539 2156 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

10:27:38.0544 2156 lltdsvc - ok

10:27:38.0551 2156 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

10:27:38.0553 2156 lmhosts - ok

10:27:38.0594 2156 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

10:27:38.0595 2156 LSI_FC - ok

10:27:38.0598 2156 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

10:27:38.0599 2156 LSI_SAS - ok

10:27:38.0602 2156 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:27:38.0603 2156 LSI_SAS2 - ok

10:27:38.0606 2156 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:27:38.0608 2156 LSI_SCSI - ok

10:27:38.0634 2156 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

10:27:38.0636 2156 luafv - ok

10:27:38.0668 2156 [ 4CB64D7458ABD8396BCD389A69C8FC80 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys

10:27:38.0669 2156 lvpepf64 - ok

10:27:38.0691 2156 [ 0034F69D0007D3F77F6B96FA51228E85 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys

10:27:38.0691 2156 LVUSBS64 - ok

10:27:38.0718 2156 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

10:27:38.0720 2156 Mcx2Svc - ok

10:27:38.0723 2156 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

10:27:38.0724 2156 megasas - ok

10:27:38.0729 2156 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

10:27:38.0731 2156 MegaSR - ok

10:27:38.0766 2156 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

10:27:38.0768 2156 MMCSS - ok

10:27:38.0772 2156 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

10:27:38.0773 2156 Modem - ok

10:27:38.0801 2156 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

10:27:38.0801 2156 monitor - ok

10:27:38.0820 2156 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

10:27:38.0821 2156 mouclass - ok

10:27:38.0838 2156 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

10:27:38.0839 2156 mouhid - ok

10:27:38.0868 2156 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

10:27:38.0869 2156 mountmgr - ok

10:27:38.0897 2156 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

10:27:38.0899 2156 mpio - ok

10:27:38.0922 2156 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

10:27:38.0923 2156 mpsdrv - ok

10:27:38.0955 2156 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

10:27:38.0964 2156 MpsSvc - ok

10:27:38.0987 2156 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

10:27:38.0989 2156 MRxDAV - ok

10:27:39.0010 2156 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

10:27:39.0011 2156 mrxsmb - ok

10:27:39.0046 2156 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:27:39.0048 2156 mrxsmb10 - ok

10:27:39.0055 2156 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:27:39.0056 2156 mrxsmb20 - ok

10:27:39.0086 2156 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

10:27:39.0087 2156 msahci - ok

10:27:39.0095 2156 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

10:27:39.0097 2156 msdsm - ok

10:27:39.0126 2156 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

10:27:39.0129 2156 MSDTC - ok

10:27:39.0162 2156 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

10:27:39.0163 2156 Msfs - ok

10:27:39.0174 2156 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

10:27:39.0175 2156 mshidkmdf - ok

10:27:39.0184 2156 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

10:27:39.0184 2156 msisadrv - ok

10:27:39.0209 2156 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

10:27:39.0211 2156 MSiSCSI - ok

10:27:39.0214 2156 msiserver - ok

10:27:39.0231 2156 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

10:27:39.0232 2156 MSKSSRV - ok

10:27:39.0244 2156 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

10:27:39.0244 2156 MSPCLOCK - ok

10:27:39.0248 2156 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

10:27:39.0249 2156 MSPQM - ok

10:27:39.0281 2156 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

10:27:39.0284 2156 MsRPC - ok

10:27:39.0313 2156 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

10:27:39.0313 2156 mssmbios - ok

10:27:39.0330 2156 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

10:27:39.0330 2156 MSTEE - ok

10:27:39.0341 2156 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

10:27:39.0342 2156 MTConfig - ok

10:27:39.0362 2156 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

10:27:39.0363 2156 Mup - ok

10:27:39.0396 2156 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

10:27:39.0402 2156 napagent - ok

10:27:39.0426 2156 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

10:27:39.0429 2156 NativeWifiP - ok

10:27:39.0469 2156 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

10:27:39.0477 2156 NDIS - ok

10:27:39.0483 2156 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

10:27:39.0484 2156 NdisCap - ok

10:27:39.0514 2156 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

10:27:39.0514 2156 NdisTapi - ok

10:27:39.0538 2156 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

10:27:39.0539 2156 Ndisuio - ok

10:27:39.0564 2156 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

10:27:39.0566 2156 NdisWan - ok

10:27:39.0592 2156 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

10:27:39.0592 2156 NDProxy - ok

10:27:39.0626 2156 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

10:27:39.0628 2156 Net Driver HPZ12 - ok

10:27:39.0648 2156 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

10:27:39.0649 2156 NetBIOS - ok

10:27:39.0679 2156 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

10:27:39.0681 2156 NetBT - ok

10:27:39.0693 2156 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

10:27:39.0695 2156 Netlogon - ok

10:27:39.0755 2156 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

10:27:39.0760 2156 Netman - ok

10:27:39.0771 2156 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

10:27:39.0776 2156 netprofm - ok

10:27:39.0799 2156 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:27:39.0800 2156 NetTcpPortSharing - ok

10:27:39.0839 2156 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

10:27:39.0840 2156 nfrd960 - ok

10:27:39.0864 2156 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

10:27:39.0868 2156 NlaSvc - ok

10:27:39.0874 2156 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

10:27:39.0875 2156 Npfs - ok

10:27:39.0900 2156 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

10:27:39.0902 2156 nsi - ok

10:27:39.0913 2156 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

10:27:39.0914 2156 nsiproxy - ok

10:27:39.0959 2156 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

10:27:39.0973 2156 Ntfs - ok

10:27:39.0984 2156 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

10:27:39.0984 2156 Null - ok

10:27:40.0015 2156 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

10:27:40.0017 2156 nvraid - ok

10:27:40.0020 2156 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

10:27:40.0022 2156 nvstor - ok

10:27:40.0025 2156 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

10:27:40.0027 2156 nv_agp - ok

10:27:40.0097 2156 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:27:40.0101 2156 odserv - ok

10:27:40.0117 2156 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

10:27:40.0118 2156 ohci1394 - ok

10:27:40.0142 2156 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:27:40.0144 2156 ose - ok

10:27:40.0180 2156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

10:27:40.0185 2156 p2pimsvc - ok

10:27:40.0195 2156 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

10:27:40.0200 2156 p2psvc - ok

10:27:40.0226 2156 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

10:27:40.0228 2156 Parport - ok

10:27:40.0254 2156 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

10:27:40.0255 2156 partmgr - ok

10:27:40.0268 2156 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

10:27:40.0271 2156 PcaSvc - ok

10:27:40.0295 2156 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

10:27:40.0297 2156 pci - ok

10:27:40.0319 2156 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

10:27:40.0320 2156 pciide - ok

10:27:40.0332 2156 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

10:27:40.0334 2156 pcmcia - ok

10:27:40.0346 2156 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

10:27:40.0347 2156 pcw - ok

10:27:40.0422 2156 [ C9C45471C80F3FBF939F4E72A1E1401B ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

10:27:40.0423 2156 PDFProFiltSrvPP - ok

10:27:40.0455 2156 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

10:27:40.0461 2156 PEAUTH - ok

10:27:40.0535 2156 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

10:27:40.0537 2156 PerfHost - ok

10:27:40.0585 2156 [ 37EA62238E17AE88E4713D9246CA1C1C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS

10:27:40.0595 2156 PID_PEPI - ok

10:27:40.0642 2156 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

10:27:40.0655 2156 pla - ok

10:27:40.0692 2156 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

10:27:40.0698 2156 PlugPlay - ok

10:27:40.0782 2156 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

10:27:40.0785 2156 PMBDeviceInfoProvider - ok

10:27:40.0812 2156 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

10:27:40.0814 2156 Pml Driver HPZ12 - ok

10:27:40.0844 2156 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

10:27:40.0846 2156 PNRPAutoReg - ok

10:27:40.0855 2156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

10:27:40.0858 2156 PNRPsvc - ok

10:27:40.0891 2156 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

10:27:40.0897 2156 PolicyAgent - ok

10:27:40.0924 2156 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

10:27:40.0928 2156 Power - ok

10:27:40.0961 2156 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

10:27:40.0963 2156 PptpMiniport - ok

10:27:40.0978 2156 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

10:27:40.0979 2156 Processor - ok

10:27:41.0016 2156 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

10:27:41.0020 2156 ProfSvc - ok

10:27:41.0026 2156 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

10:27:41.0028 2156 ProtectedStorage - ok

10:27:41.0065 2156 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

10:27:41.0067 2156 Psched - ok

10:27:41.0083 2156 PxHelp20 - ok

10:27:41.0120 2156 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

10:27:41.0121 2156 PxHlpa64 - ok

10:27:41.0169 2156 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

10:27:41.0183 2156 ql2300 - ok

10:27:41.0196 2156 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

10:27:41.0198 2156 ql40xx - ok

10:27:41.0224 2156 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

10:27:41.0229 2156 QWAVE - ok

10:27:41.0235 2156 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

10:27:41.0236 2156 QWAVEdrv - ok

10:27:41.0247 2156 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

10:27:41.0248 2156 RasAcd - ok

10:27:41.0280 2156 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

10:27:41.0281 2156 RasAgileVpn - ok

10:27:41.0287 2156 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

10:27:41.0290 2156 RasAuto - ok

10:27:41.0311 2156 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

10:27:41.0313 2156 Rasl2tp - ok

10:27:41.0338 2156 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

10:27:41.0343 2156 RasMan - ok

10:27:41.0374 2156 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

10:27:41.0375 2156 RasPppoe - ok

10:27:41.0388 2156 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

10:27:41.0389 2156 RasSstp - ok

10:27:41.0420 2156 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

10:27:41.0423 2156 rdbss - ok

10:27:41.0438 2156 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

10:27:41.0439 2156 rdpbus - ok

10:27:41.0447 2156 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

10:27:41.0448 2156 RDPCDD - ok

10:27:41.0463 2156 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

10:27:41.0463 2156 RDPENCDD - ok

10:27:41.0467 2156 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

10:27:41.0467 2156 RDPREFMP - ok

10:27:41.0506 2156 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

10:27:41.0508 2156 RDPWD - ok

10:27:41.0543 2156 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

10:27:41.0545 2156 rdyboost - ok

10:27:41.0574 2156 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

10:27:41.0577 2156 RemoteAccess - ok

10:27:41.0606 2156 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

10:27:41.0610 2156 RemoteRegistry - ok

10:27:41.0694 2156 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

10:27:41.0704 2156 RoxMediaDB10 - ok

10:27:41.0732 2156 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

10:27:41.0734 2156 RpcEptMapper - ok

10:27:41.0758 2156 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

10:27:41.0760 2156 RpcLocator - ok

10:27:41.0789 2156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

10:27:41.0794 2156 RpcSs - ok

10:27:41.0823 2156 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

10:27:41.0824 2156 rspndr - ok

10:27:41.0826 2156 RxFilter - ok

10:27:41.0834 2156 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

10:27:41.0836 2156 SamSs - ok

10:27:41.0862 2156 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

10:27:41.0863 2156 sbp2port - ok

10:27:41.0884 2156 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

10:27:41.0888 2156 SCardSvr - ok

10:27:41.0907 2156 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

10:27:41.0908 2156 scfilter - ok

10:27:41.0950 2156 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

10:27:41.0961 2156 Schedule - ok

10:27:41.0995 2156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

10:27:41.0996 2156 SCPolicySvc - ok

10:27:42.0017 2156 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

10:27:42.0020 2156 SDRSVC - ok

10:27:42.0081 2156 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

10:27:42.0083 2156 SeaPort - ok

10:27:42.0109 2156 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

10:27:42.0110 2156 secdrv - ok

10:27:42.0119 2156 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

10:27:42.0121 2156 seclogon - ok

10:27:42.0148 2156 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

10:27:42.0150 2156 SENS - ok

10:27:42.0168 2156 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

10:27:42.0171 2156 SensrSvc - ok

10:27:42.0182 2156 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

10:27:42.0183 2156 Serenum - ok

10:27:42.0195 2156 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

10:27:42.0197 2156 Serial - ok

10:27:42.0216 2156 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

10:27:42.0217 2156 sermouse - ok

10:27:42.0240 2156 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

10:27:42.0244 2156 SessionEnv - ok

10:27:42.0266 2156 SessionLauncher - ok

10:27:42.0276 2156 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

10:27:42.0276 2156 sffdisk - ok

10:27:42.0291 2156 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

10:27:42.0291 2156 sffp_mmc - ok

10:27:42.0297 2156 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

10:27:42.0298 2156 sffp_sd - ok

10:27:42.0322 2156 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

10:27:42.0323 2156 sfloppy - ok

10:27:42.0350 2156 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

10:27:42.0354 2156 SharedAccess - ok

10:27:42.0390 2156 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

10:27:42.0395 2156 ShellHWDetection - ok

10:27:42.0416 2156 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:27:42.0417 2156 SiSRaid2 - ok

10:27:42.0431 2156 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

10:27:42.0432 2156 SiSRaid4 - ok

10:27:42.0480 2156 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

10:27:42.0481 2156 SkypeUpdate - ok

10:27:42.0501 2156 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

10:27:42.0502 2156 Smb - ok

10:27:42.0545 2156 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys

10:27:42.0547 2156 snapman - ok

10:27:42.0580 2156 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

10:27:42.0583 2156 SNMPTRAP - ok

10:27:42.0608 2156 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

10:27:42.0608 2156 spldr - ok

10:27:42.0638 2156 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

10:27:42.0644 2156 Spooler - ok

10:27:42.0729 2156 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

10:27:42.0761 2156 sppsvc - ok

10:27:42.0790 2156 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

10:27:42.0793 2156 sppuinotify - ok

10:27:42.0827 2156 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

10:27:42.0831 2156 srv - ok

10:27:42.0846 2156 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

10:27:42.0850 2156 srv2 - ok

10:27:42.0864 2156 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

10:27:42.0865 2156 srvnet - ok

10:27:42.0884 2156 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

10:27:42.0888 2156 SSDPSRV - ok

10:27:42.0899 2156 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

10:27:42.0902 2156 SstpSvc - ok

10:27:42.0920 2156 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

10:27:42.0921 2156 stexstor - ok

10:27:42.0957 2156 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

10:27:42.0958 2156 StillCam - ok

10:27:42.0999 2156 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

10:27:43.0007 2156 stisvc - ok

10:27:43.0049 2156 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

10:27:43.0050 2156 stllssvr - ok

10:27:43.0080 2156 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

10:27:43.0080 2156 swenum - ok

10:27:43.0110 2156 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

10:27:43.0117 2156 swprv - ok

10:27:43.0162 2156 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

10:27:43.0179 2156 SysMain - ok

10:27:43.0203 2156 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

10:27:43.0206 2156 TabletInputService - ok

10:27:43.0222 2156 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

10:27:43.0227 2156 TapiSrv - ok

10:27:43.0240 2156 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

10:27:43.0244 2156 TBS - ok

10:27:43.0303 2156 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

10:27:43.0319 2156 Tcpip - ok

10:27:43.0346 2156 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

10:27:43.0354 2156 TCPIP6 - ok

10:27:43.0366 2156 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

10:27:43.0367 2156 tcpipreg - ok

10:27:43.0392 2156 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

10:27:43.0393 2156 TDPIPE - ok

10:27:43.0445 2156 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys

10:27:43.0456 2156 tdrpman273 - ok

10:27:43.0483 2156 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

10:27:43.0484 2156 TDTCP - ok

10:27:43.0513 2156 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

10:27:43.0514 2156 tdx - ok

10:27:43.0549 2156 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

10:27:43.0550 2156 TermDD - ok

10:27:43.0569 2156 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

10:27:43.0577 2156 TermService - ok

10:27:43.0594 2156 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

10:27:43.0597 2156 Themes - ok

10:27:43.0624 2156 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

10:27:43.0626 2156 THREADORDER - ok

10:27:43.0665 2156 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys

10:27:43.0673 2156 timounter - ok

10:27:43.0688 2156 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

10:27:43.0692 2156 TrkWks - ok

10:27:43.0743 2156 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

10:27:43.0745 2156 TrustedInstaller - ok

10:27:43.0769 2156 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

10:27:43.0770 2156 tssecsrv - ok

10:27:43.0805 2156 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

10:27:43.0806 2156 TsUsbFlt - ok

10:27:43.0845 2156 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

10:27:43.0846 2156 tunnel - ok

10:27:43.0865 2156 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

10:27:43.0866 2156 uagp35 - ok

10:27:43.0879 2156 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

10:27:43.0883 2156 udfs - ok

10:27:43.0905 2156 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

10:27:43.0908 2156 UI0Detect - ok

10:27:43.0922 2156 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

10:27:43.0923 2156 uliagpkx - ok

10:27:43.0949 2156 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

10:27:43.0950 2156 umbus - ok

10:27:43.0959 2156 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

10:27:43.0960 2156 UmPass - ok

10:27:43.0974 2156 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

10:27:43.0979 2156 upnphost - ok

10:27:44.0000 2156 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

10:27:44.0001 2156 usbaudio - ok

10:27:44.0028 2156 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

10:27:44.0030 2156 usbccgp - ok

10:27:44.0069 2156 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

10:27:44.0071 2156 usbcir - ok

10:27:44.0078 2156 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

10:27:44.0079 2156 usbehci - ok

10:27:44.0101 2156 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

10:27:44.0105 2156 usbhub - ok

10:27:44.0116 2156 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

10:27:44.0117 2156 usbohci - ok

10:27:44.0153 2156 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

10:27:44.0154 2156 usbprint - ok

10:27:44.0173 2156 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

10:27:44.0174 2156 usbscan - ok

10:27:44.0186 2156 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:27:44.0187 2156 USBSTOR - ok

10:27:44.0194 2156 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

10:27:44.0195 2156 usbuhci - ok

10:27:44.0224 2156 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

10:27:44.0227 2156 UxSms - ok

10:27:44.0235 2156 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

10:27:44.0236 2156 VaultSvc - ok

10:27:44.0242 2156 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

10:27:44.0243 2156 vdrvroot - ok

10:27:44.0272 2156 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

10:27:44.0279 2156 vds - ok

10:27:44.0293 2156 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

10:27:44.0293 2156 vga - ok

10:27:44.0315 2156 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

10:27:44.0316 2156 VgaSave - ok

10:27:44.0350 2156 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

10:27:44.0352 2156 vhdmp - ok

10:27:44.0363 2156 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

10:27:44.0364 2156 viaide - ok

10:27:44.0380 2156 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

10:27:44.0381 2156 volmgr - ok

10:27:44.0410 2156 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

10:27:44.0413 2156 volmgrx - ok

10:27:44.0424 2156 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

10:27:44.0427 2156 volsnap - ok

10:27:44.0443 2156 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

10:27:44.0445 2156 vsmraid - ok

10:27:44.0492 2156 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

10:27:44.0508 2156 VSS - ok

10:27:44.0520 2156 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

10:27:44.0521 2156 vwifibus - ok

10:27:44.0552 2156 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

10:27:44.0558 2156 W32Time - ok

10:27:44.0579 2156 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

10:27:44.0580 2156 WacomPen - ok

10:27:44.0621 2156 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

10:27:44.0622 2156 WANARP - ok

10:27:44.0625 2156 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

10:27:44.0625 2156 Wanarpv6 - ok

10:27:44.0670 2156 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

10:27:44.0681 2156 WatAdminSvc - ok

10:27:44.0728 2156 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

10:27:44.0743 2156 wbengine - ok

10:27:44.0779 2156 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

10:27:44.0784 2156 WbioSrvc - ok

10:27:44.0810 2156 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

10:27:44.0816 2156 wcncsvc - ok

10:27:44.0828 2156 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

10:27:44.0832 2156 WcsPlugInService - ok

10:27:44.0865 2156 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

10:27:44.0866 2156 Wd - ok

10:27:44.0909 2156 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

10:27:44.0915 2156 Wdf01000 - ok

10:27:44.0943 2156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

10:27:44.0946 2156 WdiServiceHost - ok

10:27:44.0949 2156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

10:27:44.0952 2156 WdiSystemHost - ok

10:27:44.0975 2156 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

10:27:44.0980 2156 WebClient - ok

10:27:44.0989 2156 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

10:27:44.0994 2156 Wecsvc - ok

10:27:45.0003 2156 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

10:27:45.0006 2156 wercplsupport - ok

10:27:45.0024 2156 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

10:27:45.0027 2156 WerSvc - ok

10:27:45.0060 2156 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

10:27:45.0060 2156 WfpLwf - ok

10:27:45.0066 2156 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

10:27:45.0067 2156 WIMMount - ok

10:27:45.0079 2156 WinDefend - ok

10:27:45.0081 2156 WinHttpAutoProxySvc - ok

10:27:45.0130 2156 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

10:27:45.0133 2156 Winmgmt - ok

10:27:45.0183 2156 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

10:27:45.0203 2156 WinRM - ok

10:27:45.0252 2156 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

10:27:45.0254 2156 WinUsb - ok

10:27:45.0290 2156 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

10:27:45.0299 2156 Wlansvc - ok

10:27:45.0372 2156 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:27:45.0373 2156 wlcrasvc - ok

10:27:45.0429 2156 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:27:45.0448 2156 wlidsvc - ok

10:27:45.0478 2156 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

10:27:45.0479 2156 WmiAcpi - ok

10:27:45.0510 2156 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

10:27:45.0513 2156 wmiApSrv - ok

10:27:45.0543 2156 WMPNetworkSvc - ok

10:27:45.0567 2156 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

10:27:45.0570 2156 WPCSvc - ok

10:27:45.0598 2156 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

10:27:45.0602 2156 WPDBusEnum - ok

10:27:45.0629 2156 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

10:27:45.0630 2156 ws2ifsl - ok

10:27:45.0637 2156 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

10:27:45.0641 2156 wscsvc - ok

10:27:45.0643 2156 WSearch - ok

10:27:45.0703 2156 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

10:27:45.0717 2156 wuauserv - ok

10:27:45.0750 2156 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

10:27:45.0751 2156 WudfPf - ok

10:27:45.0772 2156 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

10:27:45.0775 2156 WUDFRd - ok

10:27:45.0801 2156 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

10:27:45.0805 2156 wudfsvc - ok

10:27:45.0838 2156 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

10:27:45.0843 2156 WwanSvc - ok

10:27:45.0846 2156 ================ Scan global ===============================

10:27:45.0875 2156 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

10:27:45.0904 2156 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

10:27:45.0912 2156 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

10:27:45.0934 2156 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

10:27:45.0947 2156 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

10:27:45.0950 2156 [Global] - ok

10:27:45.0951 2156 ================ Scan MBR ==================================

10:27:45.0958 2156 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

10:27:46.0108 2156 \Device\Harddisk0\DR0 - ok

10:27:46.0109 2156 ================ Scan VBR ==================================

10:27:46.0110 2156 [ A5C682221BB3BE9CA89446427C662F59 ] \Device\Harddisk0\DR0\Partition1

10:27:46.0111 2156 \Device\Harddisk0\DR0\Partition1 - ok

10:27:46.0123 2156 [ 9DBC01C4E8C38CD434A0E57EA7E887C4 ] \Device\Harddisk0\DR0\Partition2

10:27:46.0124 2156 \Device\Harddisk0\DR0\Partition2 - ok

10:27:46.0124 2156 ============================================================

10:27:46.0124 2156 Scan finished

10:27:46.0124 2156 ============================================================

10:27:46.0130 2152 Detected object count: 0

10:27:46.0130 2152 Actual detected object count: 0

==========================

RKReport

==========================

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : B Equipment [Admin rights]

Mode : Scan -- Date : 02/06/2013 10:33:14

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : PPort12reminder ("C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini") -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721064SLA360 ATA Device +++++

--- User ---

[MBR] 6ec6eb83553a4697e606718bd54801cb

[bSP] bff7ce48fb84899243248788edadd4ed : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02062013_02d1033.txt >>

RKreport[1]_S_02062013_02d1033.txt

Link to post
Share on other sites

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Step 3

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
    %systemroot%\xpsrchvw.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

We'll see what Systemlook reports on the xpsrchvw.exe (files) on this system.

BTW this exe is not critical to operation of Windows itself. It's only used to view XML documents.

Link to post
Share on other sites

Should that have been "%systemroot%\system32\xpsrchvw.exe"?

========================

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : B Equipment [Admin rights]

Mode : Remove -- Date : 02/06/2013 12:00:45

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : PPort12reminder ("C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini") -> NOT SELECTED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721064SLA360 ATA Device +++++

--- User ---

[MBR] 6ec6eb83553a4697e606718bd54801cb

[bSP] bff7ce48fb84899243248788edadd4ed : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_02062013_02d1200.txt >>

RKreport[1]_S_02062013_02d1033.txt ; RKreport[2]_S_02062013_02d1158.txt ; RKreport[3]_D_02062013_02d1200.txt

=======================

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 12:05:39

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : B Equipment - BEQUIPMENT

# Boot Mode : Normal

# Running from : C:\Users\B Equipment\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\B Equipment\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\B Equipment\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2399412

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\B Equipment\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1173 octets] - [06/02/2013 10:22:35]

AdwCleaner[s1].txt - [1116 octets] - [06/02/2013 12:05:39]

########## EOF - C:\AdwCleaner[s1].txt - [1176 octets] ##########

=============================

SystemLook 30.07.11 by jpshortstuff

Log created at 12:12 on 06/02/2013 by B Equipment

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== file ==========

C:\Windows\xpsrchvw.exe - Unable to find/read file.

-= EOF =-

Link to post
Share on other sites

I actually want to do a more generic & more fine-tuned search. Do the following, please.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Turn OFF Avast so that it does not interfere :excl:

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

I'd like to have you do a special run of OTL to generate some searches & a log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    xpsrchvw.exe
    /md5stop
    c:|xpsrch;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Attach the OTL log(s) .

Link to post
Share on other sites

Thanks for all the time you are spending on this!

FYI, at one point, before coming to this forum, and was trying to use Combofix, there were a couple of times that Combofix detected and attempted to delete the

C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\*

files. Then it stopped detecting them on the last couple of times I used it.

=======================

OTL logfile created on: 2/6/2013 12:49:27 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\B Equipment\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 69.21% Memory free

7.98 Gb Paging File | 6.58 Gb Available in Paging File | 82.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.48 Gb Total Space | 498.52 Gb Free Space | 85.73% Space Free | Partition Type: NTFS

Computer Name: BEQUIPMENT | User Name: B Equipment | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/06 12:43:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\B Equipment\Desktop\OTL.exe

PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/10/30 15:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe

PRC - [2011/08/12 06:39:54 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

PRC - [2011/06/27 22:57:32 | 005,550,840 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2010/12/06 04:56:42 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009/08/27 18:22:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

PRC - [2009/08/27 18:21:32 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

PRC - [2009/08/25 16:18:34 | 001,365,280 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe

PRC - [2009/07/17 14:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2009/01/21 15:00:54 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe

PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/06 12:08:21 | 000,571,392 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\pysqlite2._sqlite.pyd

MOD - [2013/02/06 12:08:21 | 000,096,256 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32api.pyd

MOD - [2013/02/06 12:08:21 | 000,086,016 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\_elementtree.pyd

MOD - [2013/02/06 12:08:21 | 000,040,448 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\_socket.pyd

MOD - [2013/02/06 12:08:21 | 000,023,040 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32ts.pyd

MOD - [2013/02/06 12:08:20 | 001,024,616 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\windows._cacheinvalidation.pyd

MOD - [2013/02/06 12:08:20 | 000,792,576 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\wx._gdi_.pyd

MOD - [2013/02/06 12:08:20 | 000,263,168 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32com.shell.shell.pyd

MOD - [2013/02/06 12:08:20 | 000,153,088 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\pyexpat.pyd

MOD - [2013/02/06 12:08:20 | 000,073,728 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\_ctypes.pyd

MOD - [2013/02/06 12:08:20 | 000,070,656 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\wx._html2.pyd

MOD - [2013/02/06 12:08:20 | 000,017,920 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32profile.pyd

MOD - [2013/02/06 12:08:20 | 000,011,776 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32crypt.pyd

MOD - [2013/02/06 12:08:19 | 001,169,408 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\wx._core_.pyd

MOD - [2013/02/06 12:08:19 | 000,731,136 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\wx._misc_.pyd

MOD - [2013/02/06 12:08:19 | 000,645,120 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\_ssl.pyd

MOD - [2013/02/06 12:08:19 | 000,354,304 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\pythoncom26.dll

MOD - [2013/02/06 12:08:19 | 000,110,592 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32security.pyd

MOD - [2013/02/06 12:08:19 | 000,110,592 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\PyWinTypes26.dll

MOD - [2013/02/06 12:08:19 | 000,036,352 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32process.pyd

MOD - [2013/02/06 12:08:19 | 000,022,528 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32pdh.pyd

MOD - [2013/02/06 12:08:18 | 001,056,256 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\wx._controls_.pyd

MOD - [2013/02/06 12:08:18 | 000,807,424 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\wx._windows_.pyd

MOD - [2013/02/06 12:08:18 | 000,585,728 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\unicodedata.pyd

MOD - [2013/02/06 12:08:18 | 000,311,808 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\_hashlib.pyd

MOD - [2013/02/06 12:08:18 | 000,121,856 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\wx._wizard.pyd

MOD - [2013/02/06 12:08:18 | 000,111,104 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32file.pyd

MOD - [2013/02/06 12:08:18 | 000,039,424 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32inet.pyd

MOD - [2013/02/06 12:08:18 | 000,017,920 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\win32event.pyd

MOD - [2013/02/06 12:08:18 | 000,011,776 | ---- | M] () -- C:\Users\B Equipment\AppData\Local\Temp\_MEI38642\select.pyd

MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012/10/30 15:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/15 10:12:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2013/01/09 06:31:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/08/12 06:39:54 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2010/12/06 04:58:36 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/27 18:21:32 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)

SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/01/21 15:00:54 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/10/30 15:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)

DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/10/30 15:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2012/10/30 15:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)

DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/12 06:39:54 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)

DRV:64bit: - [2011/08/12 06:39:52 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)

DRV:64bit: - [2011/08/12 06:39:52 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/10 02:46:04 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)

DRV:64bit: - [2010/12/29 08:33:52 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/06/15 10:48:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2007/05/09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007/05/09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)

DRV:64bit: - [2007/05/09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)

DRV - [2006/11/02 16:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{7387CD74-8D3F-4BFB-A6AD-785AEC0EA90D}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{1F7D9189-25E7-480C-9029-072AA88D0FF2}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/17 11:15:57 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/17 11:15:57 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - Extension: avast! WebRep = C:\Users\B Equipment\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2013/02/05 11:26:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O4 - HKCU..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - Startup: C:\Users\B Equipment\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: netflix.com ([www] * in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...6.2.logging.cab (DLM Control)

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)

O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cstindustrie...ex/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDAD32C1-F043-439F-BE3B-C97351DAE33B}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/06 12:43:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\B Equipment\Desktop\OTL.exe

[2013/02/06 10:32:20 | 000,000,000 | ---D | C] -- C:\Users\B Equipment\Desktop\RK_Quarantine

[2013/02/06 10:25:36 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\B Equipment\Desktop\tdsskiller.exe

[2013/02/06 10:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2013/02/06 10:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2013/02/06 08:20:24 | 000,000,000 | ---D | C] -- C:\FRST

[2013/02/05 17:01:24 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\B Equipment\Desktop\dds.com

[2013/02/05 11:27:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/02/05 11:25:34 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/02/04 17:42:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/02/04 17:42:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/02/04 17:42:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/02/04 16:17:25 | 000,000,000 | ---D | C] -- C:\Users\B Equipment\AppData\Roaming\Malwarebytes

[2013/02/04 16:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/02/04 16:17:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/02/04 16:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/02/04 16:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/02/04 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\B Equipment\AppData\Local\Programs

[2013/02/04 14:26:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/02/04 14:25:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/02/04 13:40:46 | 000,000,000 | ---D | C] -- C:\Users\B Equipment\Desktop\rkill

[2013/02/04 13:39:48 | 000,000,000 | ---D | C] -- C:\temp

[2013/02/04 13:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2013/02/04 13:16:38 | 000,000,000 | ---D | C] -- C:\Users\B Equipment\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/01/09 06:47:37 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/01/09 06:47:37 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/01/09 06:47:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/01/09 06:47:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/01/09 06:47:16 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/01/09 06:47:16 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/01/09 06:47:16 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/01/09 06:47:16 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/01/09 06:47:16 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/01/09 06:47:16 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/01/09 06:47:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/01/09 06:47:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/01/09 06:47:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/01/09 06:47:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/01/09 06:47:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/01/09 06:47:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/01/09 06:47:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/01/09 06:47:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/01/09 06:47:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/01/09 06:47:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/01/09 06:47:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/01/09 06:47:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/01/09 06:47:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/01/09 06:47:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/01/09 06:47:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/01/09 06:47:14 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/01/09 06:47:14 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/01/09 06:47:14 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/01/09 06:47:13 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/01/09 06:47:13 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/01/09 06:47:13 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/01/09 06:47:13 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/01/09 06:47:13 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/01/09 06:47:13 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/01/09 06:47:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/01/09 06:47:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/01/09 06:46:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/01/09 06:46:52 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/01/09 06:46:51 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/01/09 06:46:51 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/01/09 06:46:51 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/01/09 06:46:51 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/01/09 06:46:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/01/09 06:46:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/01/09 06:46:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/01/09 06:46:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/01/09 06:46:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 06:46:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 06:46:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 06:46:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 06:46:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 06:46:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 06:46:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 06:46:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 06:46:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 06:46:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 06:46:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 06:46:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 06:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 06:46:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/01/09 06:46:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/01/09 06:46:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 06:46:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 06:46:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 06:46:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 06:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 06:46:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 06:46:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 06:46:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 06:46:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 06:46:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/01/09 06:46:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

========== Files - Modified Within 30 Days ==========

[2013/02/06 12:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/06 12:43:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\B Equipment\Desktop\OTL.exe

[2013/02/06 12:14:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/06 12:14:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/06 12:10:37 | 000,139,264 | ---- | M] () -- C:\Users\B Equipment\Desktop\SystemLook.exe

[2013/02/06 12:08:05 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/06 12:07:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/06 12:07:23 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/06 11:56:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/06 10:31:50 | 000,778,240 | ---- | M] () -- C:\Users\B Equipment\Desktop\RogueKiller.exe

[2013/02/06 10:25:44 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\B Equipment\Desktop\tdsskiller.exe

[2013/02/06 10:21:37 | 000,582,209 | ---- | M] () -- C:\Users\B Equipment\Desktop\adwcleaner.exe

[2013/02/06 10:17:28 | 000,000,926 | ---- | M] () -- C:\Users\B Equipment\Desktop\NTREGOPT.lnk

[2013/02/06 10:17:28 | 000,000,907 | ---- | M] () -- C:\Users\B Equipment\Desktop\ERUNT.lnk

[2013/02/05 17:01:24 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\B Equipment\Desktop\dds.com

[2013/02/05 11:26:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/02/04 21:39:16 | 2045,885,259 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/02/04 18:48:39 | 000,736,642 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/04 18:48:39 | 000,631,208 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/04 18:48:39 | 000,109,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/04 16:17:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/04 13:16:39 | 000,001,266 | ---- | M] () -- C:\Users\B Equipment\Desktop\Revo Uninstaller.lnk

[2013/02/04 13:12:15 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2013/02/04 13:12:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/01/30 19:19:28 | 000,000,000 | ---- | M] () -- C:\Users\B Equipment\Documents\Nuance Image Printer Writer Port

[2013/01/24 14:58:42 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/14 09:38:25 | 000,002,281 | ---- | M] () -- C:\Users\B Equipment\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/10 09:58:59 | 000,452,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/01/09 06:31:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/01/09 06:31:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/02/06 12:10:36 | 000,139,264 | ---- | C] () -- C:\Users\B Equipment\Desktop\SystemLook.exe

[2013/02/06 10:31:42 | 000,778,240 | ---- | C] () -- C:\Users\B Equipment\Desktop\RogueKiller.exe

[2013/02/06 10:21:31 | 000,582,209 | ---- | C] () -- C:\Users\B Equipment\Desktop\adwcleaner.exe

[2013/02/06 10:17:28 | 000,000,926 | ---- | C] () -- C:\Users\B Equipment\Desktop\NTREGOPT.lnk

[2013/02/06 10:17:28 | 000,000,907 | ---- | C] () -- C:\Users\B Equipment\Desktop\ERUNT.lnk

[2013/02/04 18:20:50 | 3214,237,696 | -HS- | C] () -- C:\hiberfil.sys

[2013/02/04 17:42:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/02/04 17:42:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/02/04 17:42:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/02/04 17:42:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/02/04 17:42:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/02/04 16:17:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/04 13:16:39 | 000,001,266 | ---- | C] () -- C:\Users\B Equipment\Desktop\Revo Uninstaller.lnk

[2011/08/15 16:29:47 | 000,007,605 | ---- | C] () -- C:\Users\B Equipment\AppData\Local\Resmon.ResmonCfg

[2011/02/22 20:02:57 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll

[2010/01/31 18:04:16 | 000,000,236 | ---- | C] () -- C:\Users\B Equipment\jobq.dat

[2010/01/02 15:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/11/19 07:00:22 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2012/07/15 20:39:25 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\.oit

[2011/08/12 06:39:54 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\17B82F69-F55F-4961-BE17-D46BC4C17C95

[2011/04/23 07:37:22 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\73FD80FB-796A-4D03-B9E5-FFB52FF9F211

[2010/12/29 09:07:14 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Acronis

[2010/12/17 13:06:14 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Adobe

[2009/11/12 17:06:14 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\ATI

[2010/01/07 07:12:45 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Autodesk

[2011/04/23 07:37:22 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\BB12976F-D725-44AC-B012-172160F660F0

[2009/11/15 08:44:12 | 000,000,000 | R--D | M] -- C:\Users\B Equipment\AppData\Roaming\Brother

[2009/11/13 07:21:04 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\CyberLink

[2009/11/12 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Dell

[2012/11/15 11:44:46 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Download Manager

[2009/11/20 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\FLEXnet

[2010/12/17 11:26:22 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\HP

[2012/06/08 08:11:20 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\HpUpdate

[2009/11/12 17:04:48 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Identities

[2009/11/15 07:45:02 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\InstallShield

[2009/11/12 17:22:46 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Macromedia

[2013/02/04 16:17:25 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Malwarebytes

[2009/07/13 23:44:38 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Media Center Programs

[2011/04/05 08:33:50 | 000,000,000 | --SD | M] -- C:\Users\B Equipment\AppData\Roaming\Microsoft

[2009/11/23 12:47:01 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Neuratron

[2009/11/20 06:30:24 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Nuance

[2010/07/06 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\PC-FAX TX

[2009/11/16 06:32:57 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\ScanSoft

[2009/11/19 07:04:29 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Sibelius Software

[2012/12/06 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Skype

[2011/08/02 07:34:37 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\skypePM

[2011/02/23 07:19:22 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Sony Corporation

[2009/11/27 12:13:22 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Steinberg

[2012/09/26 06:58:38 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\webex

[2009/11/20 06:30:28 | 000,000,000 | ---D | M] -- C:\Users\B Equipment\AppData\Roaming\Zeon

< %APPDATA%\*.exe /s >

[2011/04/14 04:23:03 | 000,010,134 | R--- | M] () -- C:\Users\B Equipment\AppData\Roaming\Microsoft\Installer\{0A80329D-1B59-4F10-8D1D-924C59B2840B}\ARPPRODUCTICON.exe

[2011/01/12 15:01:27 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\B Equipment\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2011/02/04 14:57:29 | 000,010,134 | R--- | M] () -- C:\Users\B Equipment\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: XPSRCHVW.EXE >

[2009/07/13 17:14:51 | 003,405,312 | ---- | M] (Microsoft Corporation) MD5=28BCDF59E4A5A426FBCA8281563D595D -- C:\Windows\SysWOW64\xpsrchvw.exe

[2009/07/13 17:14:51 | 003,405,312 | ---- | M] (Microsoft Corporation) MD5=28BCDF59E4A5A426FBCA8281563D595D -- C:\Windows\winsxs\wow64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7b64ef799c494a30\xpsrchvw.exe

[2009/07/13 17:39:59 | 004,835,840 | ---- | M] (Microsoft Corporation) MD5=492CB6A624D5DAD73EE0294B5DB37DD6 -- C:\Windows\SysNative\xpsrchvw.exe

[2009/07/13 17:39:59 | 004,835,840 | ---- | M] (Microsoft Corporation) MD5=492CB6A624D5DAD73EE0294B5DB37DD6 -- C:\Windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835\xpsrchvw.exe

< c:|xpsrch;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:0B9FB94D

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:01C66DD9

< End of report >

Extras.txt in the next post.

Link to post
Share on other sites

OTL Extras logfile created on: 2/6/2013 12:49:27 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\B Equipment\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 69.21% Memory free

7.98 Gb Paging File | 6.58 Gb Available in Paging File | 82.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.48 Gb Total Space | 498.52 Gb Free Space | 85.73% Space Free | Partition Type: NTFS

Computer Name: BEQUIPMENT | User Name: B Equipment | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06689143-9A64-487E-B98F-4BB89A772F04}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{0A36A1EA-7287-4F80-93C9-20770CB98BCB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{1415A4F4-E476-4F94-BE3F-351D57F889DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2B4B6B02-72DC-42F9-91CF-A2B76684CCBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{31B12962-7AD8-4322-A0EE-2D41228879D0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{368A4548-0875-466D-8236-2C2DD48F5BF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{36F1604F-56C5-4770-87E5-4DE5119730A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{445C0F37-CB13-4A64-8C13-AF1A5087A1C7}" = lport=445 | protocol=6 | dir=in | app=system |

"{4AD98559-90B3-4993-BCA4-DB9C7BE61D52}" = lport=137 | protocol=17 | dir=in | app=system |

"{54F1EA79-307C-4F75-9A1F-B2137E2FA4EA}" = lport=10243 | protocol=6 | dir=in | app=system |

"{5A5FCC86-5975-4E04-A07D-F94E9E62B5BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5F85CCB7-65B2-4ED7-92A5-B59EE445024E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{67983DCC-DE7B-4718-9F6B-32D87CC3AAB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8991B9CB-B9F3-4B43-83BE-15FD772D0E5F}" = rport=137 | protocol=17 | dir=out | app=system |

"{8A530066-71B3-4F1C-9453-4B0D8E1BB716}" = rport=139 | protocol=6 | dir=out | app=system |

"{91BF1665-6F93-4FC0-840E-28A857AC923B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A6C332A2-F464-43E2-AFAB-1864FA6ED213}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AABBEC23-3DBD-4E81-945C-ACB41F62CA60}" = lport=2869 | protocol=6 | dir=in | app=system |

"{ABF47859-B709-41BE-A5E8-B13427B5C791}" = lport=138 | protocol=17 | dir=in | app=system |

"{BF7E6691-13FD-4BF9-8B8A-E4EA5C7D63BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{C0C604D2-A9B0-4D54-9F5E-90BE5C26B160}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CF248B80-BF97-42F6-9C52-EA616D6399F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DB94EA62-D0F4-4BF7-A0CA-EE9EF0D72873}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DC85488B-2D64-4E6B-B6E6-2B765CC0BEFC}" = rport=138 | protocol=17 | dir=out | app=system |

"{DDE50419-460E-4609-B4FC-1D4507CC4F8B}" = lport=139 | protocol=6 | dir=in | app=system |

"{E09C8785-2C0F-453B-85BC-558E138227FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{E3D96780-6A20-4C8B-AFB1-EAD190DDA119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EC701201-22E0-41EA-B46E-76D345684CE1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{ECE6E9FC-86B0-4455-9D9C-18E108A91601}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04848A45-E957-44A8-8538-B3BF58D0D130}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{07406259-3F85-4627-8053-1CAC60B1D265}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{0ED31625-C7D4-4C30-8E41-5C5309741808}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0F988E56-9E2A-46E4-9DB3-1167396DB0DE}" = protocol=6 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\regtool.exe |

"{10B80A14-50D0-4B81-B34B-486E0C795EC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{11BD57DD-C8C1-463B-A223-E70CA4FA1AEC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{1392E57D-A406-4D60-8D72-2727BFC20AAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1437CFA8-A841-422D-BB45-ABBB0516DCFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{184E51C1-9BDF-4F57-A5C4-23FC34105984}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{26AE6CC4-BAB8-45B9-AF78-4D54BCF6382C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{2AA3E6EB-2DF0-4CD0-8E13-F157135C21A2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{30CE2F79-370F-401D-89FD-0F49BAFD2C39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{39E7A872-F6BD-4BA5-80A0-3AB574D1F49A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{3A3E2B61-CE4B-48EA-82B2-7D78284BD7E3}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\bradminv3.exe |

"{3B464DD5-28A0-4B51-AC53-21DD1AEE87FE}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\discover.exe |

"{3B7CFA71-8853-4CC9-82BF-396FDBB8F05C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{3C2C69E5-2CC2-4526-9B3B-A71DFB13FC52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{43C171C3-D256-46C0-A676-FB41A2AD93FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{492D0453-59CE-444D-B2A4-BC304CC5C8DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{49606FC1-4FF8-4A59-9F53-12F2A9E7B27A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5249C96C-5E5C-499E-8145-5992AAAB0D6F}" = protocol=6 | dir=out | app=system |

"{54A47906-FA43-4066-AC9F-6B93E63AFD9D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{57C0FEAF-C3E5-40AB-A3CA-FB31112E0337}" = protocol=6 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\sibelius.exe |

"{5C6A9F35-3EE4-40AA-AD7D-C23FBCD05A2A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{5ED7E999-E59B-42DA-9B53-F67EDDC42EE1}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\discover.exe |

"{5F0E7C90-19E3-48B6-A474-E46020291715}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\bradminv3.exe |

"{60786586-BB76-47C0-8EB7-8E8ACF3EEAB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{6E95B22B-DBA9-44DF-9547-0D1CCCF8F3AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6EA9E14F-42E7-4C3C-BBA3-DE3E7D8E0398}" = protocol=17 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\regtool.exe |

"{6F9A0D46-BA18-4680-A229-BB688AE71E23}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |

"{776CA882-8E86-448A-8D14-D6EF7F4901A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{79F3978E-6848-429D-A37E-CCA3C1C875E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{85F0CAA7-05DA-4CFC-9900-CE332B129DD9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{913AA7C4-CD1B-417C-BA04-CF7AA20704CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{992666B9-5EE3-4285-BEFB-931A2CEEB258}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{A244D912-5BF8-478D-815B-30B754B18B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\auditorserver.exe |

"{A869E4AE-40D3-4A5E-8C31-78FEA5242BBD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{AC6362AB-B3B7-4F7E-BB8A-FB923286EDD4}" = protocol=17 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\sibelius.exe |

"{C01113DC-CC4A-46D2-9F12-98C527985C7C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{CF9582CD-DF18-4FAD-BA64-B51BE0D8B738}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{D2F761A0-8E55-4117-9F06-F24F36495DE9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{D4EFE700-43A1-44B2-A2B4-8E4216A38D1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DF2CAF35-21BD-4143-8469-A54929923583}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{DF8DA3AF-6D43-4BA1-97D7-57CBF3D23F44}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{F91BEC9C-7A47-430A-9B21-5B7AB86DCB1C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{FC087EB5-7917-4E85-9E28-9B17CB48E277}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\auditorserver.exe |

"{FF13643E-7FC1-4473-B1DE-B3E7FD78B80C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"TCP Query User{55ED8B4C-20BA-4759-9ADF-70FA97488D4D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{A76A8AE3-8285-4D18-AB33-527B6062B795}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{257F446A-01ED-739C-16B8-237498DEDDDF}" = ccc-utility64

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{5783F2D7-8028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2010

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"DWG TrueView 2010" = DWG TrueView 2010

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0301AC02-D87B-27E9-9429-7E4BB52D9183}" = CCC Help German

"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService

"{0A80329D-1B59-4F10-8D1D-924C59B2840B}" = ShufflePlusVLOI

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34

"{1350DD04-57AD-6278-3F4D-D4281EEE7C5C}" = Catalyst Control Center Graphics Full New

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A6842E0-3047-BD62-9A28-5A7743D88E2A}" = Catalyst Control Center InstallProxy

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{245FCF81-55BA-4AB9-A7C1-37411595676D}" = Nuance PaperPort 12

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{305CAF40-92F0-12ED-8B28-926B011788E4}" = CCC Help Spanish

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34D6DE28-4FD0-9CCA-CDB4-316F7B3B30B5}" = CCC Help Portuguese

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{5089AEEE-052D-B75F-0B92-7CF981403025}" = Catalyst Control Center Graphics Light

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning

"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min

"{54741B98-6335-43A1-C716-25B0A3C4016C}" = Catalyst Control Center Graphics Previews Common

"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5B94A120-16E7-6034-7494-22285B471EDE}" = CCC Help Hungarian

"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver

"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{67A5D171-4C74-4075-A492-0E480FA4B944}" = Brother BRAdmin Professional 2.49

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6E9D082B-F681-64AB-48B4-F3EC05D3A83F}" = CCC Help Chinese Traditional

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81CB0C83-5928-3387-AB23-10EC5F767FA8}" = CCC Help Turkish

"{846B1C55-76D0-0DA3-8C12-10596CBB15BD}" = CCC Help Italian

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{846D0802-8606-7452-85FF-A71EB1B8AD6D}" = Catalyst Control Center Localization All

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DCE118A-1F3C-B056-D2A8-F832523C357C}" = CCC Help English

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007

"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{968ECEB6-5476-4131-B5E0-41D01D621243}" = Sibelius Scorch (all browsers)

"{96B1A291-2654-4415-59B4-AC90D29C3E1E}" = Catalyst Control Center Core Implementation

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A968BD3-88AF-B4D0-CA9A-78F4EF9FA23B}" = CCC Help Chinese Standard

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C633BAC-9A34-4BFD-B311-787D37F3EAFB}" = Nuance PDF Viewer Plus

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A52D8A45-B3A1-0022-B096-A0033B03E01F}" = Catalyst Control Center Graphics Full Existing

"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)

"{AE3BFAC5-A07A-7845-C576-0CB832E4B0AD}" = Skins

"{B4ECB428-6A8D-8D53-4E76-1CEE7AC4BF32}" = CCC Help French

"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B76D6D09-16D6-DF95-F7D7-2565E88B88BA}" = Catalyst Control Center Graphics Previews Vista

"{BD3E0D67-D90D-3CA6-DE34-22B56D425136}" = CCC Help Japanese

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7820N

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1" = Sibelius Sounds Essentials for Sibelius 6

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F8B250A2-582A-6C80-108F-AA68E64A6F03}" = CCC Help Korean

"{F92679BF-CA1F-4DD3-8269-A40A9AD873B1}" = Google Apps Sync™ for Microsoft Outlook® 3.2.353.947

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FD040188-43B3-2C49-A8BF-5B0458031AED}" = ccc-core-static

"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Autodesk Design Review 2010" = Autodesk Design Review 2010

"avast" = avast! Internet Security

"ERUNT_is1" = ERUNT 1.1j

"FastBidX Plugin" = FastBidX Plugin (remove only)

"Google Chrome" = Google Chrome

"GPL Ghostscript 8.56" = GPL Ghostscript 8.56

"GPL Ghostscript Fonts" = GPL Ghostscript Fonts

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Neuratron AudioScore Lite" = Neuratron AudioScore Lite

"Neuratron PhotoScore Ultimate" = Neuratron PhotoScore Ultimate

"OUTLOOKR" = Microsoft Office Outlook 2007

"Revo Uninstaller" = Revo Uninstaller 1.94

"Sibelius 6_is1" = Sibelius 6.2.0.88

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 5.1.0.880

"QuickEye Combined" = QuickEye Estimator/Viewer

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/27/2011 5:28:38 PM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 10/27/2011 5:28:38 PM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 8:53:31 AM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 9:54:49 AM | Computer Name = BEquipment | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 10/28/2011 11:09:05 AM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 11:09:05 AM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 12:17:05 PM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 10/28/2011 12:17:05 PM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 11:08:22 AM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 12:32:12 PM | Computer Name = BEquipment | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]

Error - 5/6/2011 10:51:37 PM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 7:51:37 PM - Error connecting to the internet. 7:51:37 PM - Unable

to contact server..

Error - 5/6/2011 10:52:10 PM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 7:52:06 PM - Error connecting to the internet. 7:52:06 PM - Unable

to contact server..

Error - 5/6/2011 11:52:52 PM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 8:52:52 PM - Error connecting to the internet. 8:52:52 PM - Unable

to contact server..

Error - 5/6/2011 11:53:22 PM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 8:53:21 PM - Error connecting to the internet. 8:53:21 PM - Unable

to contact server..

Error - 5/7/2011 12:53:53 AM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 9:53:53 PM - Error connecting to the internet. 9:53:53 PM - Unable

to contact server..

Error - 5/7/2011 12:54:22 AM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 9:54:22 PM - Error connecting to the internet. 9:54:22 PM - Unable

to contact server..

Error - 5/7/2011 1:55:05 AM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 10:55:05 PM - Error connecting to the internet. 10:55:05 PM - Unable

to contact server..

Error - 11/20/2012 1:36:47 PM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 9:36:47 AM - Failed to retrieve MCEClientUX (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 12/1/2012 7:33:57 PM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 3:33:56 PM - Error connecting to the internet. 3:33:57 PM - Unable

to contact server..

Error - 12/1/2012 7:34:07 PM | Computer Name = BEquipment | Source = MCUpdate | ID = 0

Description = 3:34:02 PM - Error connecting to the internet. 3:34:02 PM - Unable

to contact server..

[ OSession Events ]

Error - 1/25/2010 3:19:55 PM | Computer Name = BEquipment | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17257

seconds with 2460 seconds of active time. This session ended with a crash.

Error - 1/25/2010 3:21:12 PM | Computer Name = BEquipment | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63

seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/3/2010 6:22:19 PM | Computer Name = BEquipment | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26424

seconds with 3660 seconds of active time. This session ended with a crash.

Error - 6/3/2010 6:24:19 PM | Computer Name = BEquipment | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 113

seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/28/2011 4:50:25 PM | Computer Name = BEquipment | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25333

seconds with 2280 seconds of active time. This session ended with a crash.

Error - 6/1/2011 7:44:31 PM | Computer Name = BEquipment | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 12

seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/30/2012 6:00:19 PM | Computer Name = BEquipment | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 178215

seconds with 10740 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 2/6/2013 12:18:50 PM | Computer Name = BEquipment | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD aswFW aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched PxHelp20 rdbss

RxFilter

spldr

tdx

Wanarpv6

WfpLwf

ws2ifsl

Error - 2/6/2013 2:12:29 PM | Computer Name = BEquipment | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 2/6/2013 2:13:10 PM | Computer Name = BEquipment | Source = Service Control Manager | ID = 7000

Description = The SessionLauncher service failed to start due to the following error:

%%2

Error - 2/6/2013 2:13:49 PM | Computer Name = BEquipment | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

PxHelp20 RxFilter

Error - 2/6/2013 4:03:25 PM | Computer Name = BEquipment | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 2/6/2013 4:03:37 PM | Computer Name = BEquipment | Source = Service Control Manager | ID = 7000

Description = The SessionLauncher service failed to start due to the following error:

%%2

Error - 2/6/2013 4:03:44 PM | Computer Name = BEquipment | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

PxHelp20 RxFilter

Error - 2/6/2013 4:07:24 PM | Computer Name = BEquipment | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 2/6/2013 4:07:36 PM | Computer Name = BEquipment | Source = Service Control Manager | ID = 7000

Description = The SessionLauncher service failed to start due to the following error:

%%2

Error - 2/6/2013 4:07:44 PM | Computer Name = BEquipment | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

PxHelp20 RxFilter

< End of report >

Link to post
Share on other sites

Run this script to delete that Temp folder.

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    rd /s /q C:\Users\B Equipment\AppData\Local\Temp\_MEI38642
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  10. Press Yes if prompted by User Account Control.

Link to post
Share on other sites

I ran fix.bat as administrator, browsed to the temp folder and found that the _MEI38642 was still there and was not empty. So I ran cmd as administrator to get an admin command prompt and cd'd to the desktop folder and ran a newly created copy of the bat file from there, so that I could see the output. See results below. I then cd'd to the temp folder and ran the remove command from the command line. Results also below.

C:\Users\B Equipment\Desktop>fix.bat

C:\Users\B Equipment\Desktop>rd /s /q C:\Users\B Equipment\AppData\Local\Temp\_MEI38642

The system cannot find the file specified.

The system cannot find the path specified.

C:\Users\B Equipment\Desktop>del /f /q "C:\Users\B Equipment\Desktop\Fix.bat"

The batch file cannot be found.

C:\Users\B Equipment\Desktop>cd ..

C:\Users\B Equipment>cd appdata

C:\Users\B Equipment\AppData>cd local

C:\Users\B Equipment\AppData\Local>cd temp

C:\Users\B Equipment\AppData\Local\Temp>dir

Volume in drive C is OS

Volume Serial Number is 3CCB-9E57

Directory of C:\Users\B Equipment\AppData\Local\Temp

02/06/2013 01:38 PM <DIR> .

02/06/2013 01:38 PM <DIR> ..

02/06/2013 12:08 PM 2,046 AdobeARM.log

01/01/2013 03:12 PM 16,291 AdwCleaner.jpg

02/05/2013 05:05 PM 21,780 Attach.txt

02/05/2013 05:05 PM 19,295 DDS.txt

01/01/2013 03:12 PM 4,158 Delete.ico

01/01/2013 03:12 PM 4,286 Donate.ico

02/06/2013 12:00 PM 1,748,992 dump.dat

11/12/2009 05:06 PM 0 FXSAPIDebugLogFile.txt

02/06/2013 12:08 PM 1,272 hpqddusr.log

02/05/2013 02:26 PM <DIR> Low

02/06/2013 11:56 AM 0 RK_Mtx

01/01/2013 03:12 PM 4,286 Search.ico

01/01/2013 03:12 PM 4,030 Uninstall.ico

02/06/2013 12:08 PM <DIR> WPDNSE

02/05/2013 02:25 PM <DIR> _avast_

02/06/2013 12:02 PM <DIR> _MEI29402

02/06/2013 12:08 PM <DIR> _MEI38642

02/06/2013 12:04 PM <DIR> _MEI42202

12 File(s) 1,826,436 bytes

8 Dir(s) 535,286,722,560 bytes free

C:\Users\B Equipment\AppData\Local\Temp>rd /s _MEI38642

_MEI38642, Are you sure (Y/N)? y

_MEI38642\pyexpat.pyd - Access is denied.

_MEI38642\pysqlite2._sqlite.pyd - Access is denied.

_MEI38642\python26.dll - Access is denied.

_MEI38642\pythoncom26.dll - Access is denied.

_MEI38642\PyWinTypes26.dll - Access is denied.

_MEI38642\select.pyd - Access is denied.

_MEI38642\unicodedata.pyd - Access is denied.

_MEI38642\win32api.pyd - Access is denied.

_MEI38642\win32com.shell.shell.pyd - Access is denied.

_MEI38642\win32crypt.pyd - Access is denied.

_MEI38642\win32event.pyd - Access is denied.

_MEI38642\win32file.pyd - Access is denied.

_MEI38642\win32inet.pyd - Access is denied.

_MEI38642\win32pdh.pyd - Access is denied.

_MEI38642\win32process.pyd - Access is denied.

_MEI38642\win32profile.pyd - Access is denied.

_MEI38642\win32security.pyd - Access is denied.

_MEI38642\win32ts.pyd - Access is denied.

_MEI38642\windows._cacheinvalidation.pyd - Access is denied.

_MEI38642\wx._controls_.pyd - Access is denied.

_MEI38642\wx._core_.pyd - Access is denied.

_MEI38642\wx._gdi_.pyd - Access is denied.

_MEI38642\wx._html2.pyd - Access is denied.

_MEI38642\wx._misc_.pyd - Access is denied.

_MEI38642\wx._windows_.pyd - Access is denied.

_MEI38642\wx._wizard.pyd - Access is denied.

_MEI38642\wxbase293u_net_vc.dll - Access is denied.

_MEI38642\wxbase293u_vc.dll - Access is denied.

_MEI38642\wxmsw293u_adv_vc.dll - Access is denied.

_MEI38642\wxmsw293u_core_vc.dll - Access is denied.

_MEI38642\wxmsw293u_html_vc.dll - Access is denied.

_MEI38642\wxmsw293u_webview_vc.dll - Access is denied.

_MEI38642\_ctypes.pyd - Access is denied.

_MEI38642\_elementtree.pyd - Access is denied.

_MEI38642\_hashlib.pyd - Access is denied.

_MEI38642\_socket.pyd - Access is denied.

_MEI38642\_ssl.pyd - Access is denied.

C:\Users\B Equipment\AppData\Local\Temp>

Link to post
Share on other sites

It would be easier to use Windows Explorer, do a right click on each of the folders, then "Take Ownership" of each, followed by a deletion of the folders. Looks like there are 3 of them

02/06/2013 12:02 PM <DIR> _MEI29402

02/06/2013 12:08 PM <DIR> _MEI38642

02/06/2013 12:04 PM <DIR> _MEI42202

That would be quicker (at least worth a try) before resorting to the hardware move.

Link to post
Share on other sites

So, after taking ownership of that folder, when I tried removing it, I got errors saying that the files were in use by Google Drive. I restarted in safe mode and was able to remove that folder, as well as the other two. After rebooting, a new, similarly named folder was created, presumably by Google Drive. I don't know if Combofix would flag the files in that new folder or not.

With regard to the xpsrchvw file that still is present in /windows/system32. All along, it has had the same time stamp and size as the one on my Windows 7 machine (7/13/2009 6:40 PM, 4,723 KB).

Link to post
Share on other sites

You may "attach" it if you have a file with it.

I would suggest you restart the system fresh, go to advanced boot options, and go to a Command prompt, and then retry SFC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt i_arrow-l.gif

Select Command Prompt

Now retry SFC

Link to post
Share on other sites

Here is that blue screen:

post-127562-0-17089100-1360251689.jpg

The sfc came back saying that

There is a system repair pending which requires a reboot to complete. Restart Windows and run sfc again.

I restarted windows in normal mode, then restarted again to Advanced Boot Options, Repair, Command prompt and ran sfc again. I got the same message again.

Link to post
Share on other sites

You should run a memory diagnostic to check out the integrity of RAM memory.

The earlier notes on system recovery/advanced boot options, show how to get to Windows Memory Diagnostic tool.

Please do that: run the Windows memory diagnostic tool.

You will likely also have to recheck any recent hardware changes or driver changes recently made, to insure that drivers are the correct versions.

Inquire the owner as to what was modified/changed/added recently.

The Stop code 0x0018 is rather obscure. ref http://msdn.microsoft.com/en-us/library/ms818851.aspx

http://support.microsoft.com/kb/957463

Link to post
Share on other sites

Memory diagnostics do find errors, but they're inconsistent. I also ran the Dell diagnostics and they locked up during a test of some other part of the system. Not sure what's going on. I gave the system back to him and he is planning to abandon it soon.

Thanks for all your help. I don't see a donate or support button for you. I would gladly do so if you point me in the right direction.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.