Jump to content

Programs freeze up constantly /f.lux flux.exe trojan


Recommended Posts

Hello,

Lately even the simplest programs on my computer have been freezing for long periods of time, and it happens constantly. I think I've gotten a virus somewhere and I would really appreciate an expert's help. I've attached my dds and attach documents from running the script.

Thanks!

Bryan

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2

Run by Bryan at 12:43:06 on 2013-04-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2386 [GMT -3:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Prey\platform\windows\cronsvc.exe

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\SafeConnect\scManager.sys

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\windows\system32\SearchIndexer.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\SafeConnect\scClient.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\svchost.exe -k SDRSVC

C:\windows\SysWOW64\NOTEPAD.EXE

C:\windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\SysWOW64\NOTEPAD.EXE

C:\windows\system32\taskeng.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

uRun: [Google Update] "C:\Users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [F.lux] "C:\Users\Bryan\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [Facebook Update] "C:\Users\Bryan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [iTunesHelper] "C:\Program Files\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjEzOTU2ODc3LVRCOSsyLUZMKzktUUlYMSs0LUYxME0xMEQrMi1YMjAxMCsyLUxJQysyMi1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrNDMxMDUtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOKzMtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisxLUYxME0xMkIrMQ"&"prod=90"&"ver=10.0.1411

StartupFolder: C:\Users\Bryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: HideFastUserSwitching = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{AD4DD475-242A-4473-A9CF-33C5F5265691} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{AD4DD475-242A-4473-A9CF-33C5F5265691}\2656C6B696E6E2261383 : DHCPNameServer = 192.168.3.1

TCP: Interfaces\{AD4DD475-242A-4473-A9CF-33C5F5265691}\46C696E6B6 : DHCPNameServer = 201.17.0.84 201.17.0.52 192.168.0.1

TCP: Interfaces\{AD4DD475-242A-4473-A9CF-33C5F5265691}\C65626C6F6E63707F647 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{AD4DD475-242A-4473-A9CF-33C5F5265691}\E4564767962747571673F513330373 : DHCPNameServer = 201.17.0.84 201.17.0.52

TCP: Interfaces\{AD4DD475-242A-4473-A9CF-33C5F5265691}\E656476796274757160373 : DHCPNameServer = 201.17.0.84 201.17.0.52

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll

x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Mozilla Plugins\npitunes.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Bryan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Bryan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Bryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Bryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Bryan\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2010-08-19 18:41; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-4-19 28480]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-11-8 307040]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]

R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-8-24 384352]

R1 ElRawDisk;ElRawDisk;C:\windows\System32\drivers\dddskx64.sys [2011-1-22 26024]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-5-18 13824]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]

R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]

R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2009-11-2 13784]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-10 479224]

R3 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]

R3 AVGIDSFilter;AVGIDSFilter;C:\windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-5-18 158976]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 acsock;acsock;C:\windows\System32\drivers\acsock64.sys [2012-12-10 112080]

S3 epmntdrv;epmntdrv;C:\windows\System32\epmntdrv.sys [2012-10-16 16776]

S3 EuGdiDrv;EuGdiDrv;C:\windows\System32\EuGdiDrv.sys [2012-10-16 9096]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2010-5-18 61280]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]

S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2012-9-28 31800]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-20 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== Created Last 30 ================

.

2013-04-11 03:32:36 44032 ----a-w- C:\windows\System32\tsgqec.dll

2013-04-11 03:32:36 3717632 ----a-w- C:\windows\System32\mstscax.dll

2013-04-11 03:32:36 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll

2013-04-11 03:32:36 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll

2013-04-11 03:32:36 158720 ----a-w- C:\windows\System32\aaclient.dll

2013-04-11 03:32:36 131584 ----a-w- C:\windows\SysWow64\aaclient.dll

2013-04-10 14:40:55 -------- d-----w- C:\619f9c967b800a333c17

2013-04-10 02:15:09 1655656 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-04-10 02:15:08 3153408 ----a-w- C:\windows\System32\win32k.sys

2013-04-10 02:09:47 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys

2013-04-10 02:09:46 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-04-10 02:09:46 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-04-10 02:09:45 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-04-10 02:09:45 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-04-10 02:09:45 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 02:09:45 112640 ----a-w- C:\windows\System32\smss.exe

2013-04-01 09:00:14 -------- d-----w- C:\Program Files\Mozilla Plugins

2013-04-01 09:00:14 -------- d-----w- C:\Program Files\iTunesHelper.Resources

2013-04-01 09:00:00 -------- d-----w- C:\Program Files\iTunes.Resources

2013-04-01 08:59:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-04-01 08:59:59 -------- d-----w- C:\Program Files\iTunes

2013-04-01 08:59:59 -------- d-----w- C:\Program Files\iPod

2013-04-01 08:59:59 -------- d-----w- C:\Program Files\CD Configuration

2013-04-01 08:26:22 163088 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10143.bin

2013-03-28 18:56:33 -------- d-----w- C:\Program Files (x86)\Cisco

2013-03-23 00:51:01 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys

.

==================== Find3M ====================

.

2013-04-12 15:45:10 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat

2013-03-13 02:06:48 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 02:06:48 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-03-08 17:44:41 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-08 17:44:41 861088 ----a-w- C:\windows\SysWow64\npdeployJava1.dll

2013-03-08 17:44:41 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-03-02 05:56:00 1188864 ----a-w- C:\windows\System32\wininet.dll

2013-03-02 04:58:26 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2013-03-02 03:57:05 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2013-03-02 03:22:06 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-02-20 16:16:00 112968 ----a-w- C:\Program Files\ITDetector.ocx

2013-02-20 15:35:30 293192 ----a-w- C:\Program Files\iTunesOutlookAddIn.dll

2013-02-20 15:35:28 152392 ----a-w- C:\Program Files\iTunesHelper.exe

2013-02-20 15:35:26 412488 ----a-w- C:\Program Files\iTunesAdmin.dll

2013-02-20 15:35:26 148808 ----a-w- C:\Program Files\iTunesHelper.dll

2013-02-20 15:35:24 9789256 ----a-w- C:\Program Files\iTunes.exe

2013-02-20 15:35:08 22970184 ----a-w- C:\Program Files\iTunes.dll

2013-02-20 15:35:04 782688 ----a-w- C:\Program Files\gnsdk_sdkmanager.dll

2013-02-20 15:35:04 3015008 ----a-w- C:\Program Files\gnsdk_dsp.dll

2013-02-20 15:35:04 269152 ----a-w- C:\Program Files\gnsdk_submit.dll

2013-02-20 15:35:04 226144 ----a-w- C:\Program Files\gnsdk_musicid.dll

2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

.

============= FINISH: 12:47:06.64 ===============</orphaned></orphaned></orphaned></orphaned></orphaned>

attach.txt

Link to post
Share on other sites

Hello Bryan and welcome to MalwareBytes forums.

Please follow my guidance and do not run any other tools on your own. Also, do not use Quote or Code blocks for any report you post.

Just do a simple Copy & Paste. That way it is cleaner & easier for me to read.

Do not use the attach option for posting your logs, unless a particular report is way too huge to fit.

You may put each report in a separate reply.

Please start with the following, doing as much as you can.

Your logs showed some peer-to-peer filesharing apps: uTorrent Uninstall it & confirm having done that in your reply.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Task 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Task 3

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Task 4

Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or

>> from here <<

  • Quit all programs that you may have started.
  • Please disconnect any USB or external storage drives from the computer before you run this scan!
  • For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Edited by Maurice Naggar
modification
Link to post
Share on other sites

Hi Maurice, thank you so much for your reply.

1) I have removed uTorrent from my computer

2) RKill.txt:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/12/2013 11:40:53 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Bryan\Local Settings\Apps\F.lux\flux.exe (PID: 3404) [uP-HEUR]

* C:\Program Files\iTunesHelper.exe (PID: 4176) [P-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 04/12/2013 11:41:11 AM

Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

Link to post
Share on other sites

3) The "Fix" button was not enabled after the scan with aswMBR

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-13 11:19:50

-----------------------------

11:19:50.296 OS Version: Windows x64 6.1.7601 Service Pack 1

11:19:50.296 Number of processors: 4 586 0x2505

11:19:50.298 ComputerName: PC UserName:

11:19:51.092 Initialize success

11:20:24.952 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:20:24.956 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3

11:20:25.100 Disk 0 MBR read successfully

11:20:25.104 Disk 0 MBR scan

11:20:25.108 Disk 0 unknown MBR code

11:20:25.121 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048

11:20:25.136 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328

11:20:25.141 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 327685 MB offset 31664128

11:20:25.147 Disk 0 Partition - 00 0F Extended LBA 133792 MB offset 702763487

11:20:25.181 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 37787 MB offset 702763489

11:20:25.187 Disk 0 Partition - 00 05 Extended 40849 MB offset 885012480

11:20:25.222 Disk 0 Partition 5 00 83 Linux 40848 MB offset 885014528

11:20:25.229 Disk 0 Partition - 00 05 Extended 3954 MB offset 1150920298

11:20:25.254 Disk 0 Partition 6 00 82 Linux swap 3954 MB offset 968673280

11:20:25.310 Disk 0 scanning C:\windows\system32\drivers

11:20:33.016 Service scanning

11:20:47.494 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32

11:20:51.651 Modules scanning

11:20:51.662 Scan finished successfully

11:22:17.718 Disk 0 MBR has been saved successfully to "C:\Users\Bryan\Desktop\MBR.dat"

11:22:17.726 The log file has been saved successfully to "C:\Users\Bryan\Desktop\aswMBR.txt"

Link to post
Share on other sites

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Bryan [Admin rights]

Mode : Scan -- Date : 04/13/2013 11:25:54

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[TASK][sUSP PATH] At1.job : C:\Users\Bryan\AppData\Local\Temp\bpvou.exe [x] -> FOUND

[TASK][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND

[TASK][sUSP PATH] At1 : C:\Users\Bryan\AppData\Local\Temp\bpvou.exe [x] -> FOUND

[TASK][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++

--- User ---

[MBR] b917a1c2065f53c93b0a6b519d2f6444

[bSP] 82bfb43633d059542f9ed56ee83e6037 : Linux MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 327685 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 702763487 | Size: 133792 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04132013_02d1125.txt >>

RKreport[1]_S_04132013_02d1125.txt

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member baweaver only. If you are a casual viewer, do NOT try this on your system!

If you are not baweaver and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [TASK][sUSP PATH] At1.job : C:\Users\Bryan\AppData\Local\Temp\bpvou.exe [x] -> FOUND
    [TASK][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND
    [TASK][sUSP PATH] At1 : C:\Users\Bryan\AppData\Local\Temp\bpvou.exe [x] -> FOUND
    [TASK][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND

  • Then click on Delete on the right hand column under Options.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Task 2

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Bryan [Admin rights]

Mode : Remove -- Date : 04/13/2013 12:15:34

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[TASK][sUSP PATH] At1.job : C:\Users\Bryan\AppData\Local\Temp\bpvou.exe [x] -> DELETED

[TASK][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> DELETED

[TASK][sUSP PATH] At1 : C:\Users\Bryan\AppData\Local\Temp\bpvou.exe [x] -> DELETED

[TASK][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> DELETED

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++

--- User ---

[MBR] b917a1c2065f53c93b0a6b519d2f6444

[bSP] 82bfb43633d059542f9ed56ee83e6037 : Linux MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 327685 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 702763487 | Size: 133792 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_04132013_02d1215.txt >>

RKreport[1]_S_04132013_02d1125.txt ; RKreport[2]_S_04132013_02d1212.txt ; RKreport[3]_D_04132013_02d1215.txt

Link to post
Share on other sites

The combofix screen got to "Completed stage 50" and stayed there for a while before my computer suddenly restarted. When it rebooted I got the "Windows did not restart properly" screen. There is a C:\ComboFix but it is not a .txt file, it's a file folder that "Shows the disk drives and hardware connected to this computer." When I click it, it brings me to the same screen as if I had clicked on My Computer. This happened yesterday when I tried to run MalwareBytes full system scan while in Safe Mode--it almost reached the end of the scan when I suddenly got the "blue screen of death" (I don't remember exactly what it said) and my computer suddenly restarted.

Firefox still stops responding very often, for periods of around 5 - 30 seconds, so there doesn't seem to be a marked difference yet.

I'll refrain from trying anything else until I see what you think about this. Thanks again for all of your help!

Link to post
Share on other sites

Logoff and Restart the system, fresh.

Then wait for Windows to fully load, and for the Taskbar to show normally.

Then look for C:\combifx.txt if found, Copy and Paste

Do this too, in any event:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the otlDesktopIcon.png icon (for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

There's still no combofix.txt after restarting--still just the file folder named ComboFix that I mentioned in my last reply.

OTL logfile created on: 4/13/2013 2:33:50 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bryan\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 64.51% Memory free

7.73 Gb Paging File | 6.09 Gb Available in Paging File | 78.86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 320.01 Gb Total Space | 99.69 Gb Free Space | 31.15% Space Free | Partition Type: NTFS

Drive D: | 36.90 Gb Total Space | 8.23 Gb Free Space | 22.30% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Bryan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 14:26:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bryan\Desktop\OTL.exe

PRC - [2013/02/20 12:35:28 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe

PRC - [2013/02/05 21:36:48 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

PRC - [2012/12/18 11:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/10 10:09:21 | 000,527,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

PRC - [2012/12/10 10:09:07 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

PRC - [2012/12/05 21:24:00 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

PRC - [2012/12/04 12:31:46 | 000,298,888 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe

PRC - [2012/12/04 12:31:45 | 000,176,520 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys

PRC - [2012/11/19 19:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012/02/14 05:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/09/01 22:04:31 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2011/02/15 13:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe

PRC - [2010/11/20 09:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2010/05/07 02:10:44 | 000,846,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2010/05/06 03:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2010/02/10 11:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2010/01/18 23:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2009/08/29 03:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Bryan\Local Settings\Apps\F.lux\flux.exe

PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

PRC - [2007/03/29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/05 21:24:00 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MOD - [2011/09/27 09:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 09:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/08/29 03:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Bryan\Local Settings\Apps\F.lux\flux.exe

MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

MOD - [2006/08/12 00:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/04/11 21:03:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/03/12 23:06:49 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/18 11:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/10 10:09:07 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2012/12/04 12:31:45 | 000,176,520 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)

SRV - [2012/11/02 05:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/02/14 05:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/03/22 19:37:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/02/15 13:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)

SRV - [2010/10/22 15:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/12/10 10:02:24 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2012/12/10 10:00:50 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)

DRV:64bit: - [2012/12/10 05:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2012/11/08 05:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/08/24 16:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/08/21 15:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/04/19 05:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/31 05:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/12/23 14:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/12/23 14:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/15 13:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/18 21:59:59 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/03/30 21:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)

DRV:64bit: - [2010/03/03 07:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/26 21:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/26 15:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/12/30 12:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/12/14 17:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/11/12 17:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/09/28 06:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/08/05 11:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 17:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/12 17:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dddskx64.sys -- (ElRawDisk)

DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2010/06/18 09:40:44 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn

IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledAddons: printpdf%40pavlov.net:0.76

FF - prefs.js..extensions.enabledAddons: pt-BR%40dellalibera.sf.net:2.1.1-2.0

FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8

FF - prefs.js..extensions.enabledAddons: %7BF53C93F1-07D5-430c-86D4-C9531B27DFAF%7D:12.0.0.2189

FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5

FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bryan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bryan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bryan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/19 18:41:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/03/05 19:13:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 14:28:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 21:03:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/11 21:03:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011/10/17 01:09:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/09/12 20:40:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/19 18:41:48 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 21:03:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/11 21:03:02 | 000,000,000 | ---D | M]

[2011/10/17 01:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Extensions

[2011/10/17 01:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}

[2013/02/14 22:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\extensions

[2012/08/01 23:32:09 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}

[2011/02/26 17:45:25 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\extensions\printpdf@pavlov.net

[2012/06/13 11:02:07 | 000,000,000 | ---D | M] (Verificador Ortográfico para Português do Brasil.) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\extensions\pt-BR@dellalibera.sf.net

[2011/10/17 01:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Sunbird\Profiles\okikxv6w.default\extensions

[2012/12/19 18:31:01 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi

[2012/12/29 20:03:42 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi

[2013/02/14 22:27:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\armf3537.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/04/11 21:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/04/11 21:03:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/04/11 21:03:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/07/02 14:28:59 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK

[2013/04/11 21:03:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\np32asw.dll

[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\np32asw.dll

[2011/03/21 09:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll

[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/08/30 01:02:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/02/20 14:38:41 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll

CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npdjvu.dll

CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Honey = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\2.0.1.0_0\

CHR - Extension: SmoothScroll = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\0.5_1\

CHR - Extension: Google Search = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Flip this = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\donljlliiecjcagcenoeohjmabfegkph\0.2.15_0\

CHR - Extension: AVG Safe Search = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\

CHR - Extension: Skype Click to Call = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

CHR - Extension: Ti\u00EBsto = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\

CHR - Extension: AVG Do Not Track = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\

CHR - Extension: Gmail = C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe File not found

O4 - HKCU..\Run: [F.lux] C:\Users\Bryan\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKCU..\Run: [Facebook Update] C:\Users\Bryan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [iSUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: ufl.edu ([weblab.warrington] http in Trusted sites)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD4DD475-242A-4473-A9CF-33C5F5265691}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 14:26:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bryan\Desktop\OTL.exe

[2013/04/13 13:31:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/04/13 12:21:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/04/13 12:21:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/04/13 12:21:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/04/13 12:21:11 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/04/13 12:21:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/04/13 12:20:51 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/04/13 12:17:30 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\Bryan\Desktop\ComboFix.exe

[2013/04/13 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Bryan\Desktop\RK_Quarantine

[2013/04/13 11:17:41 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Bryan\Desktop\aswMBR.exe

[2013/04/12 12:38:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Bryan\Desktop\dds.scr

[2013/04/12 11:36:19 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bryan\Desktop\HijackThis.exe

[2013/04/11 23:58:53 | 000,000,000 | ---D | C] -- C:\Users\Bryan\Desktop\rkill

[2013/04/11 23:58:24 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Bryan\Desktop\rkill.exe

[2013/04/11 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/04/11 00:32:36 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll

[2013/04/11 00:32:36 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll

[2013/04/11 00:32:36 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll

[2013/04/11 00:32:36 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll

[2013/04/11 00:32:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll

[2013/04/11 00:32:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll

[2013/04/10 11:40:55 | 000,000,000 | ---D | C] -- C:\619f9c967b800a333c17

[2013/04/09 23:14:11 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/04/09 23:14:10 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2013/04/09 23:14:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2013/04/09 23:14:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2013/04/09 23:14:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2013/04/09 23:14:10 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2013/04/09 23:14:10 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2013/04/09 23:09:46 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2013/04/09 23:09:46 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2013/04/09 23:09:45 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2013/04/09 23:09:45 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe

[2013/04/09 23:09:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll

[2013/04/09 23:09:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll

[2013/04/09 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/04/01 06:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/04/01 06:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Plugins

[2013/04/01 06:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunesHelper.Resources

[2013/04/01 06:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes.Resources

[2013/04/01 05:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/04/01 05:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/04/01 05:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\CD Configuration

[2013/04/01 05:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/03/28 15:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

[2013/03/28 15:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2013/03/22 21:51:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys

[2013/02/20 13:16:00 | 000,112,968 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx

[2013/02/20 12:35:30 | 000,293,192 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll

[2013/02/20 12:35:28 | 000,152,392 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe

[2013/02/20 12:35:26 | 000,412,488 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll

[2013/02/20 12:35:26 | 000,148,808 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll

[2013/02/20 12:35:24 | 009,789,256 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe

[2013/02/20 12:35:08 | 022,970,184 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll

[2013/02/20 12:35:04 | 003,015,008 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll

[2013/02/20 12:35:04 | 000,782,688 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll

[2013/02/20 12:35:04 | 000,269,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll

[2013/02/20 12:35:04 | 000,226,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll

========== Files - Modified Within 30 Days ==========

[2013/04/13 14:41:01 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/13 14:40:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-114453956-2636402065-546677835-1000UA.job

[2013/04/13 14:33:00 | 000,000,029 | ---- | M] () -- C:\windows\SysWow64\TempWmicBatchFile.bat

[2013/04/13 14:26:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bryan\Desktop\OTL.exe

[2013/04/13 14:23:27 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/13 14:23:27 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/13 14:13:38 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/13 14:13:08 | 000,000,376 | ---- | M] () -- C:\windows\tasks\RNUpgradeHelperLogonPrompt_Bryan.job

[2013/04/13 14:12:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/04/13 14:12:34 | 4148,752,384 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/13 13:52:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/04/13 13:47:07 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-114453956-2636402065-546677835-1000UA.job

[2013/04/13 12:40:09 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-114453956-2636402065-546677835-1000Core.job

[2013/04/13 12:19:49 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\Bryan\Desktop\ComboFix.exe

[2013/04/13 11:23:52 | 000,816,128 | ---- | M] () -- C:\Users\Bryan\Desktop\RogueKiller.exe

[2013/04/13 11:22:17 | 000,000,512 | ---- | M] () -- C:\Users\Bryan\Desktop\MBR.dat

[2013/04/13 11:19:05 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Bryan\Desktop\aswMBR.exe

[2013/04/13 11:11:45 | 117,280,020 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm

[2013/04/12 19:47:26 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-114453956-2636402065-546677835-1000Core.job

[2013/04/12 18:41:59 | 000,535,028 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm

[2013/04/12 12:38:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Bryan\Desktop\dds.scr

[2013/04/12 11:36:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bryan\Desktop\HijackThis.exe

[2013/04/12 09:02:00 | 958,853,877 | ---- | M] () -- C:\windows\MEMORY.DMP

[2013/04/11 23:58:32 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Bryan\Desktop\rkill.exe

[2013/04/11 21:39:54 | 000,002,044 | ---- | M] () -- C:\Users\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/04/10 01:24:10 | 005,132,112 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/04/08 18:27:14 | 003,201,564 | ---- | M] () -- C:\Users\Bryan\Desktop\skidmore.1.pdf

[2013/04/08 09:48:01 | 000,000,370 | ---- | M] () -- C:\windows\tasks\ReclaimerUpdateFiles_Bryan.job

[2013/04/07 03:45:00 | 000,000,366 | ---- | M] () -- C:\windows\tasks\ReclaimerUpdateXML_Bryan.job

[2013/04/01 05:29:10 | 000,872,878 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/04/01 05:29:10 | 000,726,718 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/04/01 05:29:10 | 000,146,704 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/03/28 07:20:19 | 003,053,559 | ---- | M] () -- C:\Users\Bryan\Desktop\038.JPG

[2013/03/24 17:26:28 | 000,001,374 | ---- | M] () -- C:\windows\SysWow64\bash.exe.stackdump

[2013/03/19 03:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2013/03/19 02:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll

[2013/03/19 02:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2013/03/19 02:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2013/03/19 01:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll

[2013/03/19 00:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe

[2013/03/16 22:20:37 | 003,916,340 | ---- | M] () -- C:\Users\Bryan\Desktop\IMG_0008.JPG

========== Files Created - No Company Name ==========

[2013/04/13 12:21:15 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/04/13 12:21:15 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/04/13 12:21:15 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/04/13 12:21:15 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/04/13 12:21:15 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/04/13 11:23:52 | 000,816,128 | ---- | C] () -- C:\Users\Bryan\Desktop\RogueKiller.exe

[2013/04/13 11:22:17 | 000,000,512 | ---- | C] () -- C:\Users\Bryan\Desktop\MBR.dat

[2013/04/12 09:01:59 | 958,853,877 | ---- | C] () -- C:\windows\MEMORY.DMP

[2013/04/08 18:26:34 | 003,201,564 | ---- | C] () -- C:\Users\Bryan\Desktop\skidmore.1.pdf

[2013/04/03 14:25:07 | 003,053,559 | ---- | C] () -- C:\Users\Bryan\Desktop\038.JPG

[2013/03/25 23:57:01 | 000,000,376 | ---- | C] () -- C:\windows\tasks\RNUpgradeHelperLogonPrompt_Bryan.job

[2013/03/25 23:57:00 | 000,000,370 | ---- | C] () -- C:\windows\tasks\ReclaimerUpdateFiles_Bryan.job

[2013/03/25 23:57:00 | 000,000,366 | ---- | C] () -- C:\windows\tasks\ReclaimerUpdateXML_Bryan.job

[2013/03/16 22:20:13 | 003,916,340 | ---- | C] () -- C:\Users\Bryan\Desktop\IMG_0008.JPG

[2013/02/20 13:15:56 | 000,122,375 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf

[2012/12/14 14:47:08 | 000,002,301 | ---- | C] () -- C:\Users\Bryan\AppData\Roaming\com.living-e.timeEdition.plist

[2012/12/12 13:01:33 | 000,027,520 | ---- | C] () -- C:\Users\Bryan\AppData\Local\dt.dat

[2012/10/22 21:01:25 | 000,000,212 | ---- | C] () -- C:\Users\Bryan\commutators.m

[2012/10/16 02:23:09 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll

[2012/10/16 02:23:08 | 002,468,520 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe

[2012/10/16 02:23:08 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe

[2012/10/16 02:23:08 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys

[2012/10/16 02:23:08 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys

[2012/09/25 15:50:16 | 000,000,868 | ---- | C] () -- C:\Users\Bryan\expo.dat

[2012/09/09 15:56:16 | 000,000,403 | ---- | C] () -- C:\Users\Bryan\.octave_hist

[2012/08/31 01:35:34 | 000,000,614 | ---- | C] () -- C:\Users\Bryan\minerva_C_ACLiC_dict.def

[2012/07/25 13:27:55 | 000,003,317 | ---- | C] () -- C:\Users\Bryan\.root_hist

[2012/02/08 00:39:24 | 000,005,632 | ---- | C] () -- C:\Users\Bryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/15 02:25:45 | 000,001,374 | ---- | C] () -- C:\windows\SysWow64\bash.exe.stackdump

[2011/10/23 15:36:58 | 000,000,065 | ---- | C] () -- C:\windows\minitab.ini

[2010/08/13 21:29:36 | 000,001,010 | ---- | C] () -- C:\Users\Bryan\AppData\Local\cralbart.config

[2010/07/20 13:14:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/04 04:33:52 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\.anki

[2012/12/28 03:03:44 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\Audacity

[2010/10/17 04:01:59 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\AVG10

[2011/11/30 17:33:17 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\AVG2012

[2013/02/05 14:59:01 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\benibela

[2011/06/26 23:21:34 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\Blackbird

[2010/07/18 22:14:34 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\DAEMON Tools Lite

[2010/08/18 21:56:27 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\dBpoweramp

[2012/06/11 15:11:45 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\Dropbox

[2011/11/08 01:47:07 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\Foxit Software

[2012/12/01 13:16:30 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\Mp3tag

[2012/08/23 18:41:03 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\Notepad++

[2011/10/23 23:01:11 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\ooVoo Details

[2010/08/15 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\SoftGrid Client

[2012/09/12 20:40:11 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\Thunderbird

[2012/12/14 14:47:07 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\timeEdition

[2012/05/17 02:48:20 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\TP

[2013/04/13 11:12:11 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 4/13/2013 2:33:50 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bryan\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 64.51% Memory free

7.73 Gb Paging File | 6.09 Gb Available in Paging File | 78.86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 320.01 Gb Total Space | 99.69 Gb Free Space | 31.15% Space Free | Partition Type: NTFS

Drive D: | 36.90 Gb Total Space | 8.23 Gb Free Space | 22.30% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Bryan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07826117-8CAF-4AA6-BAF4-BE7FBC623A63}" = lport=138 | protocol=17 | dir=in | app=system |

"{0BF8E029-63FB-473C-8C6A-45AC9147BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{151B0D3C-EAE2-4C95-A8B2-76479B3705E8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1CA1D975-9CDA-4B70-8D94-6D2BA206E145}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1CB1B569-1DD2-46F4-AB66-92602490782D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{225A95F5-081E-42F2-96C2-7794996444CE}" = rport=137 | protocol=17 | dir=out | app=system |

"{494426B0-462B-4DBC-97E6-9864A8C43F4B}" = rport=445 | protocol=6 | dir=out | app=system |

"{4B2A4F5B-1D12-40C8-AA92-D9CE1F1E1E43}" = lport=10243 | protocol=6 | dir=in | app=system |

"{54A764A9-628B-4A59-A209-CFF9EF376785}" = lport=139 | protocol=6 | dir=in | app=system |

"{61058989-73C0-4C95-8A9A-3CAEF0D368FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6D7F1B5A-F009-4101-A214-4B542B82A43F}" = lport=445 | protocol=6 | dir=in | app=system |

"{6F6E6018-D97F-4744-B1E4-0FF4951FA621}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{75028C31-C5AD-4361-95E5-8E21E9A67F66}" = rport=138 | protocol=17 | dir=out | app=system |

"{9B958C46-5301-4ABF-B484-E52B2EFEB76C}" = rport=10243 | protocol=6 | dir=out | app=system |

"{9DAC7D9F-E5FB-455E-8605-5A1687C62405}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{9F1E8C26-825B-47C1-87F8-F5ECDCF4FB00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AB29D45A-8C0F-4FDD-A354-DAB3205DF1F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B4950CDF-948B-44B7-A8EC-6242651E4370}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C234CC46-8739-44C1-BC96-25CD61C962A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CAC2561D-4C71-4F98-95F5-84146DE7836E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D8A12424-959C-408B-9FD5-D59A565E2E3B}" = lport=137 | protocol=17 | dir=in | app=system |

"{EC38626C-6623-461F-A4F9-CA5D1782066E}" = rport=139 | protocol=6 | dir=out | app=system |

"{F2EAE1BC-DBC0-4F97-85F1-59530DEF80B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F6D9DB55-95FB-4BF0-A65F-CF7B7A178D76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F91C54C6-5953-4151-B65E-158D29087A68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FF03DD32-796B-43FC-A480-F48D710BC196}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02C32D84-B559-4CC6-BE31-8DF3DDC240BB}" = protocol=17 | dir=in | app=c:\users\bryan\appdata\roaming\dropbox\bin\dropbox.exe |

"{0369D3D2-7293-45DE-BB87-4E9C6046C285}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0C9164D3-C0FF-4D92-BE37-2F2399810DF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{0DE321E0-0C20-43AB-AF45-49788D19B31D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{10F324C6-964A-4C0E-B4DD-46AF21801151}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{12AFB0F2-26FE-4292-9325-717406586EF2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{1379918C-9B05-4A6B-99B4-EC43BE241CB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{14152755-A84F-424B-ADAE-6D8EB63C96E9}" = protocol=6 | dir=in | app=c:\users\bryan\appdata\roaming\dropbox\bin\dropbox.exe |

"{152C03AF-8912-40F3-BAB5-268B7DDD5969}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{1531B3B3-7841-4526-A723-A10AB1C5FF25}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{17A4BF18-5CD4-4098-B9DF-D30FFD627E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{1CBAAAD3-12F4-4051-975B-A5A7959E0E7F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{1E905598-174B-4A02-B529-40A3FA8EC34B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{23BA72D0-72D8-49F4-BF11-9B8652AFF81E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{279597A4-C532-4D03-873C-E97C12867C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{28652AB3-2793-43D9-A777-776BEDA9A1EF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{2A8C84CF-7E4C-46B8-9F7A-7BEFA2400952}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2EADACD5-2C5E-4E74-A042-97A3BE150669}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{32C7A0B6-EF83-4A67-8C25-C76F059C3972}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{3F13BDD1-3FB7-4B21-9139-E222CA300ED5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3F1CD5FC-AACB-4C04-9F18-D4DB0FA15988}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

"{40E3410F-0136-418D-89AD-36A18AE6E9CA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

"{41DE78E5-1C1F-4C01-ADF4-C4433D284507}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{42AB1761-DF6E-4A0A-8FD5-38864F5D9426}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{443F48CF-766B-4983-AD8A-10C4866D1914}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{4836D703-E08E-46B6-9CAC-AF643604F236}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{4D4D3B23-F471-4C3C-A048-8B62B1D37B24}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{4EA54074-0B66-49EB-B796-BCBB3ABE7845}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{55F1CCA5-E9EF-4854-8958-C74F92ABD215}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5601E7B1-28ED-4321-A5E7-3D96EAFAD0FC}" = protocol=17 | dir=in | app=c:\users\bryan\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{588CB809-279A-409A-87D6-E746C04ECAA9}" = dir=in | app=e:\setup\hpznui40.exe |

"{5950D67E-4ED6-4AEC-BE57-57F07D97DC9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5E34B048-F852-40D4-99E0-61891D5E965F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{615984E7-2345-4B49-BC4F-BEEFBD2734EA}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{671B5708-E630-429F-BA07-4DC150337B9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{6926C9E2-7C6D-456E-883F-34DA0CC1F04F}" = dir=in | app=c:\program files\itunes.exe |

"{6C1D8335-A6EB-40E5-AF4F-B6BEF57466CA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{6EF73D48-363B-4012-909F-BBEEFD3727AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{70105257-DB3A-4F6C-819A-37A670EE3819}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{7200956F-A980-463D-A39A-1AE3CF2D82F9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{73244364-2351-4104-A888-33AEF4AA24F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{78E84EA7-15E2-4DCF-9700-92883A7E047D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{7B7050F6-52CA-4871-806A-A1945ABC2F50}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7EA3C5E7-10A7-4131-B276-6878FAEA8B2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{8588B438-3C84-4211-83F3-601D2879F0AC}" = protocol=17 | dir=in | app=c:\users\bryan\appdata\roaming\dropbox\bin\dropbox.exe |

"{8820B115-FF84-43E4-A569-BB45F8FE5EF2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{883E2C9A-2BE3-425F-A534-D79D4B21B485}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{89F1B072-5416-4403-902B-31308B292250}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{8C9DF8C4-F3B1-4760-B865-E2470F8FC4C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{911838A3-8BBB-4EC2-A4F6-8F547ED3DF6A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{927E1E91-8C8B-4714-8247-02135E170DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{962F4834-EA7B-458B-837A-22F7093A9CA0}" = dir=in | app=c:\users\bryan\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{987A931A-7EBE-41FB-A103-BC0628623613}" = protocol=6 | dir=in | app=c:\users\bryan\appdata\roaming\dropbox\bin\dropbox.exe |

"{9B16BB39-B247-47C9-90D8-10836BF6F74C}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"{9B34EDB5-BC5E-4011-8091-016FE75BA6B8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

"{9C160D33-EC87-40AB-8642-DF115C6FA82D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9F21CC9D-0FB2-4D82-974E-B5DE865C8CDB}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |

"{A5E9266D-DD9E-4F7A-8608-B10DDA9BB5C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A943EBDB-BFEF-48B4-8121-D28FFFA71B39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AABFC7DE-390D-4CEE-9722-CE9585E9DFFA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{AE7D1538-BE7E-4FA1-A2B3-0AD11C985001}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

"{B251A325-7DAE-4C10-A221-1A7B385BE44E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{B47645D7-C9FE-4502-9553-A84977986587}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B4A42F63-40E8-4DDF-92DA-07FF4FB0D779}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B8557D55-E4E6-490C-9A95-A19A0CE54A41}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B90A3124-6E3C-41BF-BBFA-5C7C2D8697C6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"{BE4AAF22-864F-4D91-AECC-D4ABFECD9A99}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{C005D657-346F-41F1-9486-1CC4AEC77D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{C11985CD-1BF8-4002-A618-1363D5A13E95}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C1D0641A-D970-411D-A22B-19DD7A583358}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{C1D1C28A-08BB-4A06-AB3E-BA7CB9BFA616}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |

"{C4DBE101-F1F9-49A0-99BE-741EF3DC7BF9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

"{C56992CC-FBCF-4CB0-9416-EE059735DE0A}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{CC2C6134-7050-492F-91DA-DAD09D41DE3D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{CCADA315-18D6-489C-A6E5-4BD9888F8089}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{D0D36D64-E94B-49F9-B50A-899481BFB767}" = protocol=6 | dir=out | app=system |

"{D163752E-5642-48CD-A708-66ADB92802D3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{D16A4E8D-268B-476D-98F0-5CCDE751DEB8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{D1D140FE-E767-41E3-ABA5-2878E37F2BEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D3F7A62E-ABA5-43A4-9292-7295FF5FEDE6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{D6A93C01-75E8-4DF4-A7DC-BE22C43D7970}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{D95C8EB9-BF1C-4454-86E5-8D46B9F1946B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{DFF78D15-43EB-4DED-8BAF-1EF9FB222CDA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{E2758B6C-A13F-4797-A382-4023235F7A2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E42EDCC6-937A-4D54-B58E-E4781ED6285A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{EA317C2E-32D0-491E-8712-F9216918A725}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{EA8924D9-8D73-45F9-ADDB-4EA9DB2415A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{EB00F7FC-14FB-45BA-B813-9F2938A68D1E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EB5811C9-019E-411F-ACBF-F5BEEC0FE5CF}" = protocol=6 | dir=in | app=c:\users\bryan\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{EF1A4933-35F6-49D8-B6AC-2580700ADD1B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

"{F515915A-0F25-40BB-8047-D1524A3A6934}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{F6FAD351-9571-405C-8B93-0A9A4BB0A0BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{FEC11350-6D90-4405-B3FE-80708F8EC0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"TCP Query User{0D511D10-2DBE-4C7E-83C6-83B1A2825F88}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"TCP Query User{134F7573-6027-4B4C-9782-BCA5C19FA468}C:\cygwin\bin\xwin.exe" = protocol=6 | dir=in | app=c:\cygwin\bin\xwin.exe |

"TCP Query User{30E65E5B-756A-47D0-99A5-699103C8DBDB}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

"TCP Query User{34BE522F-5925-4487-A1B3-56F88923E89C}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

"TCP Query User{387E16CA-0902-4911-9605-9D530BF23094}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"TCP Query User{4EBD1E19-A2E5-42FF-A6CC-DD180CDEAFAC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"TCP Query User{793D54F8-47E0-4BD4-A973-D6D350DD3A57}C:\users\bryan\.koalanext\plugins\vievo\vievo.exe" = protocol=6 | dir=in | app=c:\users\bryan\.koalanext\plugins\vievo\vievo.exe |

"TCP Query User{8BE2B2FC-DB78-4BFA-A232-181E8A92397D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"TCP Query User{99272E83-1922-46D5-9C86-3CD08E96BC62}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{B1317A93-6482-44B2-A418-840CC4F0CC36}C:\users\bryan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\bryan\appdata\roaming\spotify\spotify.exe |

"TCP Query User{CBB970F2-2111-4533-B2B2-02180377D53F}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"TCP Query User{DD0A445B-A77C-40D3-9A65-8E43FAF0C455}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"TCP Query User{E096420D-36C6-4E04-9DC7-B31014FC1B8B}C:\users\bryan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\bryan\appdata\roaming\spotify\spotify.exe |

"TCP Query User{E6C9F6C8-398E-4244-9A34-FE12187F7556}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"UDP Query User{0176C3EB-52D0-42DD-A429-5041DA8DAC49}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{13507CF8-267E-4994-94DD-0F7270FD5BC1}C:\users\bryan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\bryan\appdata\roaming\spotify\spotify.exe |

"UDP Query User{13955A44-5481-45EC-A75B-6338DCC6A191}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"UDP Query User{1EFFFE52-5E5F-4174-B48A-CE790F49E88E}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

"UDP Query User{20829271-3AB4-4E6A-A7EA-378FB1B8A966}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

"UDP Query User{5A60E6CD-5DAE-42F6-845E-040497BC2B78}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"UDP Query User{7C3C53A5-027D-4830-8282-2F1E5E34A401}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"UDP Query User{877C26FF-18CA-40DB-9971-02129C4D1B91}C:\cygwin\bin\xwin.exe" = protocol=17 | dir=in | app=c:\cygwin\bin\xwin.exe |

"UDP Query User{8D820CD9-5975-4AFD-A363-EF75E7FA3167}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"UDP Query User{9BDA155B-1085-4229-B7AC-7536FFA341F8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{9D341C89-911C-4BF1-8514-228A4D423F4B}C:\users\bryan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\bryan\appdata\roaming\spotify\spotify.exe |

"UDP Query User{B3A2208F-425B-4524-9714-EFD3C289DB59}C:\users\bryan\.koalanext\plugins\vievo\vievo.exe" = protocol=17 | dir=in | app=c:\users\bryan\.koalanext\plugins\vievo\vievo.exe |

"UDP Query User{B6962DC0-A6B5-4CA5-AABA-447FB1955EB7}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"UDP Query User{D2E0774E-E563-48AA-BD5E-E4D907341038}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)

"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{31CE1406-5C12-44C5-B6C5-0F55F2039DE3}" = AVG 2012

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver

"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files

"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client

"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services

"AVG" = AVG 2012

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"NVIDIA Drivers" = NVIDIA Drivers

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08B67A13-8501-48CB-B747-9D413BDC4594}" = BatteryLifeExtender

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive

"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in

"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java 6 Update 35

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager

"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English

"{4B3AF51F-830F-409F-AE05-FB67040C90B6}" = Cisco AnyConnect Secure Mobility Client

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0017-0416-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2007

"{90120000-0017-0416-0000-0000000FF1CE}_OMUI.pt-br_{CE74B6EC-A82B-4246-8E80-C21A1D6915B0}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.pt-br_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_OMUI.pt-br_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.pt-br_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0416-1000-0000000FF1CE}_OMUI.pt-br_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_OMUI.pt-br_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0100-0416-0000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Brazil)) 2007

"{90120000-0100-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0101-0416-0000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Brazil)) 2007

"{90120000-0101-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010

"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010

"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)

"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110

"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin

"{AAFD6F52-D32E-4251-A7FA-E0AE716FBF45}" = Cisco AnyConnect Start Before Login Module

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B922DA9D-747A-4681-A730-D14326C6738F}" = MultimediaPOP

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BB4AE373-6DD5-44C8-94A6-DBB00DA2E51B}" = Cisco AnyConnect Diagnostics and Reporting Tool

"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F570A3D8-BC0D-408E-BBE3-57E6DEEE5AAA}" = ROOT

"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center

"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Anki" = Anki

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)

"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client

"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec

"dBpoweramp m4a Codec" = dBpoweramp m4a Codec

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photo Creations" = HP Photo Creations

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Instant Eyedropper_is1" = Instant Eyedropper 1.75

"LAME_is1" = LAME v3.99.3 (for Windows)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MapleStory" = MapleStory

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"MiKTeX 2.9" = MiKTeX 2.9

"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)

"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mp3tag" = Mp3tag v2.49b

"Notepad++" = Notepad++

"Office14.VISIOR" = Microsoft Visio Professional 2010

"OMUI.pt-br" = Microsoft Office Language Pack 2007 - Portuguese/Português (Brasil)

"Rainlendar2" = Rainlendar2 (remove only)

"RealPlayer 12.0" = RealPlayer

"RocketDock_is1" = RocketDock 1.3.5

"SafeConnect" = SafeConnect

"SpeedFan" = SpeedFan (remove only)

"TexMakerX_is1" = TexMakerX 2.1

"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar

"VLC media player" = VLC media player 2.0.0

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Efeito Fotoelétrico" = Efeito Fotoelétrico

"Flux" = F.lux

"pH Scale" = pH Scale

"Photoelectric Effect" = Photoelectric Effect

"Sound" = Sound

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/12/2013 12:51:37 PM | Computer Name = PC | Source = System Restore | ID = 8193

Description =

Error - 4/12/2013 6:52:59 PM | Computer Name = PC | Source = ESENT | ID = 488

Description = Windows (3856) Windows: An attempt to create the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log"

failed with system error 1117 (0x0000045d): "The request could not be performed

because of an I/O device error. ". The create file operation will fail with error

-1022 (0xfffffc02).

Error - 4/12/2013 6:58:11 PM | Computer Name = PC | Source = ESENT | ID = 413

Description = Windows (3856) Windows: Unable to create a new logfile because the

database cannot write to the log drive. The drive may be read-only, out of disk

space, misconfigured, or corrupted. Error -1022.

Error - 4/12/2013 6:58:11 PM | Computer Name = PC | Source = ESENT | ID = 492

Description = Windows (3856) Windows: The logfile sequence in "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\"

has been halted due to a fatal error. No further updates are possible for the

databases that use this logfile sequence. Please correct the problem and restart

or restore from backup.

Error - 4/12/2013 6:58:11 PM | Computer Name = PC | Source = Windows Search Service | ID = 7040

Description =

Error - 4/12/2013 6:58:11 PM | Computer Name = PC | Source = Windows Search Service | ID = 7042

Description =

Error - 4/12/2013 6:58:12 PM | Computer Name = PC | Source = Windows Search Service | ID = 3050

Description =

Error - 4/12/2013 6:58:14 PM | Computer Name = PC | Source = ESENT | ID = 104

Description = Windows (3856) Windows: The database engine stopped the instance (0)

with error (-510).

Error - 4/13/2013 10:24:08 AM | Computer Name = PC | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 4/13/2013 11:21:18 AM | Computer Name = PC | Source = System Restore | ID = 8193

Description =

[ Cisco AnyConnect Secure Mobility Client Events ]

Error - 4/13/2013 1:08:52 PM | Computer Name = PC | Source = acvpnagent | ID = 67108866

Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:

832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801

(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 4/13/2013 1:08:52 PM | Computer Name = PC | Source = acvpnagent | ID = 67108866

Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp

Line:

1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing

connection was forcibly closed by the remote host.

Error - 4/13/2013 1:08:52 PM | Computer Name = PC | Source = acvpnagent | ID = 67108866

Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp

Line:

384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805

(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

Error - 4/13/2013 1:08:57 PM | Computer Name = PC | Source = acvpnplap | ID = 67108866

Description = Function: MSSaxErrorHandlerImpl::fatalError File: ..\Common\Xml\MSSaxErrorHandlerImpl.cpp

Line:

31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:

WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.

Error - 4/13/2013 1:08:57 PM | Computer Name = PC | Source = acvpnplap | ID = 67108866

Description = Function: XmlPrefMgr::endElement File: ..\Api\xml\XmlPrefMgr.cpp Line:

135 Invoked Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009)

Description:

GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultHostName>.

Error - 4/13/2013 1:08:57 PM | Computer Name = PC | Source = acvpnplap | ID = 67108866

Description = Function: XmlPrefMgr::endElement File: ..\Api\xml\XmlPrefMgr.cpp Line:

135 Invoked Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009)

Description:

GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultHostAddress>.

Error - 4/13/2013 1:12:52 PM | Computer Name = PC | Source = acvpnagent | ID = 67108866

Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp

Line:

41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:

WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.

Error - 4/13/2013 1:13:03 PM | Computer Name = PC | Source = acvpnagent | ID = 67108866

Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked

Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

Error - 4/13/2013 1:17:01 PM | Computer Name = PC | Source = acvpnui | ID = 67108866

Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp

Line:

41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:

WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.

Error - 4/13/2013 1:17:10 PM | Computer Name = PC | Source = acvpnui | ID = 67108865

Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:

1127 NULL object. Cannot establish a connection at this time.

[ OSession Events ]

Error - 3/10/2011 8:17:12 AM | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 152167

seconds with 1500 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 4/13/2013 1:16:31 PM | Computer Name = PC | Source = DCOM | ID = 10005

Description =

Error - 4/13/2013 1:16:31 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000

Description = The HP Network Devices Support service failed to start due to the

following error: %%1053

Error - 4/13/2013 1:28:37 PM | Computer Name = PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 4/13/2013 1:30:38 PM | Computer Name = PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 4/13/2013 1:32:39 PM | Computer Name = PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 4/13/2013 1:45:41 PM | Computer Name = PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 4/13/2013 1:47:42 PM | Computer Name = PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 4/13/2013 1:53:21 PM | Computer Name = PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe

Flash Player Update Service service to connect.

Error - 4/13/2013 1:53:21 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000

Description = The Adobe Flash Player Update Service service failed to start due

to the following error: %%1053

Error - 4/13/2013 2:02:43 PM | Computer Name = PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

< End of report >

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.62

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 35

Java 7 Update 17

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader 10.1.6 Adobe Reader out of Date!

Mozilla Firefox (20.0.1)

Mozilla Thunderbird 15.0.1 Thunderbird out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

Google Chrome Plugins...

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hello,

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member baweaver only. If you are a casual viewer, do NOT try this on your system!

If you are not baweaver and have a similar problem, do NOT post here; start your own topic

  • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download the attached file BawOTL.txt and SAVE to your DESKTOP
  • Start NOTEPAD
    Start NOTEPAD. Check and make sure "word wrap" is off.
    From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
    IF it -is- checkmarked, click that one time so that it is un-checked.
  • Open the BawOTL.txt that you saved
  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.

C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\F.lux deleted successfully.

C:\Users\Bryan\Local Settings\Apps\F.lux\flux.exe moved successfully.

========== FILES ==========

File\Folder C:\Users\Bryan\Local Settings\Apps\F.lux\flux.exe not found.

C:\Users\Bryan\Local Settings\Apps\F.lux\update folder moved successfully.

C:\Users\Bryan\Local Settings\Apps\F.lux\runtime folder moved successfully.

C:\Users\Bryan\Local Settings\Apps\F.lux folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bryan

->Temp folder emptied: 391107 bytes

->Temporary Internet Files folder emptied: 68275234 bytes

->Java cache emptied: 11617495 bytes

->FireFox cache emptied: 280646967 bytes

->Google Chrome cache emptied: 404602483 bytes

->Flash cache emptied: 39368 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 235868 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 730.00 mb

[EMPTYFLASH]

User: All Users

User: Bryan

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Bryan

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04152013_145706

Files\Folders moved on Reboot...

C:\Users\Bryan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U7GS6IG2\navigation[1].js not found!

File move failed. C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U7GS6IG2\overview[1].htm scheduled to be moved on reboot.

File move failed. C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U7GS6IG2\si[1].htm scheduled to be moved on reboot.

File move failed. C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U7GS6IG2\~25a8bfb9-0cbd-497a-839a-088b6f5d1b64[1].htm scheduled to be moved on reboot.

File\Folder C:\Users\Bryan\AppData\Local\Mozilla\Firefox\Profiles\armf3537.default\Cache.Trash27837\F\25\E0E06d01 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Good run.

The Flash Player utility + the Adobe Reader are out-of-date & pose security exposure risks. Uninstall them.

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for Google Chrome, or McAfee Security Scan Plus, or any other widget or toolbar or add-on!!!

Your system has an old version (also insecure) of Adobe Reader. You need to uninstall Adobe Reader.

Consider getting an alternate tool like Sumatra PDF as mentioned by Corrine on her Security Garden blog.

http://securitygarden.blogspot.com/2013/02/replacing-adobe-reader-with-sumatra-pdf.html

The "flux" trojans were removed (earlier). Your system should not now be having program freezes.

I need a status update from you about that issue.

NEXT:

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

NEXT:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Thanks again so much for your help! Programs aren't freezing constantly anymore, but I have been getting a hard disk problem warning ever since my computer restarted after running ComboFix. It looks like this:

post-137619-0-07072400-1366154680.png

Do you have any idea why?

Here's the TDSSKiller log:

22:27:01.0330 4716 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

22:27:03.0342 4716 ============================================================

22:27:03.0342 4716 Current date / time: 2013/04/15 22:27:03.0342

22:27:03.0342 4716 SystemInfo:

22:27:03.0342 4716

22:27:03.0342 4716 OS Version: 6.1.7601 ServicePack: 1.0

22:27:03.0342 4716 Product type: Workstation

22:27:03.0342 4716 ComputerName: PC

22:27:03.0342 4716 UserName: Bryan

22:27:03.0342 4716 Windows directory: C:\windows

22:27:03.0342 4716 System windows directory: C:\windows

22:27:03.0342 4716 Running under WOW64

22:27:03.0342 4716 Processor architecture: Intel x64

22:27:03.0342 4716 Number of processors: 4

22:27:03.0342 4716 Page size: 0x1000

22:27:03.0342 4716 Boot type: Normal boot

22:27:03.0342 4716 ============================================================

22:27:03.0951 4716 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:27:03.0951 4716 ============================================================

22:27:03.0951 4716 \Device\Harddisk0\DR0:

22:27:03.0951 4716 MBR partitions:

22:27:03.0951 4716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

22:27:03.0951 4716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x280029A1

22:27:03.0982 4716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x29E351E1, BlocksNum 0x49CDE1F

22:27:04.0013 4716 ============================================================

22:27:04.0060 4716 C: <-> \Device\Harddisk0\DR0\Partition2

22:27:04.0091 4716 D: <-> \Device\Harddisk0\DR0\Partition3

22:27:04.0091 4716 ============================================================

22:27:04.0091 4716 Initialize success

22:27:04.0091 4716 ============================================================

22:27:08.0365 5884 ============================================================

22:27:08.0365 5884 Scan started

22:27:08.0365 5884 Mode: Manual;

22:27:08.0365 5884 ============================================================

22:27:08.0584 5884 ================ Scan system memory ========================

22:27:08.0584 5884 System memory - ok

22:27:08.0584 5884 ================ Scan services =============================

22:27:08.0787 5884 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

22:27:08.0802 5884 1394ohci - ok

22:27:08.0849 5884 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

22:27:08.0849 5884 ACPI - ok

22:27:08.0911 5884 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

22:27:08.0911 5884 AcpiPmi - ok

22:27:09.0021 5884 [ 5AE65DCD983077278A6173C2872BCA99 ] acsock C:\windows\system32\DRIVERS\acsock64.sys

22:27:09.0021 5884 acsock - ok

22:27:09.0161 5884 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:27:09.0177 5884 AdobeFlashPlayerUpdateSvc - ok

22:27:09.0239 5884 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

22:27:09.0239 5884 adp94xx - ok

22:27:09.0301 5884 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

22:27:09.0301 5884 adpahci - ok

22:27:09.0333 5884 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

22:27:09.0348 5884 adpu320 - ok

22:27:09.0379 5884 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

22:27:09.0379 5884 AeLookupSvc - ok

22:27:09.0442 5884 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

22:27:09.0457 5884 AFD - ok

22:27:09.0504 5884 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

22:27:09.0504 5884 agp440 - ok

22:27:09.0535 5884 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

22:27:09.0535 5884 ALG - ok

22:27:09.0567 5884 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

22:27:09.0567 5884 aliide - ok

22:27:09.0582 5884 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

22:27:09.0582 5884 amdide - ok

22:27:09.0629 5884 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

22:27:09.0629 5884 AmdK8 - ok

22:27:09.0660 5884 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

22:27:09.0660 5884 AmdPPM - ok

22:27:09.0691 5884 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

22:27:09.0691 5884 amdsata - ok

22:27:09.0723 5884 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

22:27:09.0723 5884 amdsbs - ok

22:27:09.0738 5884 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

22:27:09.0738 5884 amdxata - ok

22:27:09.0816 5884 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

22:27:09.0816 5884 AppID - ok

22:27:09.0863 5884 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

22:27:09.0863 5884 AppIDSvc - ok

22:27:09.0894 5884 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

22:27:09.0894 5884 Appinfo - ok

22:27:10.0050 5884 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:27:10.0050 5884 Apple Mobile Device - ok

22:27:10.0097 5884 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys

22:27:10.0097 5884 arc - ok

22:27:10.0128 5884 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

22:27:10.0128 5884 arcsas - ok

22:27:10.0253 5884 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

22:27:10.0253 5884 aspnet_state - ok

22:27:10.0269 5884 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

22:27:10.0269 5884 AsyncMac - ok

22:27:10.0315 5884 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

22:27:10.0315 5884 atapi - ok

22:27:10.0393 5884 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\windows\system32\DRIVERS\athrx.sys

22:27:10.0409 5884 athr - ok

22:27:10.0471 5884 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

22:27:10.0471 5884 AudioEndpointBuilder - ok

22:27:10.0487 5884 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

22:27:10.0503 5884 AudioSrv - ok

22:27:10.0737 5884 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

22:27:10.0861 5884 AVGIDSAgent - ok

22:27:10.0908 5884 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys

22:27:10.0908 5884 AVGIDSDriver - ok

22:27:10.0955 5884 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys

22:27:10.0955 5884 AVGIDSFilter - ok

22:27:10.0986 5884 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys

22:27:10.0986 5884 AVGIDSHA - ok

22:27:11.0049 5884 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys

22:27:11.0049 5884 Avgldx64 - ok

22:27:11.0080 5884 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys

22:27:11.0080 5884 Avgmfx64 - ok

22:27:11.0189 5884 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys

22:27:11.0189 5884 Avgrkx64 - ok

22:27:11.0236 5884 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys

22:27:11.0236 5884 Avgtdia - ok

22:27:11.0283 5884 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

22:27:11.0283 5884 avgwd - ok

22:27:11.0361 5884 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

22:27:11.0361 5884 AxInstSV - ok

22:27:11.0407 5884 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys

22:27:11.0423 5884 b06bdrv - ok

22:27:11.0470 5884 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

22:27:11.0485 5884 b57nd60a - ok

22:27:11.0548 5884 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

22:27:11.0548 5884 BDESVC - ok

22:27:11.0579 5884 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

22:27:11.0579 5884 Beep - ok

22:27:11.0673 5884 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

22:27:11.0688 5884 BFE - ok

22:27:11.0751 5884 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

22:27:11.0751 5884 BITS - ok

22:27:11.0813 5884 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

22:27:11.0813 5884 blbdrive - ok

22:27:11.0922 5884 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

22:27:11.0938 5884 Bonjour Service - ok

22:27:11.0985 5884 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

22:27:11.0985 5884 bowser - ok

22:27:12.0016 5884 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

22:27:12.0016 5884 BrFiltLo - ok

22:27:12.0063 5884 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

22:27:12.0063 5884 BrFiltUp - ok

22:27:12.0109 5884 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

22:27:12.0109 5884 BridgeMP - ok

22:27:12.0156 5884 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

22:27:12.0156 5884 Browser - ok

22:27:12.0187 5884 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

22:27:12.0187 5884 Brserid - ok

22:27:12.0219 5884 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

22:27:12.0219 5884 BrSerWdm - ok

22:27:12.0250 5884 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

22:27:12.0250 5884 BrUsbMdm - ok

22:27:12.0281 5884 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

22:27:12.0281 5884 BrUsbSer - ok

22:27:12.0297 5884 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

22:27:12.0312 5884 BTHMODEM - ok

22:27:12.0375 5884 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

22:27:12.0375 5884 bthserv - ok

22:27:12.0390 5884 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

22:27:12.0390 5884 cdfs - ok

22:27:12.0453 5884 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

22:27:12.0453 5884 cdrom - ok

22:27:12.0515 5884 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

22:27:12.0515 5884 CertPropSvc - ok

22:27:12.0546 5884 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys

22:27:12.0546 5884 circlass - ok

22:27:12.0593 5884 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

22:27:12.0593 5884 CLFS - ok

22:27:12.0671 5884 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:27:12.0671 5884 clr_optimization_v2.0.50727_32 - ok

22:27:12.0780 5884 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:27:12.0780 5884 clr_optimization_v2.0.50727_64 - ok

22:27:12.0858 5884 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:27:12.0858 5884 clr_optimization_v4.0.30319_32 - ok

22:27:12.0921 5884 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:27:12.0921 5884 clr_optimization_v4.0.30319_64 - ok

22:27:12.0967 5884 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

22:27:12.0967 5884 CmBatt - ok

22:27:13.0030 5884 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

22:27:13.0030 5884 cmdide - ok

22:27:13.0077 5884 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

22:27:13.0077 5884 CNG - ok

22:27:13.0155 5884 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

22:27:13.0155 5884 Compbatt - ok

22:27:13.0217 5884 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

22:27:13.0233 5884 CompositeBus - ok

22:27:13.0233 5884 COMSysApp - ok

22:27:13.0279 5884 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

22:27:13.0279 5884 crcdisk - ok

22:27:13.0389 5884 [ 63A7739AC9C1E38589B3EDB1DAEB9DF5 ] CronService C:\Prey\platform\windows\cronsvc.exe

22:27:13.0389 5884 CronService - ok

22:27:13.0467 5884 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

22:27:13.0467 5884 CryptSvc - ok

22:27:13.0513 5884 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

22:27:13.0513 5884 DcomLaunch - ok

22:27:13.0545 5884 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

22:27:13.0545 5884 defragsvc - ok

22:27:13.0591 5884 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

22:27:13.0591 5884 DfsC - ok

22:27:13.0623 5884 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

22:27:13.0638 5884 Dhcp - ok

22:27:13.0669 5884 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

22:27:13.0669 5884 discache - ok

22:27:13.0701 5884 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys

22:27:13.0701 5884 Disk - ok

22:27:13.0747 5884 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

22:27:13.0747 5884 Dnscache - ok

22:27:13.0825 5884 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

22:27:13.0825 5884 dot3svc - ok

22:27:13.0888 5884 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys

22:27:13.0888 5884 Dot4 - ok

22:27:13.0950 5884 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys

22:27:13.0950 5884 Dot4Print - ok

22:27:13.0966 5884 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys

22:27:13.0966 5884 dot4usb - ok

22:27:14.0013 5884 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

22:27:14.0028 5884 DPS - ok

22:27:14.0044 5884 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

22:27:14.0044 5884 drmkaud - ok

22:27:14.0106 5884 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

22:27:14.0122 5884 DXGKrnl - ok

22:27:14.0169 5884 EagleX64 - ok

22:27:14.0200 5884 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

22:27:14.0215 5884 EapHost - ok

22:27:14.0293 5884 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys

22:27:14.0340 5884 ebdrv - ok

22:27:14.0371 5884 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

22:27:14.0387 5884 EFS - ok

22:27:14.0465 5884 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

22:27:14.0465 5884 ehRecvr - ok

22:27:14.0496 5884 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

22:27:14.0496 5884 ehSched - ok

22:27:14.0543 5884 [ 4778EEECB75C6FB419745BEED3530B9D ] ElRawDisk C:\windows\system32\drivers\dddskx64.sys

22:27:14.0543 5884 ElRawDisk - ok

22:27:14.0605 5884 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

22:27:14.0621 5884 elxstor - ok

22:27:14.0668 5884 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\windows\system32\epmntdrv.sys

22:27:14.0668 5884 epmntdrv - ok

22:27:14.0715 5884 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

22:27:14.0730 5884 ErrDev - ok

22:27:14.0777 5884 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\windows\system32\EuGdiDrv.sys

22:27:14.0777 5884 EuGdiDrv - ok

22:27:14.0839 5884 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

22:27:14.0855 5884 EventSystem - ok

22:27:14.0917 5884 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

22:27:14.0933 5884 exfat - ok

22:27:14.0964 5884 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

22:27:14.0964 5884 fastfat - ok

22:27:15.0042 5884 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

22:27:15.0058 5884 Fax - ok

22:27:15.0089 5884 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys

22:27:15.0105 5884 fdc - ok

22:27:15.0136 5884 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

22:27:15.0136 5884 fdPHost - ok

22:27:15.0183 5884 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

22:27:15.0198 5884 FDResPub - ok

22:27:15.0261 5884 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

22:27:15.0261 5884 FileInfo - ok

22:27:15.0261 5884 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

22:27:15.0261 5884 Filetrace - ok

22:27:15.0339 5884 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

22:27:15.0354 5884 FLEXnet Licensing Service - ok

22:27:15.0370 5884 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

22:27:15.0370 5884 flpydisk - ok

22:27:15.0401 5884 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

22:27:15.0401 5884 FltMgr - ok

22:27:15.0448 5884 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

22:27:15.0463 5884 FontCache - ok

22:27:15.0510 5884 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:27:15.0526 5884 FontCache3.0.0.0 - ok

22:27:15.0557 5884 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

22:27:15.0557 5884 FsDepends - ok

22:27:15.0604 5884 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys

22:27:15.0604 5884 fssfltr - ok

22:27:15.0666 5884 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

22:27:15.0682 5884 fsssvc - ok

22:27:15.0729 5884 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

22:27:15.0729 5884 Fs_Rec - ok

22:27:15.0775 5884 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

22:27:15.0791 5884 fvevol - ok

22:27:15.0838 5884 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

22:27:15.0838 5884 gagp30kx - ok

22:27:15.0900 5884 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

22:27:15.0900 5884 GEARAspiWDM - ok

22:27:15.0947 5884 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

22:27:15.0963 5884 gpsvc - ok

22:27:16.0056 5884 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:27:16.0072 5884 gupdate - ok

22:27:16.0103 5884 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:27:16.0103 5884 gupdatem - ok

22:27:16.0150 5884 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

22:27:16.0150 5884 hcw85cir - ok

22:27:16.0197 5884 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

22:27:16.0197 5884 HdAudAddService - ok

22:27:16.0243 5884 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

22:27:16.0243 5884 HDAudBus - ok

22:27:16.0275 5884 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

22:27:16.0275 5884 HidBatt - ok

22:27:16.0275 5884 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

22:27:16.0290 5884 HidBth - ok

22:27:16.0306 5884 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys

22:27:16.0306 5884 HidIr - ok

22:27:16.0337 5884 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll

22:27:16.0353 5884 hidserv - ok

22:27:16.0368 5884 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

22:27:16.0384 5884 HidUsb - ok

22:27:16.0415 5884 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

22:27:16.0431 5884 hkmsvc - ok

22:27:16.0477 5884 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

22:27:16.0477 5884 HomeGroupListener - ok

22:27:16.0509 5884 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

22:27:16.0524 5884 HomeGroupProvider - ok

22:27:16.0618 5884 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

22:27:16.0618 5884 hpqcxs08 - ok

22:27:16.0649 5884 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

22:27:16.0649 5884 hpqddsvc - ok

22:27:16.0696 5884 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

22:27:16.0696 5884 HpSAMD - ok

22:27:16.0758 5884 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

22:27:16.0774 5884 HPSLPSVC - ok

22:27:16.0821 5884 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

22:27:16.0836 5884 HTTP - ok

22:27:16.0867 5884 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

22:27:16.0867 5884 hwpolicy - ok

22:27:16.0914 5884 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

22:27:16.0914 5884 i8042prt - ok

22:27:16.0961 5884 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

22:27:16.0961 5884 iaStor - ok

22:27:17.0008 5884 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

22:27:17.0008 5884 iaStorV - ok

22:27:17.0070 5884 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:27:17.0086 5884 idsvc - ok

22:27:17.0257 5884 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

22:27:17.0398 5884 igfx - ok

22:27:17.0445 5884 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

22:27:17.0445 5884 iirsp - ok

22:27:17.0507 5884 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

22:27:17.0523 5884 IKEEXT - ok

22:27:17.0569 5884 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys

22:27:17.0569 5884 Impcd - ok

22:27:17.0679 5884 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

22:27:17.0710 5884 IntcAzAudAddService - ok

22:27:17.0757 5884 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

22:27:17.0757 5884 intelide - ok

22:27:17.0803 5884 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

22:27:17.0803 5884 intelppm - ok

22:27:17.0835 5884 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

22:27:17.0835 5884 IPBusEnum - ok

22:27:17.0897 5884 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

22:27:17.0897 5884 IpFilterDriver - ok

22:27:17.0944 5884 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

22:27:17.0959 5884 iphlpsvc - ok

22:27:17.0991 5884 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

22:27:17.0991 5884 IPMIDRV - ok

22:27:18.0022 5884 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

22:27:18.0022 5884 IPNAT - ok

22:27:18.0084 5884 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

22:27:18.0100 5884 iPod Service - ok

22:27:18.0131 5884 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

22:27:18.0131 5884 IRENUM - ok

22:27:18.0162 5884 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

22:27:18.0162 5884 isapnp - ok

22:27:18.0193 5884 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

22:27:18.0193 5884 iScsiPrt - ok

22:27:18.0209 5884 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys

22:27:18.0209 5884 kbdclass - ok

22:27:18.0256 5884 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

22:27:18.0256 5884 kbdhid - ok

22:27:18.0287 5884 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

22:27:18.0287 5884 KeyIso - ok

22:27:18.0318 5884 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

22:27:18.0334 5884 KSecDD - ok

22:27:18.0365 5884 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

22:27:18.0365 5884 KSecPkg - ok

22:27:18.0381 5884 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

22:27:18.0381 5884 ksthunk - ok

22:27:18.0427 5884 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

22:27:18.0427 5884 KtmRm - ok

22:27:18.0474 5884 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll

22:27:18.0474 5884 LanmanServer - ok

22:27:18.0505 5884 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

22:27:18.0505 5884 LanmanWorkstation - ok

22:27:18.0537 5884 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

22:27:18.0537 5884 lltdio - ok

22:27:18.0568 5884 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

22:27:18.0583 5884 lltdsvc - ok

22:27:18.0599 5884 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

22:27:18.0615 5884 lmhosts - ok

22:27:18.0646 5884 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

22:27:18.0646 5884 LSI_FC - ok

22:27:18.0661 5884 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

22:27:18.0661 5884 LSI_SAS - ok

22:27:18.0677 5884 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

22:27:18.0677 5884 LSI_SAS2 - ok

22:27:18.0693 5884 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

22:27:18.0693 5884 LSI_SCSI - ok

22:27:18.0708 5884 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

22:27:18.0724 5884 luafv - ok

22:27:18.0771 5884 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

22:27:18.0771 5884 Mcx2Svc - ok

22:27:18.0786 5884 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys

22:27:18.0802 5884 megasas - ok

22:27:18.0817 5884 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

22:27:18.0817 5884 MegaSR - ok

22:27:18.0849 5884 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

22:27:18.0849 5884 MMCSS - ok

22:27:18.0849 5884 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

22:27:18.0849 5884 Modem - ok

22:27:18.0895 5884 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

22:27:18.0895 5884 monitor - ok

22:27:18.0942 5884 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys

22:27:18.0942 5884 mouclass - ok

22:27:18.0973 5884 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

22:27:18.0973 5884 mouhid - ok

22:27:19.0020 5884 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

22:27:19.0020 5884 mountmgr - ok

22:27:19.0129 5884 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

22:27:19.0129 5884 MozillaMaintenance - ok

22:27:19.0176 5884 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

22:27:19.0176 5884 mpio - ok

22:27:19.0207 5884 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

22:27:19.0207 5884 mpsdrv - ok

22:27:19.0254 5884 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

22:27:19.0270 5884 MpsSvc - ok

22:27:19.0301 5884 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

22:27:19.0317 5884 MRxDAV - ok

22:27:19.0348 5884 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

22:27:19.0348 5884 mrxsmb - ok

22:27:19.0379 5884 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

22:27:19.0395 5884 mrxsmb10 - ok

22:27:19.0410 5884 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

22:27:19.0410 5884 mrxsmb20 - ok

22:27:19.0441 5884 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

22:27:19.0441 5884 msahci - ok

22:27:19.0473 5884 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

22:27:19.0473 5884 msdsm - ok

22:27:19.0488 5884 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

22:27:19.0504 5884 MSDTC - ok

22:27:19.0551 5884 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

22:27:19.0566 5884 Msfs - ok

22:27:19.0582 5884 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

22:27:19.0582 5884 mshidkmdf - ok

22:27:19.0597 5884 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

22:27:19.0597 5884 msisadrv - ok

22:27:19.0629 5884 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

22:27:19.0644 5884 MSiSCSI - ok

22:27:19.0644 5884 msiserver - ok

22:27:19.0675 5884 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

22:27:19.0675 5884 MSKSSRV - ok

22:27:19.0675 5884 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

22:27:19.0691 5884 MSPCLOCK - ok

22:27:19.0691 5884 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

22:27:19.0691 5884 MSPQM - ok

22:27:19.0722 5884 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

22:27:19.0722 5884 MsRPC - ok

22:27:19.0769 5884 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

22:27:19.0769 5884 mssmbios - ok

22:27:19.0847 5884 MSSQL$SQLEXPRESS - ok

22:27:19.0925 5884 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

22:27:19.0925 5884 MSSQLServerADHelper100 - ok

22:27:19.0925 5884 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

22:27:19.0925 5884 MSTEE - ok

22:27:19.0956 5884 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

22:27:19.0956 5884 MTConfig - ok

22:27:19.0987 5884 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

22:27:19.0987 5884 Mup - ok

22:27:20.0034 5884 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

22:27:20.0050 5884 napagent - ok

22:27:20.0097 5884 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

22:27:20.0097 5884 NativeWifiP - ok

22:27:20.0143 5884 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

22:27:20.0159 5884 NDIS - ok

22:27:20.0175 5884 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

22:27:20.0175 5884 NdisCap - ok

22:27:20.0206 5884 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

22:27:20.0206 5884 NdisTapi - ok

22:27:20.0221 5884 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

22:27:20.0221 5884 Ndisuio - ok

22:27:20.0253 5884 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

22:27:20.0268 5884 NdisWan - ok

22:27:20.0299 5884 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

22:27:20.0299 5884 NDProxy - ok

22:27:20.0362 5884 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

22:27:20.0362 5884 Net Driver HPZ12 - ok

22:27:20.0393 5884 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

22:27:20.0393 5884 NetBIOS - ok

22:27:20.0424 5884 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

22:27:20.0440 5884 NetBT - ok

22:27:20.0471 5884 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

22:27:20.0471 5884 Netlogon - ok

22:27:20.0518 5884 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

22:27:20.0518 5884 Netman - ok

22:27:20.0565 5884 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:27:20.0565 5884 NetMsmqActivator - ok

22:27:20.0580 5884 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:27:20.0580 5884 NetPipeActivator - ok

22:27:20.0611 5884 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

22:27:20.0611 5884 netprofm - ok

22:27:20.0627 5884 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:27:20.0627 5884 NetTcpActivator - ok

22:27:20.0643 5884 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:27:20.0643 5884 NetTcpPortSharing - ok

22:27:20.0674 5884 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

22:27:20.0674 5884 nfrd960 - ok

22:27:20.0721 5884 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

22:27:20.0736 5884 NlaSvc - ok

22:27:20.0752 5884 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

22:27:20.0752 5884 Npfs - ok

22:27:20.0783 5884 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

22:27:20.0783 5884 nsi - ok

22:27:20.0799 5884 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

22:27:20.0799 5884 nsiproxy - ok

22:27:20.0877 5884 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\windows\system32\drivers\Ntfs.sys

22:27:20.0892 5884 Ntfs - ok

22:27:20.0923 5884 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

22:27:20.0923 5884 Null - ok

22:27:20.0970 5884 [ 181E7FE39211E04128A30708906627D8 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys

22:27:20.0970 5884 NVHDA - ok

22:27:21.0251 5884 [ A518A34F345ABF771E66AC48932FFEA8 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys

22:27:21.0501 5884 nvlddmkm - ok

22:27:21.0547 5884 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

22:27:21.0547 5884 nvraid - ok

22:27:21.0563 5884 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

22:27:21.0579 5884 nvstor - ok

22:27:21.0625 5884 [ 5FDEB48CD1A35C6754F6E345308B99D5 ] nvsvc C:\windows\system32\nvvsvc.exe

22:27:21.0641 5884 nvsvc - ok

22:27:21.0688 5884 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

22:27:21.0688 5884 nv_agp - ok

22:27:21.0813 5884 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:27:21.0813 5884 odserv - ok

22:27:21.0859 5884 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

22:27:21.0859 5884 ohci1394 - ok

22:27:21.0891 5884 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:27:21.0906 5884 ose - ok

22:27:22.0156 5884 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:27:22.0296 5884 osppsvc - ok

22:27:22.0327 5884 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

22:27:22.0343 5884 p2pimsvc - ok

22:27:22.0374 5884 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

22:27:22.0390 5884 p2psvc - ok

22:27:22.0437 5884 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys

22:27:22.0437 5884 Parport - ok

22:27:22.0483 5884 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

22:27:22.0483 5884 partmgr - ok

22:27:22.0499 5884 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

22:27:22.0499 5884 PcaSvc - ok

22:27:22.0546 5884 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

22:27:22.0546 5884 pci - ok

22:27:22.0577 5884 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

22:27:22.0577 5884 pciide - ok

22:27:22.0593 5884 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

22:27:22.0608 5884 pcmcia - ok

22:27:22.0624 5884 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

22:27:22.0624 5884 pcw - ok

22:27:22.0655 5884 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

22:27:22.0671 5884 PEAUTH - ok

22:27:22.0749 5884 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

22:27:22.0764 5884 PerfHost - ok

22:27:22.0827 5884 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

22:27:22.0842 5884 pla - ok

22:27:22.0905 5884 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

22:27:22.0905 5884 PlugPlay - ok

22:27:22.0936 5884 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

22:27:22.0936 5884 Pml Driver HPZ12 - ok

22:27:22.0967 5884 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

22:27:22.0967 5884 PNRPAutoReg - ok

22:27:22.0998 5884 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

22:27:23.0014 5884 PNRPsvc - ok

22:27:23.0045 5884 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

22:27:23.0061 5884 PolicyAgent - ok

22:27:23.0092 5884 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

22:27:23.0107 5884 Power - ok

22:27:23.0139 5884 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

22:27:23.0139 5884 PptpMiniport - ok

22:27:23.0170 5884 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys

22:27:23.0170 5884 Processor - ok

22:27:23.0201 5884 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

22:27:23.0201 5884 ProfSvc - ok

22:27:23.0217 5884 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

22:27:23.0217 5884 ProtectedStorage - ok

22:27:23.0263 5884 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

22:27:23.0263 5884 Psched - ok

22:27:23.0310 5884 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

22:27:23.0326 5884 ql2300 - ok

22:27:23.0357 5884 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

22:27:23.0357 5884 ql40xx - ok

22:27:23.0388 5884 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

22:27:23.0404 5884 QWAVE - ok

22:27:23.0419 5884 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

22:27:23.0419 5884 QWAVEdrv - ok

22:27:23.0419 5884 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

22:27:23.0419 5884 RasAcd - ok

22:27:23.0466 5884 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

22:27:23.0466 5884 RasAgileVpn - ok

22:27:23.0466 5884 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

22:27:23.0482 5884 RasAuto - ok

22:27:23.0513 5884 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

22:27:23.0513 5884 Rasl2tp - ok

22:27:23.0560 5884 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

22:27:23.0575 5884 RasMan - ok

22:27:23.0591 5884 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

22:27:23.0591 5884 RasPppoe - ok

22:27:23.0607 5884 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

22:27:23.0607 5884 RasSstp - ok

22:27:23.0653 5884 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

22:27:23.0653 5884 rdbss - ok

22:27:23.0669 5884 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

22:27:23.0669 5884 rdpbus - ok

22:27:23.0700 5884 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

22:27:23.0700 5884 RDPCDD - ok

22:27:23.0731 5884 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

22:27:23.0731 5884 RDPENCDD - ok

22:27:23.0747 5884 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

22:27:23.0747 5884 RDPREFMP - ok

22:27:23.0778 5884 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

22:27:23.0794 5884 RDPWD - ok

22:27:23.0841 5884 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

22:27:23.0841 5884 rdyboost - ok

22:27:23.0872 5884 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

22:27:23.0872 5884 RemoteAccess - ok

22:27:23.0903 5884 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

22:27:23.0903 5884 RemoteRegistry - ok

22:27:23.0965 5884 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\windows\system32\DRIVERS\revoflt.sys

22:27:23.0965 5884 Revoflt - ok

22:27:24.0012 5884 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys

22:27:24.0012 5884 RimUsb - ok

22:27:24.0043 5884 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

22:27:24.0059 5884 RpcEptMapper - ok

22:27:24.0075 5884 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

22:27:24.0075 5884 RpcLocator - ok

22:27:24.0121 5884 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

22:27:24.0137 5884 RpcSs - ok

22:27:24.0184 5884 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\windows\system32\DRIVERS\RsFx0103.sys

22:27:24.0199 5884 RsFx0103 - ok

22:27:24.0215 5884 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

22:27:24.0231 5884 rspndr - ok

22:27:24.0262 5884 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

22:27:24.0262 5884 RTL8167 - ok

22:27:24.0371 5884 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys

22:27:24.0371 5884 rtport - ok

22:27:24.0418 5884 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys

22:27:24.0418 5884 SABI - ok

22:27:24.0433 5884 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

22:27:24.0433 5884 SamSs - ok

22:27:24.0465 5884 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

22:27:24.0465 5884 sbp2port - ok

22:27:24.0511 5884 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

22:27:24.0511 5884 SCardSvr - ok

22:27:24.0558 5884 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

22:27:24.0558 5884 scfilter - ok

22:27:24.0621 5884 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

22:27:24.0636 5884 Schedule - ok

22:27:24.0699 5884 SCManager - ok

22:27:24.0730 5884 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

22:27:24.0730 5884 SCPolicySvc - ok

22:27:24.0761 5884 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

22:27:24.0777 5884 SDRSVC - ok

22:27:24.0808 5884 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

22:27:24.0808 5884 secdrv - ok

22:27:24.0839 5884 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

22:27:24.0839 5884 seclogon - ok

22:27:24.0870 5884 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

22:27:24.0870 5884 SENS - ok

22:27:24.0886 5884 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

22:27:24.0886 5884 SensrSvc - ok

22:27:24.0933 5884 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys

22:27:24.0933 5884 Serenum - ok

22:27:24.0964 5884 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys

22:27:24.0964 5884 Serial - ok

22:27:24.0995 5884 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

22:27:24.0995 5884 sermouse - ok

22:27:25.0042 5884 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

22:27:25.0042 5884 SessionEnv - ok

22:27:25.0089 5884 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

22:27:25.0089 5884 sffdisk - ok

22:27:25.0104 5884 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

22:27:25.0104 5884 sffp_mmc - ok

22:27:25.0120 5884 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

22:27:25.0120 5884 sffp_sd - ok

22:27:25.0151 5884 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

22:27:25.0151 5884 sfloppy - ok

22:27:25.0198 5884 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

22:27:25.0198 5884 SharedAccess - ok

22:27:25.0229 5884 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

22:27:25.0245 5884 ShellHWDetection - ok

22:27:25.0276 5884 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

22:27:25.0276 5884 SiSRaid2 - ok

22:27:25.0291 5884 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

22:27:25.0291 5884 SiSRaid4 - ok

22:27:25.0401 5884 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

22:27:25.0416 5884 SkypeUpdate - ok

22:27:25.0432 5884 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

22:27:25.0432 5884 Smb - ok

22:27:25.0479 5884 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

22:27:25.0479 5884 SNMPTRAP - ok

22:27:25.0525 5884 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\windows\syswow64\speedfan.sys

22:27:25.0525 5884 speedfan - ok

22:27:25.0572 5884 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

22:27:25.0572 5884 spldr - ok

22:27:25.0619 5884 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

22:27:25.0619 5884 Spooler - ok

22:27:25.0728 5884 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

22:27:25.0775 5884 sppsvc - ok

22:27:25.0806 5884 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

22:27:25.0806 5884 sppuinotify - ok

22:27:25.0869 5884 [ 602884696850C86434530790B110E8EB ] sptd C:\windows\system32\Drivers\sptd.sys

22:27:25.0869 5884 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB

22:27:25.0884 5884 sptd ( LockedFile.Multi.Generic ) - warning

22:27:25.0884 5884 sptd - detected LockedFile.Multi.Generic (1)

22:27:25.0947 5884 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

22:27:25.0947 5884 SQLAgent$SQLEXPRESS - ok

22:27:26.0040 5884 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

22:27:26.0040 5884 SQLBrowser - ok

22:27:26.0087 5884 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

22:27:26.0103 5884 SQLWriter - ok

22:27:26.0134 5884 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

22:27:26.0134 5884 srv - ok

22:27:26.0165 5884 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

22:27:26.0165 5884 srv2 - ok

22:27:26.0181 5884 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

22:27:26.0196 5884 srvnet - ok

22:27:26.0243 5884 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

22:27:26.0243 5884 SSDPSRV - ok

22:27:26.0274 5884 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

22:27:26.0274 5884 SstpSvc - ok

22:27:26.0305 5884 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

22:27:26.0305 5884 stexstor - ok

22:27:26.0368 5884 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

22:27:26.0368 5884 stisvc - ok

22:27:26.0415 5884 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys

22:27:26.0415 5884 swenum - ok

22:27:26.0430 5884 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

22:27:26.0446 5884 swprv - ok

22:27:26.0493 5884 [ 3C80203C725C28CEA5713D1AB242880A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

22:27:26.0493 5884 SynTP - ok

22:27:26.0555 5884 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

22:27:26.0586 5884 SysMain - ok

22:27:26.0617 5884 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

22:27:26.0633 5884 TabletInputService - ok

22:27:26.0649 5884 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

22:27:26.0664 5884 TapiSrv - ok

22:27:26.0680 5884 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

22:27:26.0680 5884 TBS - ok

22:27:26.0773 5884 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys

22:27:26.0789 5884 Tcpip - ok

22:27:26.0836 5884 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

22:27:26.0851 5884 TCPIP6 - ok

22:27:26.0883 5884 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

22:27:26.0898 5884 tcpipreg - ok

22:27:26.0914 5884 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

22:27:26.0929 5884 TDPIPE - ok

22:27:26.0945 5884 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

22:27:26.0945 5884 TDTCP - ok

22:27:26.0976 5884 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

22:27:26.0976 5884 tdx - ok

22:27:27.0007 5884 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys

22:27:27.0007 5884 TermDD - ok

22:27:27.0054 5884 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

22:27:27.0070 5884 TermService - ok

22:27:27.0101 5884 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

22:27:27.0101 5884 Themes - ok

22:27:27.0117 5884 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

22:27:27.0117 5884 THREADORDER - ok

22:27:27.0148 5884 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

22:27:27.0148 5884 TrkWks - ok

22:27:27.0210 5884 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

22:27:27.0210 5884 TrustedInstaller - ok

22:27:27.0257 5884 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

22:27:27.0257 5884 tssecsrv - ok

22:27:27.0304 5884 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

22:27:27.0304 5884 TsUsbFlt - ok

22:27:27.0335 5884 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

22:27:27.0351 5884 tunnel - ok

22:27:27.0397 5884 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys

22:27:27.0397 5884 TurboB - ok

22:27:27.0429 5884 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

22:27:27.0429 5884 uagp35 - ok

22:27:27.0475 5884 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

22:27:27.0475 5884 udfs - ok

22:27:27.0507 5884 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

22:27:27.0522 5884 UI0Detect - ok

22:27:27.0538 5884 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

22:27:27.0538 5884 uliagpkx - ok

22:27:27.0585 5884 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys

22:27:27.0585 5884 umbus - ok

22:27:27.0600 5884 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys

22:27:27.0600 5884 UmPass - ok

22:27:27.0616 5884 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

22:27:27.0631 5884 upnphost - ok

22:27:27.0678 5884 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

22:27:27.0678 5884 USBAAPL64 - ok

22:27:27.0709 5884 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

22:27:27.0709 5884 usbccgp - ok

22:27:27.0741 5884 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

22:27:27.0741 5884 usbcir - ok

22:27:27.0772 5884 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys

22:27:27.0772 5884 usbehci - ok

22:27:27.0819 5884 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

22:27:27.0819 5884 usbhub - ok

22:27:27.0850 5884 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

22:27:27.0850 5884 usbohci - ok

22:27:27.0881 5884 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

22:27:27.0881 5884 usbprint - ok

22:27:27.0928 5884 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

22:27:27.0928 5884 usbscan - ok

22:27:27.0959 5884 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

22:27:27.0959 5884 USBSTOR - ok

22:27:27.0975 5884 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

22:27:27.0975 5884 usbuhci - ok

22:27:28.0021 5884 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys

22:27:28.0021 5884 usbvideo - ok

22:27:28.0068 5884 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

22:27:28.0068 5884 UxSms - ok

22:27:28.0068 5884 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

22:27:28.0084 5884 VaultSvc - ok

22:27:28.0115 5884 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\windows\system32\DRIVERS\VClone.sys

22:27:28.0115 5884 VClone - ok

22:27:28.0177 5884 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

22:27:28.0177 5884 vdrvroot - ok

22:27:28.0209 5884 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

22:27:28.0224 5884 vds - ok

22:27:28.0271 5884 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

22:27:28.0271 5884 vga - ok

22:27:28.0287 5884 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

22:27:28.0287 5884 VgaSave - ok

22:27:28.0318 5884 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

22:27:28.0318 5884 vhdmp - ok

22:27:28.0365 5884 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

22:27:28.0365 5884 viaide - ok

22:27:28.0380 5884 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

22:27:28.0380 5884 volmgr - ok

22:27:28.0427 5884 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

22:27:28.0427 5884 volmgrx - ok

22:27:28.0443 5884 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

22:27:28.0458 5884 volsnap - ok

22:27:28.0505 5884 [ 710E2A70FBE41DB2379EB7AA6E6FF7CC ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

22:27:28.0505 5884 vpnagent - ok

22:27:28.0552 5884 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\windows\system32\DRIVERS\vpnva64.sys

22:27:28.0552 5884 vpnva - ok

22:27:28.0599 5884 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

22:27:28.0599 5884 vsmraid - ok

22:27:28.0661 5884 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

22:27:28.0692 5884 VSS - ok

22:27:28.0708 5884 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

22:27:28.0708 5884 vwifibus - ok

22:27:28.0739 5884 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

22:27:28.0739 5884 vwififlt - ok

22:27:28.0770 5884 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

22:27:28.0770 5884 vwifimp - ok

22:27:28.0801 5884 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

22:27:28.0817 5884 W32Time - ok

22:27:28.0833 5884 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

22:27:28.0833 5884 WacomPen - ok

22:27:28.0879 5884 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

22:27:28.0879 5884 WANARP - ok

22:27:28.0879 5884 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

22:27:28.0879 5884 Wanarpv6 - ok

22:27:28.0942 5884 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

22:27:28.0973 5884 WatAdminSvc - ok

22:27:29.0035 5884 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

22:27:29.0051 5884 wbengine - ok

22:27:29.0082 5884 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

22:27:29.0098 5884 WbioSrvc - ok

22:27:29.0129 5884 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

22:27:29.0129 5884 wcncsvc - ok

22:27:29.0145 5884 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

22:27:29.0160 5884 WcsPlugInService - ok

22:27:29.0191 5884 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys

22:27:29.0191 5884 Wd - ok

22:27:29.0238 5884 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam64.sys

22:27:29.0238 5884 WDC_SAM - ok

22:27:29.0285 5884 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

22:27:29.0301 5884 Wdf01000 - ok

22:27:29.0316 5884 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

22:27:29.0316 5884 WdiServiceHost - ok

22:27:29.0316 5884 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

22:27:29.0332 5884 WdiSystemHost - ok

22:27:29.0394 5884 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

22:27:29.0394 5884 WebClient - ok

22:27:29.0441 5884 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

22:27:29.0441 5884 Wecsvc - ok

22:27:29.0457 5884 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

22:27:29.0457 5884 wercplsupport - ok

22:27:29.0488 5884 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

22:27:29.0488 5884 WerSvc - ok

22:27:29.0550 5884 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

22:27:29.0550 5884 WfpLwf - ok

22:27:29.0566 5884 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

22:27:29.0566 5884 WIMMount - ok

22:27:29.0597 5884 WinDefend - ok

22:27:29.0613 5884 WinHttpAutoProxySvc - ok

22:27:29.0691 5884 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

22:27:29.0691 5884 Winmgmt - ok

22:27:29.0769 5884 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

22:27:29.0800 5884 WinRM - ok

22:27:29.0862 5884 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

22:27:29.0862 5884 WinUsb - ok

22:27:29.0909 5884 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

22:27:29.0925 5884 Wlansvc - ok

22:27:29.0971 5884 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

22:27:29.0971 5884 WmiAcpi - ok

22:27:30.0003 5884 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

22:27:30.0003 5884 wmiApSrv - ok

22:27:30.0049 5884 WMPNetworkSvc - ok

22:27:30.0065 5884 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

22:27:30.0065 5884 WPCSvc - ok

22:27:30.0112 5884 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

22:27:30.0112 5884 WPDBusEnum - ok

22:27:30.0143 5884 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

22:27:30.0143 5884 ws2ifsl - ok

22:27:30.0190 5884 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll

22:27:30.0190 5884 wscsvc - ok

22:27:30.0205 5884 WSearch - ok

22:27:30.0283 5884 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

22:27:30.0330 5884 wuauserv - ok

22:27:30.0346 5884 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

22:27:30.0361 5884 WudfPf - ok

22:27:30.0408 5884 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

22:27:30.0408 5884 WUDFRd - ok

22:27:30.0455 5884 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

22:27:30.0455 5884 wudfsvc - ok

22:27:30.0486 5884 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

22:27:30.0502 5884 WwanSvc - ok

22:27:30.0549 5884 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys

22:27:30.0549 5884 yukonw7 - ok

22:27:30.0580 5884 ================ Scan global ===============================

22:27:30.0611 5884 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

22:27:30.0642 5884 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

22:27:30.0658 5884 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

22:27:30.0673 5884 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

22:27:30.0705 5884 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

22:27:30.0705 5884 [Global] - ok

22:27:30.0705 5884 ================ Scan MBR ==================================

22:27:30.0720 5884 [ B3894C49F8B38EE6C5A848698D190F91 ] \Device\Harddisk0\DR0

22:27:30.0798 5884 \Device\Harddisk0\DR0 - ok

22:27:30.0798 5884 ================ Scan VBR ==================================

22:27:30.0814 5884 [ C85D5883DEE1B153F668808BF7F181D2 ] \Device\Harddisk0\DR0\Partition1

22:27:30.0814 5884 \Device\Harddisk0\DR0\Partition1 - ok

22:27:30.0829 5884 [ 338C0B6737EDC0FAD31D6548628B8D46 ] \Device\Harddisk0\DR0\Partition2

22:27:30.0829 5884 \Device\Harddisk0\DR0\Partition2 - ok

22:27:30.0861 5884 [ F2AE53AE97F67ABA478080ED7DF792D1 ] \Device\Harddisk0\DR0\Partition3

22:27:30.0861 5884 \Device\Harddisk0\DR0\Partition3 - ok

22:27:30.0861 5884 ============================================================

22:27:30.0861 5884 Scan finished

22:27:30.0861 5884 ============================================================

22:27:30.0876 5432 Detected object count: 1

22:27:30.0876 5432 Actual detected object count: 1

22:27:47.0334 5432 sptd ( LockedFile.Multi.Generic ) - skipped by user

22:27:47.0334 5432 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Thanks again so much for your help! Programs aren't freezing constantly anymore, but I have been getting a hard disk problem warning ever since my computer restarted after running ComboFix. It looks like this:

post-137619-0-07072400-1366154680.png

Do you have any idea why?

Let's call a HALT. Take some time.

Backup the system to Offline media, like an external storage drive, a cloud-based backup service if you have one, or to DVDs.

Then after you have saved at minimum your personal files, documents, personal stuff.

Then next, better to do a CHKDSK

See http://windows.microsoft.com/en-us/windows7/check-a-drive-for-errors

Review closely. And do a run using Automatically fix file system errors.

IF you are prompted to reschedule the check for the next time you restart your computer -----then

do so and allow it, and Restart Windows.

Have plenty of patience as this can take a -long- time. Infinite patience.

Link to post
Share on other sites

Very sorry, I had to leave my computer at home while I'm out of town and I won't return until late Monday night. I completely understand if you want to close the thread, but I will be able to give an update tuesday morning if you don't mind waiting until then.

Link to post
Share on other sites

If you have any personal files, documents, etc that you have not backed up, please take time and do a backup onto Offline media {external drive, cloud-based storage, large USB-flash drive, or even DVDs}.

Then it is probably best to have you do a boot-up right into Command prompt and in there do the CHKDSK task.

You should select Logoff, > Restart and then follow this next sequence to get into Command prompt.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

    [*]Select Command Prompt

    [*]In the command window type in

    chkdsk c: /f

    and press Enter-key

    NOTE the space after the K and after the c:

    The chkdsk may well take a very long time, so have infinite patience.

    Let me know the result

Link to post
Share on other sites

SYSTEM is just a friendly name for drive C. The result is good and very encouraging.

You need to remove any CD {if any in there) and any external storage drive {if any} and restart the system into normal mode of Windows.

Do this next:

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

NEXT:

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

When all done, Re-Enable your antivirus program.

Tell me, How is the system ?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.