FBI Virus I Believe

HoserIN · June 27, 2013

I was given a computer to clean but I'm running into issues. I believe it's the FBI ransomware. It's a Windows 7 machine and I'm only able to boot into Safe Mode with Command Prompt. Below are my logs. Any help would be appreciated. Gracias!!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-06-2013 02

Ran by BIG DADDY BROWN (administrator) on 26-06-2013 22:19:35

Running from J:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)

HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-21] (Google Inc.)

HKCU\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]

HKCU\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]

HKCU\...\Run: [searchProtect] C:\Users\BIG DADDY BROWN\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)

HKCU\...\Run: [Visan] rundll32.exe "C:\Users\BIG DADDY BROWN\AppData\Local\Visan\uduvhpun.dll",sTvPitnGnuxqrXyTDflAfkJmiTW [x] <===== ATTENTION

HKCU\...\Run: [wabEventSupport16] rundll32.exe "C:\Users\BIG DADDY BROWN\AppData\Roaming\wabEventSupport16\wabEventSupport16.dll",AwPath KernelUtilLibs [x]

HKCU\...\Run: [cache] rundll32 "C:\Users\BIG DADDY BROWN\AppData\Local\Microsoft Help\cache\ibnghm.dll",DllRegisterServer [x] <===== ATTENTION

HKCU\...\Run: [RemEngine] rundll32 "C:\Users\BIG DADDY BROWN\AppData\Local\Diagnostics\RemEngine\pikiopei.dll",DllRegisterServer [x] <===== ATTENTION

HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\BIG DADDY BROWN\AppData\Local\20c80509-ccf1-4f91-8e30-0029429977e2ad\cccffeead.exe [x] <===== ATTENTION

HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.dat [171520 2011-11-17] (MRI Software Lab.) <==== ATTENTION

HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\DATAMN~1.EXE [1898120 2012-09-25] (MusicLab, LLC)

HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296096 2012-10-27] (RealNetworks, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)

HKLM-x32\...\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()

HKLM-x32\...\Run: [CouponXplorer Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /h [42536 2013-01-19] (MindSpark)

HKLM-x32\...\Run: [CouponXplorer_5z Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\5zbrmon.exe [30096 2013-01-19] (VER_COMPANY_NAME)

HKLM-x32\...\Run: [shopAtHomeWatcher] C:\Users\BIG DADDY BROWN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [x]

HKLM-x32\...\Run: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimize [4386816 2012-10-18] ()

HKLM-x32\...\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)

AppInit_DLLs: C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\x64\IEBHO.dll [1528792 2012-09-25] (MusicLab, LLC)

AppInit_DLLs-x32: c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll [1528792 2012-09-25] ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk

ShortcutTarget: Belkin USB Wireless Adaptor Utility.lnk -> C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

URLSearchHook: (No Name) - {9b138bf3-1d40-4e7e-84bb-2975198ad938} - No File

HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2200774540594461&q={searchTerms}

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2200774540594461&q={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM - {BB6D9427-FE29-4E30-8D96-8B3711D9CCD8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

HKLM-x32 SearchScopes: DefaultScope {3A2EF866-F69A-49EB-BD9E-E548C41BFA53} URL =

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM-x32 - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm163^YY^us&si=250652&ptb=ADD3FBDF-3A35-485C-A391-06C473966B3A&ind=2013012011&n=77fc202b&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2200774540594461&q={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 - {BB6D9427-FE29-4E30-8D96-8B3711D9CCD8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

HKCU SearchScopes: DefaultScope {3A2EF866-F69A-49EB-BD9E-E548C41BFA53} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN18204559422793630&UM=99

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKCU - {3A2EF866-F69A-49EB-BD9E-E548C41BFA53} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN18204559422793630&UM=99

SearchScopes: HKCU - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm163^YY^us&si=250652&ptb=ADD3FBDF-3A35-485C-A391-06C473966B3A&ind=2013012011&n=77fc202b&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {80B3C927-8493-4604-8742-A0BF41DF5DA4} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000030&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2200774540594461&q={searchTerms}

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKCU - {BB6D9427-FE29-4E30-8D96-8B3711D9CCD8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {C2F4F07A-3938-4E31-8A5B-03CAAD1DDD83} URL = http://search.conduit.com/Results.aspx?ctid=CT3300018&SearchSource=45&UM=2&q={searchTerms}

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

BHO: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\x64\BROWSE~1.DLL (MusicLab, LLC)

BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

BHO-x32: Toolbar BHO - {0297a026-3011-46d3-ad62-bb9a7612aea7} - C:\PROGRA~2\COUPON~2\bar\1.bin\5zbar.dll (MindSpark)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Solid Savings - {11111111-1111-1111-1111-110211621178} - C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll (Innovative Apps)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO-x32: Search-Results Toolbar - {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Search Assistant BHO - {7d69ed06-0171-4379-9528-08df51092727} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll (MindSpark)

BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

BHO-x32: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\BROWSE~1.DLL (MusicLab, LLC)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Search-Results Toolbar - {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - CouponXplorer - {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll (MindSpark)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - No File

DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:

=======

CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN11223165172854717&ctid=CT3286042&UM=2

CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN11223165172854717&UM=2

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File

CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Roblox Launcher Plugin) - C:\Users\BIG DADDY BROWN\AppData\Local\Roblox\Versions\version-7b3d65c79aa445d1\\NPRobloxProxy.dll ( Roblox Corporation)

CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File

CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()

CHR Extension: () - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojdbdbhbbkpenbmlejjngphokgnp\7.17.0.27429_0

CHR Extension: (Solid Savings) - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.13_0

CHR Extension: () - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0

CHR Extension: (KeyBar 1.8) - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.16.4.512_0

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0

CHR Extension: (Wajam) - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0

CHR Extension: (DefaultTab) - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0

CHR Extension: () - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0

CHR Extension: (Yontoo) - C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-10-13] (Advanced Micro Devices, Inc.)

S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)

S2 CouponXplorer_5zService; C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [42504 2013-01-19] (COMPANYVERS_NAME)

S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-11] ()

S2 DefaultTabUpdate; C:\Users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-05-07] ()

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)

S2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] ()

S2 0300551368645827mcinstcleanup; C:\Windows\TEMP\030055~1.EXE -cleanup -nolog [x]

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-26 22:28 - 2013-06-26 22:28 - 00000000 ____D C:\ProgramData\Recovery

2013-06-26 22:19 - 2013-06-26 22:19 - 00000000 ____D C:\FRST

2013-06-26 21:39 - 2013-06-26 21:48 - 00000004 ____A C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.ini

2013-06-25 11:20 - 2013-06-25 11:20 - 00855040 ____A C:\Users\BIG DADDY BROWN\AppData\Roaming\92FB.tmp

2013-06-24 21:09 - 2013-06-24 21:09 - 00000000 ____A C:\Users\BIG DADDY BROWN\jqs.exe

2013-06-21 16:09 - 2013-06-21 16:09 - 00001604 ____A C:\Users\BIG DADDY BROWN\Desktop\Sign In - DIRECTV.url

2013-06-13 19:31 - 2013-06-13 19:31 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Roaming\RealNetworks

2013-06-12 10:05 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-11 20:33 - 2013-06-11 20:33 - 00001196 ____A C:\Users\BIG DADDY BROWN\Desktop\Minecraft.url

2013-06-10 22:38 - 2013-06-27 00:46 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Roaming\wabEventSupport16

2013-06-08 09:28 - 2013-06-27 00:46 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Local\Visan

==================== One Month Modified Files and Folders =======

2013-06-27 01:12 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal

2013-06-27 01:12 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns

2013-06-27 01:12 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins

2013-06-27 01:12 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-06-27 01:12 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices

2013-06-27 01:12 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-06-27 01:12 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker

2013-06-27 01:12 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar

2013-06-27 01:12 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\sppui

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Setup

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ras

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\oobe

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\com

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\uk-UA

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\th-TH

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sysprep

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sppui

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sl-SI

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sk-SK

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\Setup

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\ro-RO

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\ras

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\oobe

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\Msdtc

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\migwiz

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\manifeststore

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\lv-LV

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\lt-LT

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\icsxml

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\ias

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\hr-HR

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\he-IL

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\et-EE

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\Dism

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\com

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System

2013-06-27 01:12 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Services

2013-06-27 01:11 - 2012-05-26 13:21 - 00000000 ____D C:\Windows\{B4CB4313-86AE-45AC-8C5D-69A8A52B1116}

2013-06-27 01:11 - 2010-11-21 03:16 - 00000000 ____D C:\Windows\ShellNew

2013-06-27 01:11 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages

2013-06-27 01:11 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2013-06-27 01:11 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices

2013-06-27 01:11 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2013-06-27 01:11 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-06-27 01:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\bg-BG

2013-06-27 01:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\ar-SA

2013-06-27 01:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-06-27 01:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-06-27 01:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\L2Schemas

2013-06-27 01:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME

2013-06-27 01:06 - 2012-04-04 22:58 - 00000000 ____D C:\Windows\System32\Macromed

2013-06-27 01:06 - 2011-05-26 20:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2013-06-27 01:06 - 2011-05-26 19:53 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2013-06-27 01:06 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\System32\restore

2013-06-27 01:06 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy

2013-06-27 01:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2013-06-27 01:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\Recovery

2013-06-27 01:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF

2013-06-27 01:04 - 2012-03-11 00:08 - 00000000 ____D C:\Windows\Minidump

2013-06-27 01:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help

2013-06-27 01:03 - 2012-12-20 17:06 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Roaming\.minecraft

2013-06-27 01:03 - 2012-06-08 23:15 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Roaming\WildTangent

2013-06-27 01:03 - 2012-04-25 21:44 - 00000000 ___RD C:\Users\BIG DADDY BROWN\Podcasts

2013-06-27 01:03 - 2011-09-25 04:19 - 00000000 ____D C:\users\BIG DADDY BROWN

2013-06-27 01:03 - 2011-05-26 20:27 - 00000000 ____D C:\Windows\en

2013-06-27 01:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat

2013-06-27 00:59 - 2011-02-11 12:32 - 00000000 __RHD C:\SYSTEM.SAV

2013-06-27 00:58 - 2013-05-07 14:58 - 00000000 ____D C:\Program Files (x86)\Solid Savings

2013-06-27 00:58 - 2013-05-07 14:56 - 00000000 ____D C:\Program Files (x86)\OtShot

2013-06-27 00:58 - 2013-03-13 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-06-27 00:58 - 2013-03-13 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-06-27 00:58 - 2013-02-01 18:28 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-06-27 00:58 - 2013-01-19 19:03 - 00000000 ____D C:\Program Files (x86)\Yontoo

2013-06-27 00:58 - 2013-01-19 19:03 - 00000000 ____D C:\Program Files (x86)\Wajam

2013-06-27 00:58 - 2013-01-19 19:02 - 00000000 ____D C:\Program Files (x86)\VideoConverter

2013-06-27 00:58 - 2012-12-30 09:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-27 00:58 - 2012-12-30 09:56 - 00000000 ____D C:\Program Files\iTunes

2013-06-27 00:58 - 2012-11-20 21:28 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-06-27 00:58 - 2012-10-27 22:50 - 00000000 ____D C:\Program Files (x86)\MP3 Rocket

2013-06-27 00:58 - 2012-10-24 14:59 - 00000000 ____D C:\ProgramData\Real

2013-06-27 00:58 - 2012-07-26 13:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-06-27 00:58 - 2012-07-26 13:57 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

2013-06-27 00:58 - 2012-04-25 21:41 - 00000000 ____D C:\Program Files\Zune

2013-06-27 00:58 - 2012-02-09 14:24 - 00000000 ____D C:\ProgramData\HP Photo Creations

2013-06-27 00:58 - 2011-11-26 12:51 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-06-27 00:58 - 2011-11-26 12:34 - 00000000 ____D C:\ProgramData\McAfee

2013-06-27 00:58 - 2011-11-18 14:23 - 00000000 ____D C:\ProgramData\Apple Computer

2013-06-27 00:58 - 2011-11-18 14:22 - 00000000 ____D C:\Program Files\Bonjour

2013-06-27 00:58 - 2011-10-08 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-06-27 00:58 - 2011-09-25 16:45 - 00000000 ____D C:\ProgramData\Yahoo! Companion

2013-06-27 00:58 - 2011-05-26 20:23 - 00000000 ___RD C:\Program Files\Online Services

2013-06-27 00:58 - 2011-05-26 20:22 - 00000000 ____D C:\Program Files (x86)\PlayReady

2013-06-27 00:58 - 2011-05-26 20:22 - 00000000 ____D C:\Program Files (x86)\PDF Complete

2013-06-27 00:58 - 2011-05-26 20:22 - 00000000 ____D C:\Program Files (x86)\Kobo

2013-06-27 00:58 - 2011-05-26 20:21 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 4

2013-06-27 00:58 - 2011-05-26 20:20 - 00000000 ____D C:\Program Files\PlayReady

2013-06-27 00:58 - 2011-05-26 20:13 - 00000000 ____D C:\ProgramData\WildTangent

2013-06-27 00:58 - 2011-05-26 20:12 - 00000000 ___RD C:\Program Files (x86)\Online Services

2013-06-27 00:58 - 2011-05-26 20:10 - 00000000 ____D C:\ProgramData\RoxioNow

2013-06-27 00:58 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-06-27 00:57 - 2013-05-07 15:01 - 00000000 ____D C:\Program Files (x86)\DefaultTab

2013-06-27 00:57 - 2013-05-07 15:00 - 00000000 ____D C:\Program Files (x86)\24x7Help

2013-06-27 00:57 - 2012-12-30 09:56 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-06-27 00:57 - 2012-02-09 14:24 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations

2013-06-27 00:57 - 2012-02-09 14:24 - 00000000 ____D C:\Program Files (x86)\Coupons

2013-06-27 00:57 - 2011-11-18 14:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-06-27 00:57 - 2011-11-18 14:22 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-06-27 00:57 - 2011-05-26 20:13 - 00000000 ____D C:\Program Files (x86)\HP Games

2013-06-27 00:46 - 2013-06-10 22:38 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Roaming\wabEventSupport16

2013-06-27 00:46 - 2013-06-08 09:28 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Local\Visan

2013-06-27 00:46 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-06-27 00:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2013-06-26 23:38 - 2012-12-30 09:56 - 00000000 ____D C:\Program Files\iPod

2013-06-26 22:28 - 2013-06-26 22:28 - 00000000 ____D C:\ProgramData\Recovery

2013-06-26 22:19 - 2013-06-26 22:19 - 00000000 ____D C:\FRST

2013-06-26 22:19 - 2009-07-14 00:51 - 00291167 ____A C:\Windows\setupact.log

2013-06-26 22:15 - 2009-07-14 01:13 - 00779724 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-26 22:00 - 2011-11-26 12:53 - 00001830 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk

2013-06-26 21:52 - 2012-05-25 13:13 - 00196608 ____A C:\Windows\System32\Ikeext.etl

2013-06-26 21:52 - 2011-09-25 04:18 - 01202414 ____A C:\Windows\WindowsUpdate.log

2013-06-26 21:48 - 2013-06-26 21:39 - 00000004 ____A C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.ini

2013-06-26 21:48 - 2011-10-24 19:57 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Local\CrashDumps

2013-06-26 21:47 - 2009-07-14 00:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-26 21:47 - 2009-07-14 00:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-26 21:46 - 2012-01-21 14:57 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-26 21:40 - 2011-05-26 20:22 - 00000000 ____D C:\ProgramData\PDFC

2013-06-26 21:39 - 2012-01-21 14:57 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-26 21:39 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-25 11:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing

2013-06-25 11:20 - 2013-06-25 11:20 - 00855040 ____A C:\Users\BIG DADDY BROWN\AppData\Roaming\92FB.tmp

2013-06-25 10:53 - 2013-01-30 23:01 - 00000000 ____A C:\END

2013-06-24 21:09 - 2013-06-24 21:09 - 00000000 ____A C:\Users\BIG DADDY BROWN\jqs.exe

2013-06-24 15:22 - 2011-09-26 16:00 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Roaming\HpUpdate

2013-06-24 15:22 - 2011-09-26 16:00 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Roaming\HP Support Assistant

2013-06-21 16:09 - 2013-06-21 16:09 - 00001604 ____A C:\Users\BIG DADDY BROWN\Desktop\Sign In - DIRECTV.url

2013-06-13 19:31 - 2013-06-13 19:31 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Roaming\RealNetworks

2013-06-12 12:39 - 2013-02-01 18:28 - 00000000 ____D C:\Users\BIG DADDY BROWN\AppData\Local\Microsoft Help

2013-06-11 20:33 - 2013-06-11 20:33 - 00001196 ____A C:\Users\BIG DADDY BROWN\Desktop\Minecraft.url

Files to move or delete:

====================

C:\Users\BIG DADDY BROWN\jqs.exe

C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.dat

C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.ini

C:\ProgramData\7591662.bat

C:\ProgramData\7591662.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-05-25 01:10

==================== End Of Log ============================

Farbar Recovery Scan Tool (x64) Version: 26-06-2013 02

Ran by BIG DADDY BROWN at 2013-06-26 22:23:01

Running from J:\

Boot Mode: Safe Mode (minimal)

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

HoserIN · June 27, 2013

Sorry. Disregard this re-post. The site kept giving me an error and I didn't think it was posting.

D-FRED-BROWN · June 27, 2013

Looking at it now

D-FRED-BROWN · June 27, 2013

Hello HoserIN and welcome to Malwarebytes!

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the flashdrive as fixlist.txt

C:\Users\BIG DADDY BROWN\jqs.exe
C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.dat
C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.ini
C:\ProgramData\7591662.bat
C:\ProgramData\7591662.reg
2013-06-25 11:20 - 2013-06-25 11:20 - 00855040 ____A C:\Users\BIG DADDY BROWN\AppData\Roaming\92FB.tmp
2013-06-26 21:39 - 2012-01-21 14:57 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 21:39 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 21:46 - 2012-01-21 14:57 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 21:48 - 2013-06-26 21:39 - 00000004 ____A C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.ini
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)
HKCU\...\Run: [Visan] rundll32.exe "C:\Users\BIG DADDY BROWN\AppData\Local\Visan\uduvhpun.dll",sTvPitnGnuxqrXyTDflAfkJmiTW [x] <===== ATTENTION
HKCU\...\Run: [searchProtect] C:\Users\BIG DADDY BROWN\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKCU\...\Run: [cache] rundll32 "C:\Users\BIG DADDY BROWN\AppData\Local\Microsoft Help\cache\ibnghm.dll",DllRegisterServer [x] <===== ATTENTION
HKCU\...\Run: [RemEngine] rundll32 "C:\Users\BIG DADDY BROWN\AppData\Local\Diagnostics\RemEngine\pikiopei.dll",DllRegisterServer [x] <===== ATTENTION
HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\BIG DADDY BROWN\AppData\Local\20c80509-ccf1-4f91-8e30-0029429977e2ad\cccffeead.exe [x] <===== ATTENTION
HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.dat [171520 2011-11-17] (MRI Software Lab.) <==== ATTENTION

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

HoserIN · June 27, 2013

Yes, I am able to boot normally now. Below is the Fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-06-2013 02

Ran by BIG DADDY BROWN at 2013-06-26 23:05:05 Run:1

Running from J:\

Boot Mode: Safe Mode (minimal)

==============================================

C:\Users\BIG DADDY BROWN\jqs.exe => Moved successfully.

C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.dat => Moved successfully.

C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.ini => Moved successfully.

C:\ProgramData\7591662.bat => Moved successfully.

C:\ProgramData\7591662.reg => Moved successfully.

C:\Users\BIG DADDY BROWN\AppData\Roaming\92FB.tmp => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\Windows\Tasks\SA.DAT => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\Users\BIG DADDY BROWN\AppData\Roaming\skype.ini => File/Directory not found.

CltMngSvc => Service deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Visan => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cache => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\RemEngine => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

==== End of Fixlog ====

D-FRED-BROWN · June 27, 2013

Glad to hear you can boot. Let's start getting rid of the rest of it:

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------
Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

HoserIN · June 28, 2013

Here are the logs you requested. I had to split them up into multiple replies because of the length. The computer is running OK. We browsing is a little slow. There is a program called Wajam showing up in seach results. I'm going to try and get rid of that. Thanks again for the assistance!!

23:17:03.0787 2128 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

23:17:05.0799 2128 ============================================================

23:17:07.0234 2128 Current date / time: 2013/06/26 23:17:05.0799

23:17:07.0234 2128 SystemInfo:

23:17:07.0234 2128

23:17:07.0234 2128 OS Version: 6.1.7601 ServicePack: 1.0

23:17:07.0234 2128 Product type: Workstation

23:17:07.0234 2128 ComputerName: BIGDADDYBROWN

23:17:07.0234 2128 UserName: BIG DADDY BROWN

23:17:07.0234 2128 Windows directory: C:\Windows

23:17:07.0234 2128 System windows directory: C:\Windows

23:17:07.0234 2128 Running under WOW64

23:17:07.0234 2128 Processor architecture: Intel x64

23:17:07.0234 2128 Number of processors: 2

23:17:07.0234 2128 Page size: 0x1000

23:17:07.0234 2128 Boot type: Normal boot

23:17:07.0234 2128 ============================================================

23:17:09.0450 2128 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:17:09.0481 2128 ============================================================

23:17:09.0481 2128 \Device\Harddisk0\DR0:

23:17:09.0481 2128 MBR partitions:

23:17:09.0481 2128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:17:09.0481 2128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55E9D000

23:17:09.0481 2128 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55ECF800, BlocksNum 0x1676000

23:17:09.0481 2128 ============================================================

23:17:09.0512 2128 C: <-> \Device\Harddisk0\DR0\Partition2

23:17:09.0559 2128 D: <-> \Device\Harddisk0\DR0\Partition3

23:17:09.0559 2128 ============================================================

23:17:09.0559 2128 Initialize success

23:17:09.0559 2128 ============================================================

23:17:17.0749 5888 ============================================================

23:17:17.0749 5888 Scan started

23:17:17.0749 5888 Mode: Manual;

23:17:17.0749 5888 ============================================================

23:17:22.0835 5888 ================ Scan system memory ========================

23:17:22.0835 5888 System memory - ok

23:17:22.0835 5888 ================ Scan services =============================

23:17:23.0178 5888 0121151372302875mcinstcleanup - ok

23:17:23.0412 5888 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:17:23.0474 5888 1394ohci - ok

23:17:23.0490 5888 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:17:23.0490 5888 ACPI - ok

23:17:23.0505 5888 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:17:23.0552 5888 AcpiPmi - ok

23:17:23.0708 5888 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:17:23.0708 5888 AdobeARMservice - ok

23:17:24.0051 5888 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:17:24.0114 5888 AdobeFlashPlayerUpdateSvc - ok

23:17:24.0504 5888 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

23:17:24.0519 5888 adp94xx - ok

23:17:24.0566 5888 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

23:17:24.0582 5888 adpahci - ok

23:17:24.0597 5888 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

23:17:24.0597 5888 adpu320 - ok

23:17:24.0644 5888 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:17:24.0660 5888 AeLookupSvc - ok

23:17:24.0675 5888 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

23:17:24.0675 5888 AFD - ok

23:17:24.0691 5888 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:17:24.0691 5888 agp440 - ok

23:17:24.0722 5888 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:17:24.0722 5888 ALG - ok

23:17:24.0738 5888 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

23:17:24.0738 5888 aliide - ok

23:17:24.0769 5888 [ CA0D6C1390F4B3BAF2A0A69D1A7F8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

23:17:24.0816 5888 AMD External Events Utility - ok

23:17:24.0894 5888 AMD FUEL Service - ok

23:17:24.0909 5888 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

23:17:24.0909 5888 amdide - ok

23:17:24.0941 5888 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

23:17:24.0987 5888 amdiox64 - ok

23:17:25.0003 5888 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

23:17:25.0019 5888 AmdK8 - ok

23:17:25.0159 5888 [ 75E4BACA583AE02C11E9AC8747E2ABE0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

23:17:25.0284 5888 amdkmdag - ok

23:17:25.0299 5888 [ B765CF4B32F347BE747B21AE22641025 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

23:17:25.0315 5888 amdkmdap - ok

23:17:25.0362 5888 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

23:17:25.0362 5888 AmdPPM - ok

23:17:25.0377 5888 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:17:25.0440 5888 amdsata - ok

23:17:25.0471 5888 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

23:17:25.0502 5888 amdsbs - ok

23:17:25.0518 5888 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:17:25.0518 5888 amdxata - ok

23:17:25.0533 5888 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys

23:17:25.0533 5888 amd_sata - ok

23:17:25.0549 5888 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\Windows\system32\drivers\amd_xata.sys

23:17:25.0549 5888 amd_xata - ok

23:17:25.0658 5888 [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

23:17:25.0721 5888 AODDriver4.01 - ok

23:17:25.0783 5888 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

23:17:25.0845 5888 AppID - ok

23:17:25.0877 5888 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:17:25.0892 5888 AppIDSvc - ok

23:17:25.0908 5888 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

23:17:25.0908 5888 Appinfo - ok

23:17:26.0329 5888 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:17:26.0423 5888 Apple Mobile Device - ok

23:17:26.0454 5888 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

23:17:26.0469 5888 arc - ok

23:17:26.0485 5888 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

23:17:26.0485 5888 arcsas - ok

23:17:26.0735 5888 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:17:26.0797 5888 aspnet_state - ok

23:17:26.0844 5888 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:17:26.0859 5888 AsyncMac - ok

23:17:26.0875 5888 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

23:17:26.0875 5888 atapi - ok

23:17:26.0891 5888 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

23:17:26.0891 5888 AtiHDAudioService - ok

23:17:26.0969 5888 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\drivers\AtiPcie64.sys

23:17:27.0078 5888 AtiPcie - ok

23:17:27.0156 5888 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:17:27.0218 5888 AudioEndpointBuilder - ok

23:17:27.0265 5888 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:17:27.0265 5888 AudioSrv - ok

23:17:27.0296 5888 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:17:27.0343 5888 AxInstSV - ok

23:17:27.0405 5888 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

23:17:27.0405 5888 b06bdrv - ok

23:17:27.0437 5888 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:17:27.0437 5888 b57nd60a - ok

23:17:27.0671 5888 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

23:17:27.0733 5888 BBSvc - ok

23:17:27.0858 5888 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

23:17:27.0951 5888 BBUpdate - ok

23:17:28.0029 5888 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys

23:17:28.0201 5888 BCMH43XX - ok

23:17:28.0295 5888 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:17:28.0341 5888 BDESVC - ok

23:17:28.0435 5888 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:17:28.0435 5888 Beep - ok

23:17:28.0560 5888 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

23:17:28.0653 5888 BFE - ok

23:17:28.0934 5888 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

23:17:29.0028 5888 BITS - ok

23:17:29.0059 5888 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

23:17:29.0059 5888 blbdrive - ok

23:17:29.0153 5888 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:17:29.0215 5888 Bonjour Service - ok

23:17:29.0246 5888 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:17:29.0324 5888 bowser - ok

23:17:29.0340 5888 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

23:17:29.0340 5888 BrFiltLo - ok

23:17:29.0355 5888 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

23:17:29.0355 5888 BrFiltUp - ok

23:17:29.0418 5888 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

23:17:29.0465 5888 Browser - ok

23:17:29.0465 5888 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:17:29.0480 5888 Brserid - ok

23:17:29.0496 5888 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:17:29.0496 5888 BrSerWdm - ok

23:17:29.0511 5888 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:17:29.0527 5888 BrUsbMdm - ok

23:17:29.0527 5888 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:17:29.0527 5888 BrUsbSer - ok

23:17:29.0543 5888 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

23:17:29.0543 5888 BTHMODEM - ok

23:17:29.0574 5888 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:17:29.0574 5888 bthserv - ok

23:17:29.0589 5888 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:17:29.0589 5888 cdfs - ok

23:17:29.0605 5888 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:17:29.0667 5888 cdrom - ok

23:17:29.0761 5888 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

23:17:29.0792 5888 CertPropSvc - ok

23:17:29.0855 5888 [ D2B3252AD4EB499C935A56467997AA3C ] cfwids C:\Windows\system32\drivers\cfwids.sys

23:17:29.0901 5888 cfwids - ok

23:17:29.0917 5888 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

23:17:29.0917 5888 circlass - ok

23:17:29.0948 5888 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:17:29.0948 5888 CLFS - ok

23:17:30.0026 5888 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:17:30.0042 5888 clr_optimization_v2.0.50727_32 - ok

23:17:30.0073 5888 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:17:30.0089 5888 clr_optimization_v2.0.50727_64 - ok

23:17:30.0182 5888 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:17:30.0245 5888 clr_optimization_v4.0.30319_32 - ok

23:17:30.0369 5888 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:17:30.0510 5888 clr_optimization_v4.0.30319_64 - ok

23:17:30.0541 5888 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

23:17:30.0572 5888 CmBatt - ok

23:17:30.0572 5888 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:17:30.0588 5888 cmdide - ok

23:17:30.0619 5888 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

23:17:30.0666 5888 CNG - ok

23:17:30.0744 5888 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

23:17:30.0775 5888 Compbatt - ok

23:17:30.0806 5888 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:17:30.0884 5888 CompositeBus - ok

23:17:30.0915 5888 COMSysApp - ok

23:17:31.0087 5888 [ 622FCF264119F7DF127BE353F796B319 ] CouponXplorer_5zService C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe

23:17:31.0149 5888 CouponXplorer_5zService - ok

23:17:31.0196 5888 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

23:17:31.0196 5888 crcdisk - ok

23:17:31.0321 5888 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:17:31.0321 5888 CryptSvc - ok

23:17:31.0602 5888 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

23:17:31.0680 5888 cvhsvc - ok

23:17:31.0805 5888 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:17:31.0820 5888 DcomLaunch - ok

23:17:31.0961 5888 [ 2D7C1661961CE19085B6A968B1B293D4 ] DefaultTabSearch C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe

23:17:32.0148 5888 DefaultTabSearch - ok

23:17:32.0351 5888 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

23:17:32.0413 5888 DefaultTabUpdate - ok

23:17:32.0553 5888 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:17:32.0616 5888 defragsvc - ok

23:17:32.0663 5888 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:17:32.0741 5888 DfsC - ok

23:17:32.0819 5888 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

23:17:32.0850 5888 Dhcp - ok

23:17:32.0865 5888 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:17:32.0865 5888 discache - ok

23:17:32.0897 5888 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

23:17:32.0912 5888 Disk - ok

23:17:32.0928 5888 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:17:32.0976 5888 Dnscache - ok

23:17:33.0069 5888 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:17:33.0256 5888 dot3svc - ok

23:17:33.0288 5888 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

23:17:33.0319 5888 DPS - ok

23:17:33.0381 5888 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:17:33.0381 5888 drmkaud - ok

23:17:33.0584 5888 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:17:33.0787 5888 DXGKrnl - ok

23:17:33.0865 5888 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:17:33.0880 5888 EapHost - ok

23:17:34.0208 5888 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

23:17:34.0270 5888 ebdrv - ok

23:17:34.0317 5888 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

23:17:34.0364 5888 EFS - ok

23:17:34.0551 5888 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:17:34.0707 5888 ehRecvr - ok

23:17:34.0723 5888 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:17:34.0754 5888 ehSched - ok

23:17:34.0848 5888 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

23:17:34.0894 5888 elxstor - ok

23:17:34.0910 5888 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:17:34.0910 5888 ErrDev - ok

23:17:34.0957 5888 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:17:34.0957 5888 EventSystem - ok

23:17:34.0972 5888 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:17:34.0988 5888 exfat - ok

23:17:34.0988 5888 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:17:35.0004 5888 fastfat - ok

23:17:35.0035 5888 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

23:17:35.0082 5888 Fax - ok

23:17:35.0097 5888 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

23:17:35.0097 5888 fdc - ok

23:17:35.0128 5888 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:17:35.0128 5888 fdPHost - ok

23:17:35.0128 5888 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:17:35.0144 5888 FDResPub - ok

23:17:35.0144 5888 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:17:35.0144 5888 FileInfo - ok

23:17:35.0160 5888 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:17:35.0160 5888 Filetrace - ok

23:17:35.0160 5888 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

23:17:35.0160 5888 flpydisk - ok

23:17:35.0175 5888 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:17:35.0222 5888 FltMgr - ok

23:17:35.0253 5888 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

23:17:35.0347 5888 FontCache - ok

23:17:35.0378 5888 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:17:35.0440 5888 FontCache3.0.0.0 - ok

23:17:35.0472 5888 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:17:35.0472 5888 FsDepends - ok

23:17:35.0472 5888 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:17:35.0534 5888 Fs_Rec - ok

23:17:35.0550 5888 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:17:35.0550 5888 fvevol - ok

23:17:35.0565 5888 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

23:17:35.0565 5888 gagp30kx - ok

23:17:35.0612 5888 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

23:17:35.0674 5888 GamesAppService - ok

23:17:35.0768 5888 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:17:35.0830 5888 GEARAspiWDM - ok

23:17:35.0924 5888 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

23:17:35.0971 5888 gpsvc - ok

23:17:36.0049 5888 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:17:36.0111 5888 gupdate - ok

23:17:36.0127 5888 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:17:36.0127 5888 gupdatem - ok

23:17:36.0220 5888 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

23:17:36.0298 5888 gusvc - ok

23:17:36.0408 5888 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:17:36.0408 5888 hcw85cir - ok

23:17:36.0470 5888 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:17:36.0548 5888 HdAudAddService - ok

23:17:36.0626 5888 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

23:17:36.0626 5888 HDAudBus - ok

23:17:36.0688 5888 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

23:17:36.0813 5888 HidBatt - ok

23:17:36.0829 5888 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

23:17:36.0829 5888 HidBth - ok

23:17:36.0829 5888 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

23:17:36.0907 5888 HidIr - ok

23:17:36.0938 5888 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

23:17:36.0938 5888 hidserv - ok

23:17:36.0969 5888 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:17:37.0016 5888 HidUsb - ok

23:17:37.0047 5888 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

23:17:37.0110 5888 HipShieldK - ok

23:17:37.0141 5888 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:17:37.0172 5888 hkmsvc - ok

23:17:37.0188 5888 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:17:37.0188 5888 HomeGroupListener - ok

23:17:37.0219 5888 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:17:37.0219 5888 HomeGroupProvider - ok

23:17:37.0359 5888 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

23:17:37.0468 5888 HP Support Assistant Service - ok

23:17:37.0780 5888 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

23:17:37.0843 5888 HPClientSvc - ok

23:17:37.0905 5888 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

23:17:37.0983 5888 hpqwmiex - ok

23:17:38.0014 5888 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:17:38.0061 5888 HpSAMD - ok

23:17:38.0092 5888 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:17:38.0092 5888 HTTP - ok

23:17:38.0092 5888 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:17:38.0108 5888 hwpolicy - ok

23:17:38.0124 5888 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:17:38.0124 5888 i8042prt - ok

23:17:38.0139 5888 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:17:38.0202 5888 iaStorV - ok

23:17:38.0311 5888 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:17:38.0436 5888 idsvc - ok

23:17:38.0919 5888 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

23:17:39.0278 5888 igfx - ok

23:17:39.0325 5888 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

23:17:39.0340 5888 iirsp - ok

23:17:39.0512 5888 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

23:17:39.0559 5888 IKEEXT - ok

23:17:39.0652 5888 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

23:17:39.0652 5888 IntcAzAudAddService - ok

23:17:39.0668 5888 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

23:17:39.0668 5888 intelide - ok

23:17:39.0684 5888 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

23:17:39.0699 5888 intelppm - ok

23:17:39.0777 5888 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:17:39.0777 5888 IPBusEnum - ok

23:17:39.0777 5888 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:17:39.0840 5888 IpFilterDriver - ok

23:17:39.0840 5888 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:17:39.0855 5888 iphlpsvc - ok

23:17:39.0855 5888 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:17:39.0902 5888 IPMIDRV - ok

23:17:39.0918 5888 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:17:39.0918 5888 IPNAT - ok

23:17:39.0996 5888 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:17:40.0058 5888 iPod Service - ok

23:17:40.0089 5888 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:17:40.0089 5888 IRENUM - ok

23:17:40.0105 5888 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:17:40.0105 5888 isapnp - ok

23:17:40.0120 5888 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:17:40.0167 5888 iScsiPrt - ok

23:17:40.0183 5888 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:17:40.0183 5888 kbdclass - ok

23:17:40.0214 5888 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:17:40.0261 5888 kbdhid - ok

23:17:40.0276 5888 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

23:17:40.0276 5888 KeyIso - ok

23:17:40.0276 5888 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:17:40.0323 5888 KSecDD - ok

23:17:40.0323 5888 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:17:40.0386 5888 KSecPkg - ok

23:17:40.0401 5888 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:17:40.0401 5888 ksthunk - ok

23:17:40.0432 5888 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:17:40.0432 5888 KtmRm - ok

23:17:40.0479 5888 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

23:17:40.0510 5888 LanmanServer - ok

23:17:40.0604 5888 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:17:40.0651 5888 LanmanWorkstation - ok

23:17:40.0744 5888 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

23:17:40.0791 5888 LightScribeService - ok

23:17:40.0854 5888 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:17:40.0854 5888 lltdio - ok

23:17:40.0885 5888 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:17:40.0900 5888 lltdsvc - ok

23:17:40.0900 5888 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:17:40.0916 5888 lmhosts - ok

23:17:40.0932 5888 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

23:17:40.0932 5888 LSI_FC - ok

23:17:40.0947 5888 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

23:17:40.0947 5888 LSI_SAS - ok

23:17:40.0947 5888 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

23:17:40.0963 5888 LSI_SAS2 - ok

23:17:40.0963 5888 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

23:17:40.0963 5888 LSI_SCSI - ok

23:17:40.0978 5888 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:17:40.0978 5888 luafv - ok

23:17:41.0119 5888 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

23:17:41.0119 5888 McAfee SiteAdvisor Service - ok

23:17:41.0197 5888 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

23:17:41.0259 5888 McComponentHostService - ok

23:17:41.0290 5888 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

23:17:41.0290 5888 McMPFSvc - ok

23:17:41.0306 5888 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

23:17:41.0306 5888 mcmscsvc - ok

23:17:41.0306 5888 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

23:17:41.0322 5888 McNaiAnn - ok

23:17:41.0353 5888 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

23:17:41.0353 5888 McNASvc - ok

23:17:41.0431 5888 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

23:17:41.0446 5888 McODS - ok

23:17:41.0446 5888 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

23:17:41.0462 5888 McProxy - ok

23:17:41.0571 5888 [ 21F81090A00932C5E96700EDF2977582 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

23:17:41.0634 5888 McShield - ok

23:17:41.0696 5888 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:17:41.0743 5888 Mcx2Svc - ok

23:17:41.0758 5888 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

23:17:41.0758 5888 megasas - ok

23:17:41.0805 5888 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

23:17:41.0821 5888 MegaSR - ok

23:17:41.0836 5888 [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

23:17:41.0883 5888 mfeapfk - ok

23:17:41.0914 5888 [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

23:17:41.0961 5888 mfeavfk - ok

23:17:41.0977 5888 mfeavfk01 - ok

23:17:42.0055 5888 [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

23:17:42.0102 5888 mfefire - ok

23:17:42.0117 5888 [ CECC9841D036EE008091825272D91331 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

23:17:42.0195 5888 mfefirek - ok

23:17:42.0211 5888 [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

23:17:42.0289 5888 mfehidk - ok

23:17:42.0351 5888 [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

23:17:42.0398 5888 mferkdet - ok

23:17:42.0460 5888 [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp C:\Windows\system32\mfevtps.exe

23:17:42.0507 5888 mfevtp - ok

23:17:42.0554 5888 [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

23:17:42.0616 5888 mfewfpk - ok

23:17:42.0663 5888 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:17:42.0663 5888 MMCSS - ok

23:17:42.0679 5888 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:17:42.0694 5888 Modem - ok

23:17:42.0726 5888 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:17:42.0726 5888 monitor - ok

23:17:42.0741 5888 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:17:42.0757 5888 mouclass - ok

23:17:42.0757 5888 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:17:42.0757 5888 mouhid - ok

23:17:42.0772 5888 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:17:42.0772 5888 mountmgr - ok

23:17:42.0788 5888 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

23:17:42.0850 5888 mpio - ok

23:17:42.0944 5888 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:17:42.0944 5888 mpsdrv - ok

23:17:42.0991 5888 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:17:43.0038 5888 MpsSvc - ok

23:17:43.0038 5888 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:17:43.0100 5888 MRxDAV - ok

23:17:43.0147 5888 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:17:43.0194 5888 mrxsmb - ok

23:17:43.0209 5888 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:17:43.0256 5888 mrxsmb10 - ok

23:17:43.0272 5888 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:17:43.0318 5888 mrxsmb20 - ok

23:17:43.0318 5888 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

23:17:43.0381 5888 msahci - ok

23:17:43.0396 5888 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:17:43.0459 5888 msdsm - ok

23:17:43.0474 5888 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:17:43.0490 5888 MSDTC - ok

23:17:43.0506 5888 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:17:43.0506 5888 Msfs - ok

23:17:43.0506 5888 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:17:43.0521 5888 mshidkmdf - ok

23:17:43.0521 5888 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:17:43.0521 5888 msisadrv - ok

23:17:43.0568 5888 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:17:43.0584 5888 MSiSCSI - ok

23:17:43.0584 5888 msiserver - ok

23:17:43.0615 5888 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:17:43.0615 5888 MSKSSRV - ok

23:17:43.0662 5888 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:17:43.0693 5888 MSPCLOCK - ok

23:17:43.0724 5888 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:17:43.0724 5888 MSPQM - ok

23:17:43.0740 5888 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:17:43.0786 5888 MsRPC - ok

23:17:43.0802 5888 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

23:17:43.0802 5888 mssmbios - ok

23:17:43.0818 5888 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:17:43.0818 5888 MSTEE - ok

23:17:43.0833 5888 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

23:17:43.0833 5888 MTConfig - ok

23:17:43.0833 5888 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:17:43.0849 5888 Mup - ok

23:17:43.0880 5888 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

23:17:43.0880 5888 napagent - ok

23:17:43.0958 5888 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:17:43.0958 5888 NativeWifiP - ok

23:17:43.0989 5888 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:17:44.0005 5888 NDIS - ok

23:17:44.0036 5888 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:17:44.0052 5888 NdisCap - ok

23:17:44.0052 5888 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:17:44.0067 5888 NdisTapi - ok

23:17:44.0083 5888 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:17:44.0083 5888 Ndisuio - ok

23:17:44.0114 5888 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:17:44.0161 5888 NdisWan - ok

23:17:44.0208 5888 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:17:44.0301 5888 NDProxy - ok

23:17:44.0317 5888 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:17:44.0332 5888 NetBIOS - ok

23:17:44.0348 5888 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:17:44.0348 5888 NetBT - ok

23:17:44.0364 5888 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

23:17:44.0364 5888 Netlogon - ok

23:17:44.0395 5888 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:17:44.0410 5888 Netman - ok

23:17:44.0473 5888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:17:44.0660 5888 NetMsmqActivator - ok

23:17:44.0910 5888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:17:44.0910 5888 NetPipeActivator - ok

23:17:45.0050 5888 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:17:45.0050 5888 netprofm - ok

23:17:45.0081 5888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:17:45.0081 5888 NetTcpActivator - ok

23:17:45.0112 5888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:17:45.0112 5888 NetTcpPortSharing - ok

23:17:45.0268 5888 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

23:17:45.0300 5888 nfrd960 - ok

23:17:45.0378 5888 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:17:45.0424 5888 NlaSvc - ok

23:17:45.0752 5888 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

23:17:46.0017 5888 NOBU - ok

23:17:46.0033 5888 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:17:46.0033 5888 Npfs - ok

23:17:46.0048 5888 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:17:46.0064 5888 nsi - ok

23:17:46.0126 5888 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:17:46.0126 5888 nsiproxy - ok

23:17:46.0298 5888 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:17:46.0470 5888 Ntfs - ok

23:17:46.0532 5888 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:17:46.0563 5888 Null - ok

23:17:46.0610 5888 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:17:46.0657 5888 nvraid - ok

23:17:46.0828 5888 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:17:46.0906 5888 nvstor - ok

23:17:46.0953 5888 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:17:47.0000 5888 nv_agp - ok

23:17:47.0031 5888 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:17:47.0047 5888 ohci1394 - ok

23:17:47.0156 5888 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:17:47.0218 5888 ose - ok

23:17:47.0749 5888 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:17:48.0264 5888 osppsvc - ok

23:17:48.0310 5888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:17:48.0310 5888 p2pimsvc - ok

23:17:48.0326 5888 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:17:48.0342 5888 p2psvc - ok

23:17:48.0357 5888 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

23:17:48.0357 5888 Parport - ok

23:17:48.0373 5888 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:17:48.0435 5888 partmgr - ok

23:17:48.0435 5888 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:17:48.0451 5888 PcaSvc - ok

23:17:48.0451 5888 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

23:17:48.0498 5888 pci - ok

23:17:48.0529 5888 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

23:17:48.0529 5888 pciide - ok

23:17:48.0544 5888 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

23:17:48.0591 5888 pcmcia - ok

23:17:48.0591 5888 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:17:48.0591 5888 pcw - ok

23:17:48.0669 5888 pdfcDispatcher - ok

23:17:48.0685 5888 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:17:48.0700 5888 PEAUTH - ok

23:17:48.0872 5888 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:17:48.0872 5888 PerfHost - ok

23:17:49.0122 5888 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

23:17:49.0168 5888 pla - ok

23:17:49.0246 5888 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:17:49.0293 5888 PlugPlay - ok

23:17:49.0309 5888 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:17:49.0324 5888 PNRPAutoReg - ok

23:17:49.0340 5888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:17:49.0340 5888 PNRPsvc - ok

23:17:49.0387 5888 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:17:49.0434 5888 PolicyAgent - ok

23:17:49.0449 5888 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:17:49.0449 5888 Power - ok

23:17:49.0574 5888 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:17:49.0621 5888 PptpMiniport - ok

23:17:49.0636 5888 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

23:17:49.0636 5888 Processor - ok

23:17:49.0668 5888 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

23:17:49.0714 5888 ProfSvc - ok

23:17:49.0730 5888 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:17:49.0730 5888 ProtectedStorage - ok

23:17:49.0761 5888 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:17:49.0761 5888 Psched - ok

23:17:49.0792 5888 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

23:17:49.0824 5888 ql2300 - ok

23:17:49.0839 5888 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

23:17:49.0839 5888 ql40xx - ok

23:17:49.0855 5888 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:17:49.0870 5888 QWAVE - ok

23:17:49.0886 5888 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:17:49.0886 5888 QWAVEdrv - ok

23:17:49.0902 5888 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:17:49.0902 5888 RasAcd - ok

23:17:49.0933 5888 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:17:49.0933 5888 RasAgileVpn - ok

23:17:49.0964 5888 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:17:49.0980 5888 RasAuto - ok

23:17:49.0980 5888 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:17:50.0026 5888 Rasl2tp - ok

23:17:50.0058 5888 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

23:17:50.0104 5888 RasMan - ok

23:17:50.0136 5888 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:17:50.0136 5888 RasPppoe - ok

23:17:50.0167 5888 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:17:50.0167 5888 RasSstp - ok

23:17:50.0182 5888 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:17:50.0229 5888 rdbss - ok

23:17:50.0245 5888 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

23:17:50.0245 5888 rdpbus - ok

23:17:50.0245 5888 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:17:50.0260 5888 RDPCDD - ok

23:17:50.0260 5888 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:17:50.0260 5888 RDPENCDD - ok

23:17:50.0276 5888 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:17:50.0276 5888 RDPREFMP - ok

23:17:50.0276 5888 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:17:50.0338 5888 RDPWD - ok

23:17:50.0401 5888 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:17:50.0463 5888 rdyboost - ok

23:17:50.0494 5888 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:17:50.0510 5888 RemoteAccess - ok

23:17:50.0526 5888 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:17:50.0526 5888 RemoteRegistry - ok

23:17:50.0697 5888 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

23:17:50.0775 5888 RoxioNow Service - ok

23:17:50.0806 5888 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:17:50.0806 5888 RpcEptMapper - ok

23:17:50.0838 5888 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:17:50.0838 5888 RpcLocator - ok

23:17:50.0884 5888 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

23:17:50.0884 5888 RpcSs - ok

23:17:50.0916 5888 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:17:50.0916 5888 rspndr - ok

23:17:50.0947 5888 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

23:17:50.0947 5888 RTL8167 - ok

23:17:50.0962 5888 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

23:17:50.0962 5888 SamSs - ok

23:17:50.0978 5888 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:17:51.0040 5888 sbp2port - ok

23:17:51.0056 5888 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:17:51.0056 5888 SCardSvr - ok

23:17:51.0072 5888 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:17:51.0118 5888 scfilter - ok

23:17:51.0134 5888 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

23:17:51.0196 5888 Schedule - ok

23:17:51.0228 5888 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:17:51.0228 5888 SCPolicySvc - ok

23:17:51.0259 5888 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:17:51.0306 5888 SDRSVC - ok

23:17:51.0306 5888 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:17:51.0306 5888 secdrv - ok

23:17:51.0321 5888 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

23:17:51.0368 5888 seclogon - ok

23:17:51.0368 5888 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

23:17:51.0384 5888 SENS - ok

23:17:51.0399 5888 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:17:51.0399 5888 SensrSvc - ok

23:17:51.0430 5888 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

23:17:51.0446 5888 Serenum - ok

23:17:51.0462 5888 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

23:17:51.0462 5888 Serial - ok

23:17:51.0462 5888 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

23:17:51.0462 5888 sermouse - ok

23:17:51.0493 5888 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

23:17:51.0524 5888 SessionEnv - ok

23:17:51.0540 5888 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:17:51.0540 5888 sffdisk - ok

23:17:51.0540 5888 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:17:51.0555 5888 sffp_mmc - ok

23:17:51.0555 5888 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:17:51.0602 5888 sffp_sd - ok

23:17:51.0618 5888 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

23:17:51.0618 5888 sfloppy - ok

23:17:51.0633 5888 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

23:17:51.0711 5888 Sftfs - ok

23:17:51.0820 5888 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

23:17:51.0883 5888 sftlist - ok

23:17:51.0898 5888 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

23:17:51.0945 5888 Sftplay - ok

23:17:51.0961 5888 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

23:17:52.0008 5888 Sftredir - ok

23:17:52.0008 5888 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

23:17:52.0070 5888 Sftvol - ok

23:17:52.0086 5888 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

23:17:52.0148 5888 sftvsa - ok

23:17:52.0179 5888 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:17:52.0179 5888 SharedAccess - ok

23:17:52.0210 5888 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:17:52.0257 5888 ShellHWDetection - ok

23:17:52.0304 5888 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

23:17:52.0304 5888 SiSRaid2 - ok

23:17:52.0304 5888 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

23:17:52.0320 5888 SiSRaid4 - ok

23:17:52.0335 5888 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:17:52.0335 5888 Smb - ok

23:17:52.0351 5888 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:17:52.0366 5888 SNMPTRAP - ok

23:17:52.0366 5888 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:17:52.0366 5888 spldr - ok

23:17:52.0398 5888 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

23:17:52.0460 5888 Spooler - ok

23:17:52.0647 5888 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

23:17:52.0663 5888 sppsvc - ok

23:17:52.0663 5888 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:17:52.0678 5888 sppuinotify - ok

23:17:52.0694 5888 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

23:17:52.0741 5888 srv - ok

23:17:52.0756 5888 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:17:52.0819 5888 srv2 - ok

23:17:52.0819 5888 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:17:52.0881 5888 srvnet - ok

23:17:52.0897 5888 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:17:52.0912 5888 SSDPSRV - ok

23:17:52.0912 5888 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:17:52.0912 5888 SstpSvc - ok

23:17:52.0944 5888 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

23:17:52.0944 5888 stexstor - ok

23:17:52.0959 5888 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

23:17:52.0959 5888 StillCam - ok

23:17:53.0006 5888 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

23:17:53.0053 5888 stisvc - ok

23:17:53.0068 5888 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

23:17:53.0068 5888 swenum - ok

23:17:53.0100 5888 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:17:53.0115 5888 swprv - ok

23:17:53.0146 5888 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

23:17:53.0209 5888 SysMain - ok

23:17:53.0224 5888 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:17:53.0256 5888 TabletInputService - ok

23:17:53.0271 5888 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:17:53.0318 5888 TapiSrv - ok

23:17:53.0349 5888 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:17:53.0349 5888 TBS - ok

23:17:53.0380 5888 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:17:53.0396 5888 Tcpip - ok

23:17:53.0427 5888 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:17:53.0443 5888 TCPIP6 - ok

23:17:53.0474 5888 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:17:53.0521 5888 tcpipreg - ok

23:17:53.0536 5888 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:17:53.0536 5888 TDPIPE - ok

23:17:53.0552 5888 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:17:53.0599 5888 TDTCP - ok

23:17:53.0614 5888 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:17:53.0661 5888 tdx - ok

23:17:53.0677 5888 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

23:17:53.0708 5888 TermDD - ok

23:17:53.0755 5888 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

23:17:53.0802 5888 TermService - ok

23:17:53.0817 5888 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:17:53.0817 5888 Themes - ok

23:17:53.0848 5888 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:17:53.0848 5888 THREADORDER - ok

23:17:53.0864 5888 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:17:53.0864 5888 TrkWks - ok

23:17:53.0911 5888 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:17:53.0911 5888 TrustedInstaller - ok

23:17:53.0926 5888 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:17:53.0989 5888 tssecsrv - ok

23:17:54.0004 5888 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:17:54.0051 5888 TsUsbFlt - ok

23:17:54.0051 5888 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

23:17:54.0114 5888 TsUsbGD - ok

23:17:54.0129 5888 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:17:54.0129 5888 tunnel - ok

23:17:54.0145 5888 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

23:17:54.0145 5888 uagp35 - ok

23:17:54.0160 5888 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:17:54.0223 5888 udfs - ok

23:17:54.0254 5888 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:17:54.0254 5888 UI0Detect - ok

23:17:54.0270 5888 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:17:54.0270 5888 uliagpkx - ok

23:17:54.0285 5888 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:17:54.0332 5888 umbus - ok

23:17:54.0348 5888 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

23:17:54.0348 5888 UmPass - ok

23:17:54.0363 5888 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:17:54.0379 5888 upnphost - ok

23:17:54.0379 5888 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

23:17:54.0441 5888 USBAAPL64 - ok

23:17:54.0441 5888 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:17:54.0504 5888 usbccgp - ok

23:17:54.0504 5888 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:17:54.0504 5888 usbcir - ok

23:17:54.0519 5888 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:17:54.0566 5888 usbehci - ok

23:17:54.0582 5888 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys

23:17:54.0628 5888 usbfilter - ok

23:17:54.0644 5888 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:17:54.0706 5888 usbhub - ok

23:17:54.0706 5888 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

23:17:54.0753 5888 usbohci - ok

23:17:54.0769 5888 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:17:54.0784 5888 usbprint - ok

23:17:54.0800 5888 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:17:54.0816 5888 usbscan - ok

23:17:54.0816 5888 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:17:54.0878 5888 USBSTOR - ok

23:17:54.0878 5888 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

23:17:54.0925 5888 usbuhci - ok

23:17:54.0956 5888 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:17:54.0972 5888 UxSms - ok

23:17:54.0987 5888 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

23:17:54.0987 5888 VaultSvc - ok

23:17:54.0987 5888 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:17:54.0987 5888 vdrvroot - ok

23:17:55.0018 5888 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

23:17:55.0081 5888 vds - ok

23:17:55.0159 5888 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:17:55.0174 5888 vga - ok

23:17:55.0174 5888 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:17:55.0190 5888 VgaSave - ok

23:17:55.0190 5888 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:17:55.0252 5888 vhdmp - ok

23:17:55.0252 5888 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

23:17:55.0252 5888 viaide - ok

23:17:55.0268 5888 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:17:55.0362 5888 volmgr - ok

23:17:55.0362 5888 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:17:55.0362 5888 volmgrx - ok

23:17:55.0377 5888 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:17:55.0440 5888 volsnap - ok

23:17:55.0597 5888 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

23:17:55.0628 5888 vsmraid - ok

23:17:55.0799 5888 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

23:17:55.0955 5888 VSS - ok

23:17:55.0987 5888 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

23:17:55.0987 5888 vwifibus - ok

23:17:56.0065 5888 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

23:17:56.0065 5888 vwififlt - ok

23:17:56.0080 5888 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:17:56.0096 5888 W32Time - ok

23:17:56.0111 5888 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

23:17:56.0111 5888 WacomPen - ok

23:17:56.0205 5888 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe

23:17:56.0267 5888 WajamUpdater - ok

23:17:56.0330 5888 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:17:56.0392 5888 WANARP - ok

23:17:56.0392 5888 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:17:56.0392 5888 Wanarpv6 - ok

23:17:56.0643 5888 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:17:56.0955 5888 WatAdminSvc - ok

23:17:57.0204 5888 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

23:17:57.0282 5888 wbengine - ok

23:17:57.0423 5888 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:17:57.0454 5888 WbioSrvc - ok

23:17:57.0485 5888 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:17:57.0485 5888 wcncsvc - ok

23:17:57.0563 5888 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:17:57.0594 5888 WcsPlugInService - ok

23:17:57.0657 5888 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

23:17:57.0688 5888 Wd - ok

23:17:57.0844 5888 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:17:57.0906 5888 Wdf01000 - ok

23:17:57.0938 5888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:17:57.0938 5888 WdiServiceHost - ok

23:17:57.0938 5888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:17:57.0953 5888 WdiSystemHost - ok

23:17:57.0969 5888 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

23:17:58.0016 5888 WebClient - ok

23:17:58.0047 5888 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:17:58.0047 5888 Wecsvc - ok

23:17:58.0062 5888 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:17:58.0078 5888 wercplsupport - ok

23:17:58.0078 5888 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:17:58.0078 5888 WerSvc - ok

23:17:58.0094 5888 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:17:58.0094 5888 WfpLwf - ok

23:17:58.0094 5888 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:17:58.0094 5888 WIMMount - ok

23:17:58.0109 5888 WinDefend - ok

23:17:58.0140 5888 WinHttpAutoProxySvc - ok

23:17:58.0234 5888 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:17:58.0234 5888 Winmgmt - ok

23:17:58.0281 5888 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

23:17:58.0328 5888 WinRM - ok

23:17:58.0406 5888 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:17:58.0452 5888 WinUsb - ok

23:17:58.0499 5888 [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe

23:17:58.0577 5888 WLANBelkinService - ok

23:17:58.0686 5888 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:17:58.0702 5888 Wlansvc - ok

23:17:58.0827 5888 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

23:17:58.0874 5888 wlcrasvc - ok

23:17:59.0357 5888 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:17:59.0576 5888 wlidsvc - ok

23:17:59.0622 5888 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:17:59.0622 5888 WmiAcpi - ok

23:17:59.0638 5888 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:17:59.0654 5888 wmiApSrv - ok

23:17:59.0685 5888 WMPNetworkSvc - ok

23:18:00.0044 5888 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe

23:18:00.0122 5888 WMZuneComm - ok

23:18:00.0153 5888 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:18:00.0153 5888 WPCSvc - ok

23:18:00.0153 5888 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:18:00.0200 5888 WPDBusEnum - ok

23:18:00.0200 5888 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:18:00.0215 5888 ws2ifsl - ok

23:18:00.0231 5888 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

23:18:00.0231 5888 wscsvc - ok

23:18:00.0246 5888 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

23:18:00.0262 5888 WSDPrintDevice - ok

23:18:00.0262 5888 WSearch - ok

23:18:00.0309 5888 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

23:18:00.0324 5888 wuauserv - ok

23:18:00.0340 5888 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:18:00.0387 5888 WudfPf - ok

23:18:00.0418 5888 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:18:00.0465 5888 WUDFRd - ok

23:18:00.0512 5888 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:18:00.0543 5888 wudfsvc - ok

23:18:00.0574 5888 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

23:18:00.0574 5888 WwanSvc - ok

23:18:01.0058 5888 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

23:18:01.0338 5888 YahooAUService - ok

23:18:01.0697 5888 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe

23:18:01.0947 5888 ZuneNetworkSvc - ok

23:18:02.0009 5888 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe

23:18:02.0087 5888 ZuneWlanCfgSvc - ok

23:18:02.0103 5888 ================ Scan global ===============================

23:18:02.0134 5888 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:18:02.0165 5888 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

23:18:02.0212 5888 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

23:18:02.0243 5888 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:18:02.0243 5888 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:18:02.0259 5888 [Global] - ok

23:18:02.0259 5888 ================ Scan MBR ==================================

23:18:02.0274 5888 [ 889E8DD494A5F999E8E3EE601AACAA72 ] \Device\Harddisk0\DR0

23:18:02.0586 5888 \Device\Harddisk0\DR0 - ok

23:18:02.0586 5888 ================ Scan VBR ==================================

23:18:02.0586 5888 [ 735E54CA49AAAE24A0B1496776744C26 ] \Device\Harddisk0\DR0\Partition1

23:18:02.0586 5888 \Device\Harddisk0\DR0\Partition1 - ok

23:18:02.0618 5888 [ 8651C3D003D4A8BD696B0C66CD698C49 ] \Device\Harddisk0\DR0\Partition2

23:18:02.0618 5888 \Device\Harddisk0\DR0\Partition2 - ok

23:18:02.0649 5888 [ D2CD8F9C45D662548969D3544C681F16 ] \Device\Harddisk0\DR0\Partition3

23:18:02.0664 5888 \Device\Harddisk0\DR0\Partition3 - ok

23:18:02.0664 5888 ============================================================

23:18:02.0664 5888 Scan finished

23:18:02.0664 5888 ============================================================

23:18:02.0664 6052 Detected object count: 0

23:18:02.0664 6052 Actual detected object count: 0

23:18:34.0062 3192 Deinitialize success

HoserIN · June 28, 2013

==============MALWARE BYTES==================

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

Database version: v2013.06.26.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

BIG DADDY BROWN :: BIGDADDYBROWN [administrator]

6/27/2013 12:01:01 AM

mbar-log-2013-06-27 (00-01-01).txt

Scan type: Quick scan

Scan options disabled: PUP

Objects scanned: 239294

Time elapsed: 26 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16540

Java version: 1.6.0_32

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.800000 GHz

Memory total: 4025782272, free: 2157129728

Downloaded database version: v2013.06.26.07

Initializing...

------------ Kernel report ------------

06/26/2013 23:22:18

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\amd_sata.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\amd_xata.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\AtiPcie64.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\drivers\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\drivers\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\cfwids.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\nsi.dll

\Windows\System32\shell32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\lpk.dll

\Windows\System32\shlwapi.dll

\Windows\System32\wininet.dll

\Windows\System32\setupapi.dll

\Windows\System32\normaliz.dll

\Windows\System32\urlmon.dll

\Windows\System32\msctf.dll

\Windows\System32\ws2_32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\imm32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\usp10.dll

\Windows\System32\sechost.dll

\Windows\System32\oleaut32.dll

\Windows\System32\kernel32.dll

\Windows\System32\ole32.dll

\Windows\System32\psapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\difxapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\iertutil.dll

\Windows\System32\Wldap32.dll

\Windows\System32\user32.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\devobj.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\comctl32.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8004396060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000087\

Lower Device Object: 0xfffffa8004a50b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa80043a8060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000086\

Lower Device Object: 0xfffffa8004a4cb60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800439a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000085\

Lower Device Object: 0xfffffa8004a4fb60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8004397060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000084\

Lower Device Object: 0xfffffa8004a41b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8003dd3060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000005c\

Lower Device Object: 0xfffffa8003db2670

Lower Device Driver Name: \Driver\amd_sata\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8003dd3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8003dcbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8003dd3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8003dc3040, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa8003db2670, DeviceName: \Device\0000005c\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 6117AE5A

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 1441386496

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1441593344 Numsec = 23552000

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8004397060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004397b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004397060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004a51bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa8004a41b60, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa800439a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004a54b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800439a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004a4ebf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa8004a4fb60, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa80043a8060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004a569e0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80043a8060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004a55bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa8004a4cb60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8004396060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800439ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004396060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004a52bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa8004a50b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\

------------ End ----------

Infected: c:\Users\BIG DADDY BROWN\AppData\Local\Temp\B60B.tmp --> [HackTool.Wpakill]

Infected: c:\Users\BIG DADDY BROWN\AppData\Local\Temp\79EF.tmp --> [HackTool.Wpakill]

Infected: c:\Users\BIG DADDY BROWN\AppData\Local\Temp\8F58.tmp --> [HackTool.Wpakill]

Infected: c:\Users\BIG DADDY BROWN\AppData\Local\Temp\915.tmp --> [HackTool.Wpakill]

Infected: c:\Users\BIG DADDY BROWN\AppData\Local\Temp\926F.tmp --> [HackTool.Wpakill]

Infected: c:\Users\BIG DADDY BROWN\AppData\Local\Temp\944.tmp --> [HackTool.Wpakill]

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wabEventSupport16 --> [Trojan.Agent]

Scan finished

Creating System Restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16540

Java version: 1.6.0_32

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.800000 GHz

Memory total: 4025782272, free: 2884136960

Initializing...

------------ Kernel report ------------

06/27/2013 00:00:55

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\amd_sata.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\amd_xata.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\AtiPcie64.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\drivers\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\drivers\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\cfwids.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\psapi.dll

\Windows\System32\comdlg32.dll

\Windows\System32\setupapi.dll

\Windows\System32\user32.dll

\Windows\System32\sechost.dll

\Windows\System32\clbcatq.dll

\Windows\System32\usp10.dll

\Windows\System32\wininet.dll

\Windows\System32\oleaut32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\iertutil.dll

\Windows\System32\normaliz.dll

\Windows\System32\difxapi.dll

\Windows\System32\imm32.dll

\Windows\System32\urlmon.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa80043d1060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000088\

Lower Device Object: 0xfffffa80043cc060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa80043cb790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000087\

Lower Device Object: 0xfffffa80043c98d0

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa80043d0060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000086\

Lower Device Object: 0xfffffa80043c9060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80043cd790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000085\

Lower Device Object: 0xfffffa80043b7480

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8003db7060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000005d\

Lower Device Object: 0xfffffa8003da59c0

Lower Device Driver Name: \Driver\amd_sata\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8003db7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8003db7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8003db7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80036efac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa8003da59c0, DeviceName: \Device\0000005d\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 6117AE5A

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 1441386496

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1441593344 Numsec = 23552000

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa80043cd790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80043d0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80043cd790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80043ce040, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa80043b7480, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa80043d0060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80043cc860, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80043d0060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80043cebf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa80043c9060, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa80043cb790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80043cf690, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80043cb790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80043ce7a0, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa80043c98d0, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa80043d1060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80049852f0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80043d1060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80043cf040, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa80043cc060, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\

------------ End ----------

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

====================COMBO FIX==========================

ComboFix 13-06-27.02 - BIG DADDY BROWN 06/27/2013 19:34:02.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2624 [GMT -4:00]

Running from: c:\users\BIG DADDY BROWN\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\DefaultTab

c:\program files (x86)\DefaultTab\DefaultTab.crx

c:\program files (x86)\DefaultTab\DefaultTabSearch.exe

c:\program files (x86)\DefaultTab\uid

c:\programdata\Microsoft\Windows\DRM\5CFC.tmp

c:\programdata\Microsoft\Windows\DRM\5EC3.tmp

c:\programdata\Microsoft\Windows\DRM\7123.tmp

c:\programdata\Microsoft\Windows\DRM\8462.tmp

c:\programdata\Microsoft\Windows\DRM\903A.tmp

c:\programdata\Microsoft\Windows\DRM\9C7D.tmp

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\addon.ico

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DT.ico

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\search_ie.ico

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_DefaultTabSearch

-------\Service_DefaultTabUpdate

.

((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-28 )))))))))))))))))))))))))))))))

.

2013-06-28 00:13 . 2013-06-28 00:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-27 07:02 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-06-27 03:21 . 2013-06-27 03:21 -------- d-----w- c:\programdata\Malwarebytes

2013-06-27 03:18 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-06-27 03:17 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-06-27 02:28 . 2013-06-27 02:28 -------- d-----w- c:\programdata\Recovery

2013-06-27 02:19 . 2013-06-27 02:19 -------- d-----w- C:\FRST

2013-06-13 23:31 . 2013-06-13 23:31 -------- d-----w- c:\users\BIG DADDY BROWN\AppData\Roaming\RealNetworks

2013-06-12 14:05 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-06-11 02:38 . 2013-06-27 04:46 -------- d-----w- c:\users\BIG DADDY BROWN\AppData\Roaming\wabEventSupport16

2013-06-08 13:28 . 2013-06-27 04:46 -------- d-----w- c:\users\BIG DADDY BROWN\AppData\Local\Visan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-27 05:03 . 2012-04-05 02:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 05:03 . 2012-04-05 02:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-13 05:49 . 2013-06-27 03:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-06-27 03:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-06-27 03:19 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-06-27 03:19 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-06-27 03:20 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-06-27 03:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 17:26 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-11 14:22 . 2012-10-31 20:10 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll

2013-04-11 14:22 . 2012-10-31 20:10 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2013-04-04 09:36 . 2012-05-29 17:13 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-04-04 09:35 . 2012-05-29 17:13 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0297a026-3011-46d3-ad62-bb9a7612aea7}]

2013-01-19 23:09 707728 ----a-w- c:\progra~2\COUPON~2\bar\1.bin\5zbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}]

2013-05-07 18:59 742280 ----a-w- c:\program files (x86)\Solid Savings\Solid Savings-bho.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6e47d688-85ec-465a-9946-ec58220f14fc}]

2012-09-24 22:12 89288 ----a-w- c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7d69ed06-0171-4379-9528-08df51092727}]

2013-01-19 23:09 62864 ----a-w- c:\program files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2013-01-10 22:05 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{6e47d688-85ec-465a-9946-ec58220f14fc}"= "c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-09-24 89288]

"{65c72339-fb1d-4155-84e1-9afacee02d6f}"= "c:\program files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll" [2013-01-19 707728]

.

[HKEY_CLASSES_ROOT\clsid\{6e47d688-85ec-465a-9946-ec58220f14fc}]

.

[HKEY_CLASSES_ROOT\clsid\{65c72339-fb1d-4155-84e1-9afacee02d6f}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-21 39408]

"SearchProtect"="c:\users\BIG DADDY BROWN\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-28 296096]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800]

"CouponXplorer Search Scope Monitor"="c:\progra~2\COUPON~2\bar\1.bin\5zsrchmn.exe" [2013-01-19 42536]

"CouponXplorer_5z Browser Plugin Loader"="c:\progra~2\COUPON~2\bar\1.bin\5zbrmon.exe" [2013-01-19 30096]

"OtShot"="c:\program files (x86)\OtShot\otshot.exe" [2012-10-18 4386816]

"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Belkin USB Wireless Adaptor Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [x]

R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]

S2 CouponXplorer_5zService;CouponXplorerService;c:\progra~2\COUPON~2\bar\1.bin\5zbarsvc.exe;c:\progra~2\COUPON~2\bar\1.bin\5zbarsvc.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-27 08:39 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 05:03]

.

2013-06-27 c:\windows\Tasks\HPCeeScheduleForBIG DADDY BROWN.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2013-06-27 c:\windows\Tasks\HPCeeScheduleForBIGDADDYBROWN$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\BEARSH~1\Mediabar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\Mediabar\Datamngr\x64\IEBHO.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

Toolbar-10 - (no file)

Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

Wow6432Node-HKLM-Run-ShopAtHomeWatcher - c:\users\BIG DADDY BROWN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-10 - (no file)

AddRemove-DefaultTab - c:\users\BIG DADDY BROWN\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

AddRemove-Applet - c:\windows\system32\javaws.exe

AddRemove-Critical Security Update - c:\windows\system32\javaws.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Google\Update\GoogleUpdate.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2013-06-27 20:56:57 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-28 00:56

.

Pre-Run: 674,850,041,856 bytes free

Post-Run: 677,627,265,024 bytes free

.

- - End Of File - - 5C804ADD15928C942B48865316456EAB

889E8DD494A5F999E8E3EE601AACAA72

======================SECURITY CHECK=========================

Results of screen317's Security Check version 0.99.68

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 32

Java 7 Update 21

Java SE Runtime Environment 6 Update 1

Java version out of Date!

Adobe Flash Player 11.7.700.224

Adobe Reader 10.1.7 Adobe Reader out of Date!

Google Chrome 26.0.1410.64

Google Chrome 27.0.1453.116

````````Process Check: objlist.exe by Laurent````````

Symantec Norton Online Backup NOBuAgent.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

D-FRED-BROWN · June 28, 2013

Things look a whole lot better. Let's run some more scans to verify there isn't anything left:

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
Save it to your desktop.
Double click on the OTL icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the Run Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

HoserIN · June 28, 2013

Here are the logs. I think we are looking good. Unless you see anything, I'm willing to call this one cleaned. Thanks again for your assistance. It's greatly appreciated!

# AdwCleaner v2.303 - Logfile created 06/27/2013 at 21:40:06

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : BIG DADDY BROWN - BIGDADDYBROWN

# Boot Mode : Normal

# Running from : C:\Users\BIG DADDY BROWN\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Found : C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Found : C:\Users\Public\Desktop\eBay.lnk

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\CouponXplorer_5z

Folder Found : C:\Program Files (x86)\Yontoo

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\BIG DADDY BROWN\AppData\Local\APN

Folder Found : C:\Users\BIG DADDY BROWN\AppData\Local\Conduit

Folder Found : C:\Users\BIG DADDY BROWN\AppData\Local\CouponXplorer_5z

Folder Found : C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb

Folder Found : C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

Folder Found : C:\Users\BIG DADDY BROWN\AppData\Local\PackageAware

Folder Found : C:\Users\BIG DADDY BROWN\AppData\LocalLow\Conduit

Folder Found : C:\Users\BIG DADDY BROWN\AppData\LocalLow\CouponXplorer_5z

Folder Found : C:\Users\BIG DADDY BROWN\AppData\Roaming\Babylon

Folder Found : C:\Users\BIG DADDY BROWN\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Default Tab

Key Found : HKCU\Software\DefaultTab

Key Found : HKCU\Software\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443D-956C-DC523D85C9DB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\PIP

Key Found : HKCU\Software\SearchProtect

Key Found : HKCU\Software\5348c8cb76de414

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3286042

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\Software\DefaultTab

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\PIP

Key Found : HKLM\SOFTWARE\Wow6432Node\5348c8cb76de414

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKU\S-1-5-21-100259841-2767529115-2873064833-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKU\S-1-5-21-100259841-2767529115-2873064833-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

Key Found : HKU\S-1-5-21-100259841-2767529115-2873064833-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKU\S-1-5-21-100259841-2767529115-2873064833-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9B138BF3-1D40-4E7E-84BB-2975198AD938}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.31] : keyword = "search.conduit.com",

*************************

AdwCleaner[R1].txt - [12590 octets] - [27/06/2013 21:40:06]

########## EOF - C:\AdwCleaner[R1].txt - [12651 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by BIG DADDY BROWN on Thu 06/27/2013 at 21:43:42.10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\browserconnection.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3286042

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3A2EF866-F69A-49EB-BD9E-E548C41BFA53}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{80B3C927-8493-4604-8742-A0BF41DF5DA4}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB6D9427-FE29-4E30-8D96-8B3711D9CCD8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2F4F07A-3938-4E31-8A5B-03CAAD1DDD83}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB6D9427-FE29-4E30-8D96-8B3711D9CCD8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

Successfully deleted: [File] "C:\end"

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\BIG DADDY BROWN\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\BIG DADDY BROWN\AppData\Roaming\defaulttab"

Successfully deleted: [Folder] "C:\Users\BIG DADDY BROWN\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\BIG DADDY BROWN\appdata\local\couponxplorer_5z"

Successfully deleted: [Folder] "C:\Users\BIG DADDY BROWN\appdata\local\iac"

Successfully deleted: [Folder] "C:\Users\BIG DADDY BROWN\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\BIG DADDY BROWN\appdata\locallow\couponxplorer_5z"

Successfully deleted: [Folder] "C:\Program Files (x86)\24x7help"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

Failed to delete: [Folder] "C:\Program Files (x86)\couponxplorer_5z"

Successfully deleted: [Folder] "C:\Program Files (x86)\otshot"

Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\BIG DADDY BROWN\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 06/27/2013 at 21:49:35.04

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 6/27/2013 9:52:03 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BIG DADDY BROWN\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 63.98% Memory free

7.50 Gb Paging File | 5.35 Gb Available in Paging File | 71.43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 687.31 Gb Total Space | 642.20 Gb Free Space | 93.44% Space Free | Partition Type: NTFS

Drive D: | 11.23 Gb Total Space | 1.37 Gb Free Space | 12.22% Space Free | Partition Type: NTFS

Drive E: | 1.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BIGDADDYBROWN | User Name: BIG DADDY BROWN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/27 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BIG DADDY BROWN\Desktop\OTL.exe

PRC - [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/05/22 10:30:52 | 000,661,360 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

PRC - [2013/01/19 19:09:42 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe

PRC - [2013/01/19 19:09:42 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe

PRC - [2012/11/05 04:50:12 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

PRC - [2012/10/27 22:33:02 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/02/01 04:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2009/11/25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe

PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll

MOD - [2013/06/14 21:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll

MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll

MOD - [2013/06/14 21:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll

MOD - [2013/06/14 21:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll

MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll

MOD - [2012/11/05 04:50:12 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

MOD - [2012/08/06 05:54:24 | 009,843,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll

MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll

MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll

MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll

MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll

MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll

MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll

MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll

MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll

MOD - [2009/11/25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe

MOD - [2009/09/15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2011/10/13 16:44:36 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/06/27 01:03:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)

SRV - [2013/01/19 19:09:42 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe -- (CouponXplorer_5zService)

SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/02/01 04:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/04/20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/03/04 20:44:57 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/28 15:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/04 09:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/11/04 09:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)

DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/11/06 16:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2200774540594461&q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{BB6D9427-FE29-4E30-8D96-8B3711D9CCD8}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {3A2EF866-F69A-49EB-BD9E-E548C41BFA53}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2200774540594461&q={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\URLSearchHook: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - No CLSID value found

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\SearchScopes,DefaultScope = {3A2EF866-F69A-49EB-BD9E-E548C41BFA53}

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS467

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2200774540594461&q={searchTerms}

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\BIG DADDY BROWN\AppData\Local\Roblox\Versions\version-7b3d65c79aa445d1\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\BIG DADDY BROWN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/27 03:27:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/27 00:58:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5zffxtbr@CouponXplorer_5z.com: C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin [2013/06/27 21:47:26 | 000,000,000 | ---D | M]

[2013/01/19 19:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)

CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN11223165172854717&ctid=CT3286042&UM=2

CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN11223165172854717&UM=2

CHR - homepage: http://search.conduit.com/?ctid=CT3286042&SearchSource=48&CUI=UN11223165172854717&UM=2

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\BIG DADDY BROWN\AppData\Local\Roblox\Versions\version-7b3d65c79aa445d1\\NPRobloxProxy.dll

CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: SiteAdvisor = C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\

CHR - Extension: KeyBar 1.8 = C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.16.4.512_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: FastestChrome - Browse Faster = C:\Users\BIG DADDY BROWN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.9_0\

O1 HOSTS File: ([2013/06/27 20:34:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Toolbar BHO) - {0297a026-3011-46d3-ad62-bb9a7612aea7} - C:\PROGRA~2\COUPON~2\bar\1.bin\5zbar.dll File not found

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Search Assistant BHO) - {7d69ed06-0171-4379-9528-08df51092727} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll File not found

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (CouponXplorer) - {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CouponXplorer Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /h File not found

O4 - HKLM..\Run: [CouponXplorer_5z Browser Plugin Loader] C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe (VER_COMPANY_NAME)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\RunOnce: [removeBearSharedatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\BearShare Applications\Mediabar" File not found

O4 - HKLM..\RunOnce: [spUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-100259841-2767529115-2873064833-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.21.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61E841B5-5714-4002-9800-D39A7E25CE31}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE614125-803C-4D23-8487-E830CFDE93C0}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/27 21:51:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BIG DADDY BROWN\Desktop\OTL.exe

[2013/06/27 21:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2013/06/27 21:43:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/06/27 21:43:26 | 000,000,000 | ---D | C] -- C:\JRT

[2013/06/27 21:42:49 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\BIG DADDY BROWN\Desktop\JRT.exe

[2013/06/27 21:32:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/27 21:30:41 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/06/27 21:30:22 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2013/06/27 20:57:40 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/06/27 18:58:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/06/27 03:03:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/06/27 03:03:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/06/27 03:03:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/06/27 03:03:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/06/27 03:03:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/06/27 03:03:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/06/27 03:03:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/06/27 03:03:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/06/27 03:03:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/06/27 03:03:30 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/06/27 03:03:30 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/06/27 03:03:30 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/06/27 03:03:29 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/06/27 03:02:28 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/27 03:02:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/06/26 23:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/06/26 23:20:10 | 000,000,000 | ---D | C] -- C:\Users\BIG DADDY BROWN\Desktop\mbar-1.06.0.1004

[2013/06/26 23:19:48 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/06/26 23:19:48 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/06/26 23:19:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/06/26 23:19:32 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/06/26 23:19:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/06/26 23:19:31 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/06/26 23:19:30 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/06/26 23:19:11 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/06/26 23:19:10 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/06/26 23:18:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll

[2013/06/26 23:18:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013/06/26 23:18:36 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/06/26 23:18:26 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe

[2013/06/26 23:18:25 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/06/26 23:18:25 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe

[2013/06/26 23:18:25 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/06/26 23:18:24 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll

[2013/06/26 23:18:24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll

[2013/06/26 23:17:29 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/06/26 22:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery

[2013/06/26 22:19:22 | 000,000,000 | ---D | C] -- C:\FRST

[2013/06/13 19:31:04 | 000,000,000 | ---D | C] -- C:\Users\BIG DADDY BROWN\AppData\Roaming\RealNetworks

[2013/06/12 10:05:57 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/06/10 22:38:27 | 000,000,000 | ---D | C] -- C:\Users\BIG DADDY BROWN\AppData\Roaming\wabEventSupport16

[2013/06/08 09:28:44 | 000,000,000 | ---D | C] -- C:\Users\BIG DADDY BROWN\AppData\Local\Visan

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/27 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BIG DADDY BROWN\Desktop\OTL.exe

[2013/06/27 21:47:09 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk

[2013/06/27 21:42:50 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\BIG DADDY BROWN\Desktop\JRT.exe

[2013/06/27 21:38:58 | 000,648,201 | ---- | M] () -- C:\Users\BIG DADDY BROWN\Desktop\AdwCleaner.exe

[2013/06/27 21:16:31 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/27 21:16:31 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/27 21:14:29 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/06/27 21:14:29 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/06/27 21:14:29 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/06/27 21:07:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2013/06/27 21:07:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/27 21:07:07 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/27 21:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/27 20:34:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/06/27 04:39:40 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/06/27 04:23:06 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBIGDADDYBROWN$.job

[2013/06/27 03:28:10 | 000,277,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/06/27 01:03:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/06/27 01:03:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/06/26 23:57:32 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBIG DADDY BROWN.job

[2013/06/21 16:09:24 | 000,001,604 | ---- | M] () -- C:\Users\BIG DADDY BROWN\Desktop\Sign In - DIRECTV.url

[2013/06/11 20:33:05 | 000,001,196 | ---- | M] () -- C:\Users\BIG DADDY BROWN\Desktop\Minecraft.url

[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/27 21:38:44 | 000,648,201 | ---- | C] () -- C:\Users\BIG DADDY BROWN\Desktop\AdwCleaner.exe

[2013/06/26 23:31:52 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBIG DADDY BROWN.job

[2013/06/21 16:09:24 | 000,001,604 | ---- | C] () -- C:\Users\BIG DADDY BROWN\Desktop\Sign In - DIRECTV.url

[2013/06/11 20:33:05 | 000,001,196 | ---- | C] () -- C:\Users\BIG DADDY BROWN\Desktop\Minecraft.url

[2013/05/07 15:01:01 | 000,000,258 | RHS- | C] () -- C:\Users\BIG DADDY BROWN\ntuser.pol

[2012/12/30 14:30:39 | 000,000,580 | ---- | C] () -- C:\Users\BIG DADDY BROWN\AppData\Local\cookies.ini

[2012/11/21 15:43:52 | 000,033,134 | ---- | C] () -- C:\Users\BIG DADDY BROWN\AppData\Roaming\UserTile.png

[2012/10/24 15:40:49 | 000,003,584 | ---- | C] () -- C:\Users\BIG DADDY BROWN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/13 16:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/10/13 16:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

========== ZeroAccess Check ==========

[2013/06/26 23:30:33 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

HoserIN · June 28, 2013

OTL Extras logfile created on: 6/27/2013 9:52:03 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BIG DADDY BROWN\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 63.98% Memory free

7.50 Gb Paging File | 5.35 Gb Available in Paging File | 71.43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 687.31 Gb Total Space | 642.20 Gb Free Space | 93.44% Space Free | Partition Type: NTFS

Drive D: | 11.23 Gb Total Space | 1.37 Gb Free Space | 12.22% Space Free | Partition Type: NTFS

Drive E: | 1.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BIGDADDYBROWN | User Name: BIG DADDY BROWN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A716D5B-465C-46CC-A5DC-C95B8E91ED16}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0C634563-56D1-4B44-9FE7-63FE365E1F59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{16A3D976-B6E1-4523-B3BA-E7E229D2B095}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{16EDCA3C-FD23-4335-A50D-0271EE4227F4}" = rport=10243 | protocol=6 | dir=out | app=system |

"{190106D9-CF91-4D75-BA81-D0E1B67DFC41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{194A270F-5114-414C-B38D-B66AA92D58C7}" = lport=445 | protocol=6 | dir=in | app=system |

"{1A108352-EC0A-499E-ACCC-E1F23607325B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{1A27CF76-32DD-4C6C-9BDE-19BFA7603394}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1B089E62-7BCC-46D1-8308-30C67B7C79DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{21C15090-B956-45BE-A6B9-AFA8D84D36E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{21C90320-C54C-4331-B85B-88092501C820}" = rport=138 | protocol=17 | dir=out | app=system |

"{2612EB33-AA16-4654-9A4A-0C082573432C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{37D6EB03-03EF-483D-9C0E-BF00A95BD0BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{3D00CA85-8EBC-498A-89FB-5D659047B74D}" = lport=139 | protocol=6 | dir=in | app=system |

"{45106A51-3534-4EBE-9AFB-B55C9232A471}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{47964ADA-C741-4978-AF49-314D1C579560}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{545A8837-5870-4FD6-BB57-612F274F0745}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6164D3D3-174B-4FA6-A89C-213B55323AF1}" = lport=138 | protocol=17 | dir=in | app=system |

"{61B86364-237E-4FD7-B881-3903CE112140}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6A560661-747F-4670-B3CF-2D5E116CB883}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{738168EC-6F05-48A2-85AB-A6AD3AA08019}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7D2B1820-E086-4C64-AC67-BF84647665A4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7F8A6F60-42A3-4D52-B8D6-E7777C6F4B9C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{81954EA5-8AFC-49F7-B82D-D7E0C7ACBB20}" = lport=137 | protocol=17 | dir=in | app=system |

"{82E08204-0AF9-492C-BC21-D2752160922C}" = rport=139 | protocol=6 | dir=out | app=system |

"{8620C4E0-CC5B-4C63-8D1D-E118CE6AEE3A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{9C9CF5F1-E90C-4ED4-8B6F-81AB3E1A3857}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |

"{9E109059-449B-4571-9EB5-706391F013A0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A8CD6A1B-B90E-44E2-A796-3A3F984077F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A9F07483-F745-411C-AF41-8E2440F25FA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B17777D9-6B87-429F-86C9-2E0755424FA9}" = rport=137 | protocol=17 | dir=out | app=system |

"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{B3992DD9-0980-4EB7-8DA2-7C00DAF2F6DE}" = rport=445 | protocol=6 | dir=out | app=system |

"{C68BF8A5-7F48-4761-AAC5-B77550B0137C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D6CDD71D-FA78-4CE7-8CE9-16E2927C5471}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E4846AD1-A503-4917-91E1-1A72E22DC57E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E7AE0AA6-7311-40ED-A539-0C2D89C31406}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F60E5FB9-372E-4557-A221-1BF085D8E9C4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FB4E3C88-F3DA-4753-8A4E-384DD5B80B78}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00BA7FCC-0BE1-42BF-90F5-4EFAE78FA256}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |

"{00D1B44C-9E5B-4A13-B3C3-A03095A927F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{014588F8-685F-4990-B547-043C9FF44260}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\srtool~1\dtuser.exe |

"{04B00342-826F-4F8C-A1A2-154D0714D003}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |

"{06BA87F2-D9E9-4E6D-B4FD-91DC0C99F01A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{09C26F7D-3321-40B3-B60E-429802F21FDB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |

"{0FD5B645-C480-4A7F-AC72-6F05D019B3DD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{10932451-86D4-4100-8778-9C0CDBDCF2E9}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{164DAA39-1AD7-4925-B492-A6E81077CA8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{268C5D05-A349-401C-B0BB-015AB1532B25}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{290444F5-EE59-4119-AA97-9320F5F45CE2}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |

"{2C15778A-08B5-4659-A795-185D9B97B5C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2D662708-2638-4EB6-9415-60B7D6D4B290}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{30E86DAC-8D9B-40CB-BF1E-5D598E0CDC85}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |

"{3264C13F-C698-488A-A768-70475D8BEFC8}" = protocol=6 | dir=out | app=system |

"{33D5EEAB-612E-46BD-94BE-546232B49880}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{414FF69E-3A35-41C2-BD14-58D6135EA191}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{41DC6E2D-FEF9-4AB6-9AD8-5891652CB18B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{42E23808-D7B6-4151-A5F6-408A5D14DD04}" = protocol=58 | dir=in | app=system |

"{4D3749CD-645B-414F-9D72-3642F7996C4B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{4E57D981-269B-4653-B0BD-40BC2C18F1B3}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{516251B0-B432-443B-A98F-DF7790342F53}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |

"{51A6D18D-34A5-458B-BBDE-17667AE1ED4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5223D8C8-4E8F-48F7-A956-B8D8CD8E69EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5E5A732B-221B-4006-9DC5-005C27B1CC96}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\srtool~1\dtuser.exe |

"{5EA006F5-0ABD-4047-BCF3-46BAF84960A8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{6F8A480A-2148-4C7C-9E96-76409DBB28C7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{76FDEF8A-E32C-4001-ABA9-A0D71DBDA217}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7836AFBB-433F-49C9-95DA-A8B83C120379}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7A75B44A-A00C-41B9-96D3-8AD2C7DCE424}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |

"{7AD8906D-A7D8-41E8-920B-BBD58105AB21}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{7CF19AD1-D74E-4E75-84F9-8F9F58D18ADA}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

"{8230D3DE-2F0F-4106-B1BF-88B5457B3EDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{84E64066-A56A-44DB-8533-AB36B66FB6CD}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |

"{853B3346-1081-425F-9582-DC1CE412ABA8}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{8F45A5B4-8DC4-443E-8DC5-02F8B48FAFA2}" = protocol=6 | dir=out | app=system |

"{93D1CF73-CFB5-4C86-AE2A-56014F582C07}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |

"{99EFC74B-E5B6-4659-93CF-BA157A35F3AB}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{9E86FF9D-1E25-4E9D-88FB-31EA0F453C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |

"{A2098C78-AA5E-4138-80B0-A2A15BB72EAA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{A3DD6BEB-6755-4C52-87BA-6938CCCEE7FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A98D41CB-BBB1-4C38-84B2-DC3BE9E5921E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{AEEA5680-B64F-4EE3-990D-4590EDDBE6B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B1512724-E259-46FC-B4C2-2590093F6FFB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{B16BD613-22EF-4BD4-B61E-91D056BAA8C7}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |

"{B2EF8BF6-07F4-4F8A-9712-0C5C165C0D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |

"{B36E370F-69B8-490B-B734-6ACFBE30D995}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B5D27005-3330-4048-82A5-83C9C9D8C8E5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{BBFDADCF-BCC7-48A4-ADFB-12E38DF44D91}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C02E63B0-0CEC-47AC-B57A-9B699D39D5C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C52C579E-9227-4CFC-A480-009EA9B7C445}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{CEB4906E-66C3-4983-8102-4956F2736840}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D2E6879E-CE19-47DF-AA4A-9F29D5B0DEA5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{DF5FD73A-7B96-485C-B8BA-EE8E4F51B13D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E3ABCE9A-09C1-40B0-B127-AD355AAA69A8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{E8B6004A-3F25-4495-8945-DFFAD66DEE38}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{EE3438A3-B539-4CD2-A611-959057AB082A}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{F7DCD211-3BF3-4DA0-BD16-6220926906BF}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |

"{FBB5FC59-970D-426C-9A78-B2EA790E645E}" = protocol=6 | dir=out | app=system |

"{FD7122E1-8857-4FD7-8D11-89CE9DD01D72}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D33EC42-4787-56CD-8137-95D8418FFEE8}" = AMD Problem Report Wizard

"{217428D1-0614-4CF0-2A11-D7D56BB8CCDE}" = AMD Fuel

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{6F483F38-6162-7606-1D0B-054852C8E011}" = AMD Catalyst Install Manager

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{7BB73073-D580-213A-E05E-7B5714364F66}" = ccc-utility64

"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{860B418B-F90B-465A-BC1D-04B518045C72}" = HP Deskjet 3050 J610 series Product Improvement Study

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{0FBFA28A-C373-53BD-C553-58D6F6553D92}" = CCC Help Hungarian

"{11E875AA-DF42-811E-96D9-5054A5A474B5}" = CCC Help English

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1E4062A9-EC7A-A6E9-348E-58B30D6EEADA}" = CCC Help Spanish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F01D33E-6FDF-2A63-8AD9-CBDC4735E80D}" = CCC Help Danish

"{50BFCE80-042B-E53F-05EF-ACA0CC16A0DF}" = Catalyst Control Center Graphics Previews Common

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5932BF1B-BD27-D808-7D5C-B9C0CD9063B3}" = AMD VISION Engine Control Center

"{597D764C-00A1-B174-33C2-93C9A4E73E21}" = CCC Help Russian

"{59BF122E-4B7D-C1E7-EED3-8DF7E4DAD238}" = Catalyst Control Center Localization All

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{6446F083-76CD-553B-8261-0E1297A7214C}" = CCC Help Finnish

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6C4AD4F5-8560-4F1E-BC0C-7A883B695F6E}" = CCC Help Swedish

"{6E016C56-820F-4B2D-A36F-34CCADF90C16}" = Belkin USB Wireless Adaptor

"{6E594B4E-D394-BDEE-E9FF-4E6EBC30FB3A}" = CCC Help Greek

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{722D6A37-C815-1945-1EE8-091348F3D388}" = CCC Help Chinese Standard

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{768A7F56-650B-F84F-DF95-EB1926AB5A8F}" = CCC Help Portuguese

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{82159924-85AB-EF31-6A3B-862897A4CD20}" = Catalyst Control Center InstallProxy

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8A368DA6-3814-A344-BB1E-C8EB69B865B6}" = CCC Help Chinese Traditional

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{90BA5BAB-4108-5CC7-8421-00EEAD6D51DF}" = CCC Help Czech

"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader

"{91E8293B-C357-D092-8CCB-E19DA083D86C}" = CCC Help Turkish

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9D7E098D-5693-D2F9-BBE5-4F5A56032FB4}" = CCC Help Thai

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A1BBB15D-7A76-A03F-1593-8237E0BC0F63}" = CCC Help French

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)

"{ACA45C32-8432-2058-BE80-006E7908D804}" = CCC Help Italian

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B199030E-1082-F3BF-2BB9-0080D72876BD}" = CCC Help Dutch

"{B7B3C4FA-98FE-FEC7-073E-00677B8F0978}" = CCC Help Norwegian

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}" = Extreme Flash Player

"{BB760C1D-98F4-4E38-8CC4-3B67329AA981}" = HP MediaSmart/TouchSmart Netflix

"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D42498FB-9561-9575-C2AC-766F737F4ACF}" = CCC Help Japanese

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE159A8E-3D90-4E91-8906-D078CCAE4DED}" = Catalyst Control Center - Branding

"{DE89F007-B75E-368D-47D2-ADE9AF616261}" = HydraVision

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{EE7DF38A-750E-FF7E-44FB-6335009442CB}" = CCC Help Polish

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F62C60A3-2E8A-8108-2F87-5CDD5A4E3162}" = CCC Help Korean

"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help

"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FFCF34B9-A0B1-2E2B-7D7E-8FAB4A781CC9}" = CCC Help German

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"CouponXplorer_5zbar Uninstall" = CouponXplorer Toolbar

"DefaultTab" = DefaultTab

"Google Chrome" = Google Chrome

"HP Photo Creations" = HP Photo Creations

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}" = Belkin USB Wireless Adaptor

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"Kobo" = Kobo

"McAfee Security Scan" = McAfee Security Scan Plus

"MP3 Rocket" = MP3 Rocket

"MSC" = McAfee SecurityCenter

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"PDF Complete" = PDF Complete Special Edition

"RealPlayer 15.0" = RealPlayer

"VTechDownloadManager" = Learning Lodge Navigator

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WT087328" = Blackhawk Striker 2

"WT087330" = Bounce Symphony

"WT087335" = Build-a-lot 2

"WT087343" = Dora's World Adventure

"WT087393" = Mah Jong Medley

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087415" = Wheel of Fortune 2

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089307" = Virtual Villagers 4 - The Tree of Life

"WT089308" = Blasterball 3

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

"WT089362" = Agatha Christie - Peril at End House

"WT089453" = Bejeweled 2 Deluxe

"WT089454" = Chuzzle Deluxe

"WT089455" = Zuma Deluxe

"WT089457" = Slingo Supreme

"WT089458" = Plants vs. Zombies - Game of the Year

"WT089470" = FATE - The Traitor Soul

"WT089484" = Namco All-Stars PAC-MAN

"WT089496" = Mystery P.I. - Stolen in San Francisco

"WT089498" = Bejeweled 3

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-100259841-2767529115-2873064833-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for BIG DADDY BROWN

"HuluDesktop" = Hulu Desktop

"UnityWebPlayer" = Unity Web Player

"Video Converter" = Video Converter

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]

Error - 6/4/2012 3:13:37 PM | Computer Name = BIGDADDYBROWN | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 8/6/2012 4:03:04 PM | Computer Name = BIGDADDYBROWN | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0] Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown

or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 20 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage)

Error - 8/6/2012 4:03:23 PM | Computer Name = BIGDADDYBROWN | Source = HPSF.exe | ID = 4000

Description =

Error - 8/13/2012 3:26:42 PM | Computer Name = BIGDADDYBROWN | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean

isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:

at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean

isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3839

Ram

Utilization: 20 TargetSite: Void loadXML()

Error - 8/20/2012 3:45:58 PM | Computer Name = BIGDADDYBROWN | Source = HPSF.exe | ID = 4000