WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Blekko infection...or? [Solved]

Started by springerider , May 17 2012 03:13 PM

This topic is locked

22 replies to this topic

#1 springerider

Authentic Member

Authentic Member
22 posts

Posted 17 May 2012 - 03:13 PM

I've searched high and low to find this toolbar, the only symptoms are a redirection of my homepage to the Blekko search page...so far! I Downloaded OTL and am pasting/posting both notepad files below. The irony is that I got this from Cnet downloading an update to my antivirus!!!

I appreciate your help!!!

John

OTL logfile created on: 5/17/2012 4:44:56 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\John-Sandi 1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.61% Memory free
15.99 Gb Paging File | 12.80 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 857.59 Gb Free Space | 92.06% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 931.02 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: JOHN-SANDI1-PC | User Name: John-Sandi 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John-Sandi 1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\John-Sandi 1\AppData\Local\Temp\63c5c4bd-eaf6-42a8-96a0-7cf728f69de9.exe (Lavasoft Limited)
PRC - C:\Users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()
MOD - C:\Program Files (x86)\LaCie\Genie Backup Assistant\gs_encryption.dll ()
MOD - C:\Program Files (x86)\LaCie\Genie Backup Assistant\GSLogging.dll ()
MOD - C:\Program Files (x86)\Vtune\TBMANAGE.DLL ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows ® Server 2003 DDK provider)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 B2 45 7B 38 23 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E66F2FCE-5E45-48E2-ABE4-DA04163E15B9}: "URL" = http://search.avg.co...m...y=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.yahoo....ntl=us&.src=ym"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 15:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]

[2011/03/05 11:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Extensions
[2012/05/17 07:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions
[2012/04/21 06:33:22 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/05/17 07:06:57 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/05/17 07:06:59 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/05/15 12:37:01 | 000,005,472 | ---- | M] () -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\searchplugins\startpage-https.xml
[2012/03/15 18:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/31 15:46:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/07/27 12:41:28 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2011/09/09 07:22:40 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2012/03/08 17:01:32 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012/05/10 19:17:31 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/05 09:28:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/22 06:30:28 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011/09/09 07:18:42 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2012/02/01 10:43:34 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/04/27 06:47:00 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/09 21:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/09 21:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/06 19:15:07 | 000,442,891 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15215 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKCU..\Run: [SkyDrive] C:\Users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B7E865-2EF3-446B-BC3C-9143C51800FE}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/12 07:56:09 | 000,000,033 | -HS- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 16:42:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/05/17 07:07:09 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\AppData\Local\adawarebp
[2012/05/17 07:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/05/17 07:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/05/17 07:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/05/17 07:05:18 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\AppData\Roaming\Ad-Aware Antivirus
[2012/05/17 06:43:10 | 006,236,280 | ---- | C] (Lavasoft Limited) -- C:\Users\John-Sandi 1\Desktop\Adaware_Installer.exe
[2012/05/15 07:23:51 | 004,894,432 | ---- | C] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe
[2012/05/10 07:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/10 07:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/10 07:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/10 07:09:16 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 07:09:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 07:09:13 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/10 07:08:54 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/26 20:46:31 | 000,000,000 | R--D | C] -- C:\Users\John-Sandi 1\SkyDrive
[2012/04/26 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

========== Files - Modified Within 30 Days ==========

[2012/05/17 16:42:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/05/17 15:59:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/17 10:50:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/17 08:54:20 | 098,466,176 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/17 06:43:21 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Users\John-Sandi 1\Desktop\Adaware_Installer.exe
[2012/05/16 03:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
[2012/05/14 20:34:47 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/05/14 20:34:47 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/05/11 05:46:31 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\GBM - Easy Layout Backup Job-Full.job
[2012/05/11 00:04:05 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 00:04:05 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 17:17:59 | 000,270,798 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/10 07:25:19 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/10 07:25:19 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/10 07:25:19 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/10 07:20:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/10 07:19:55 | 000,895,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 07:19:44 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 19:15:07 | 000,442,891 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/26 15:22:55 | 004,894,432 | ---- | M] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe
[2012/04/25 19:10:55 | 000,562,478 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\Employment_Application_ACNB_Bank_Final_093010.pdf
[2012/04/18 17:58:19 | 000,442,793 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120506-191507.backup

========== Files Created - No Company Name ==========

[2012/05/08 16:48:21 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/08 16:48:20 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
[2012/04/26 21:38:08 | 000,036,490 | ---- | C] () -- C:\Users\John-Sandi 1\Documents\House rules.rtf
[2012/04/26 21:38:08 | 000,004,671 | ---- | C] () -- C:\Users\John-Sandi 1\Documents\HSV.rtf
[2012/04/26 20:46:30 | 000,002,187 | ---- | C] () -- C:\Users\John-Sandi 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/04/25 19:10:52 | 000,562,478 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\Employment_Application_ACNB_Bank_Final_093010.pdf
[2012/02/11 20:25:04 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2011/12/05 13:14:06 | 000,777,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/25 08:35:44 | 000,002,544 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2011/09/25 08:35:44 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/01 12:27:23 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/01 12:27:23 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/03/07 15:26:43 | 000,007,600 | ---- | C] () -- C:\Users\John-Sandi 1\AppData\Local\Resmon.ResmonCfg
[2011/03/01 13:12:18 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/01 13:12:18 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/01 13:11:56 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/01 13:11:56 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7220.DAT
[2011/03/01 13:10:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/01 13:10:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/01 13:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/02/28 12:56:12 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/23 15:46:51 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/23 15:46:51 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/23 15:46:50 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/23 15:46:50 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/02/23 15:22:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/23 15:22:03 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2012/05/17 15:54:46 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Ad-Aware Antivirus
[2011/03/15 16:04:39 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Auslogics
[2011/08/07 09:48:00 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\AVG
[2011/09/26 12:29:03 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\AVG2012
[2012/04/08 18:07:16 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Encore
[2011/08/22 17:55:34 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Garmin
[2011/05/12 08:09:09 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Genie-Soft
[2011/03/01 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\ImgBurn
[2012/04/03 20:42:05 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\OfficeRecovery
[2011/02/27 17:41:21 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Opera
[2012/04/03 21:35:28 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\PandoraRecovery
[2011/03/01 12:36:00 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Temp
[2011/02/27 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\WinPatrol
[2011/11/30 08:23:48 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Zoner
[2012/05/11 05:46:31 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\GBM - Easy Layout Backup Job-Full.job
[2012/04/18 18:05:03 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/17 10:50:00 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/16 03:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/05/10 07:19:41 | 000,024,636 | ---- | M] () -- C:\aaw7boot.log
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/10/23 06:20:11 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/05/10 07:19:44 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 07:19:43 | 4293,058,559 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/05 21:13:35 | 000,000,221 | -HS- | M] () -- C:\Users\John-Sandi 1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/05/17 06:43:21 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Users\John-Sandi 1\Desktop\Adaware_Installer.exe
[2012/05/17 16:42:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/04/26 15:22:55 | 004,894,432 | ---- | M] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 5/17/2012 4:44:56 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\John-Sandi 1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.61% Memory free
15.99 Gb Paging File | 12.80 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 857.59 Gb Free Space | 92.06% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 931.02 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: JOHN-SANDI1-PC | User Name: John-Sandi 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039321A6-4914-415C-856C-F0E230595857}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{047B0F73-0903-4A5E-9D59-587C33BC012F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{06365F86-9428-42FC-BC5A-3EFFB9EA176A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31B999CD-9744-4F02-B8CE-E3A9C049EFE9}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{40B6F76B-B307-41D1-88D6-69C82621D198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{443AF4DD-6A2A-4888-9580-3F5B9E2E20E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4933CD35-D6E9-4AF6-BB6E-8B0CAB70217D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4E1F1B13-0C5D-429B-BD03-9831B1D2E96B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4E21A516-BC2C-428E-A64F-B4E86FD2A285}" = lport=445 | protocol=6 | dir=in | app=system |
"{528F3703-6E1C-4101-BE56-047CA2FB7AEE}" = rport=137 | protocol=17 | dir=out | app=system |
"{56DE3F8E-B83D-4BFD-ABBD-B3D52F09B2FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62DA85FD-6409-416E-A6BB-A3E12CE9581E}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D55EB7C-1E36-41FB-BDE0-14B771BAE826}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DAE00CA-9746-4C22-A446-EEEF9D0D2FD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F03C11B-1A61-42C1-BBD5-8B410297CCB9}" = lport=139 | protocol=6 | dir=in | app=system |
"{740932B6-7D85-4172-8487-0DF9438874D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{75E0AB4D-F9B1-4419-8D5C-1FFD1B17D95B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7C1A9968-4E68-44C3-A997-E1C7F08916A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F65AD97-F6E7-4970-A38B-209316B296AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87FB8789-5726-4EC4-A42C-17CFD73ED163}" = rport=445 | protocol=6 | dir=out | app=system |
"{95ACCCD1-295F-4AC4-A4BE-74343D02A686}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B68E2BEE-2B50-47DD-BA2E-DC3801CFFCAC}" = rport=139 | protocol=6 | dir=out | app=system |
"{CCA1B678-3DF4-4B64-88A2-F615BE4F8F0C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{D5C37862-A862-47CB-804F-1C487400F61D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC05426B-B003-466F-88E8-FCAC7D4EE4A7}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{EAEA3C3D-6681-45E1-AFC9-6EB0899F5196}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F6C0BDA8-984A-48BD-A711-B469FA985988}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE017094-71CE-436B-A0B1-528D7A133BD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE7106FE-B4AA-45CA-9C05-32BD073BE579}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BDFAB4-C46B-4F1C-A28F-59B9D3589961}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{087F02F2-F075-43E7-9AA9-57F2C5074486}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{0B48AAC5-2C82-4DB5-B601-05A57B796109}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2DC9EE4C-33B3-4D10-8B02-397728368D25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3035B0DB-1D8D-4D0D-B850-AB28C7D80729}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{381109A5-871F-4FD3-9B33-5FC15BDBA7B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38D39A63-58D5-4A10-A0F9-ADE144A5A71A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{41534830-08EF-467C-9CCD-246362E9E871}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{420A8EA2-6364-44B0-B62B-E7A8E0AE1318}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4659840A-D230-4119-823E-6C72EA161050}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EA797C0-61B8-49AD-A26F-9C1B90A6D8B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{54A5B399-7D3A-458A-84D5-3388AEC1B889}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{556281DC-3809-4890-93A0-559A52287814}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5CECF4F9-D0B6-47D6-B035-ECDEDBD7D60F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C1EC2CF-730C-4A82-8396-368F3EE9BB86}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{71CA602F-CE17-472D-8F41-F0EBF1F73C38}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{796A6C28-4267-4774-9BA7-F6265456E8F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{79BA28C2-6280-4869-8A15-6AE992D3772D}" = protocol=6 | dir=out | app=system |
"{79DEA9C3-D1F5-4497-94BF-67D75784014F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8209EB7F-CCBB-43DB-96DF-B2587B269E98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F4E7AE7-4274-49E1-996C-376D5B7C7CBB}" = protocol=6 | dir=in | app=c:\program files (x86)\electric quilt company\eq6\eq6.exe |
"{9AA7A9D3-FAB3-43D6-8AC8-6DFDC9E182D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9BFAA8E8-B87A-4E9E-9D11-C952FFCBA8E8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9D8DEAD2-6BE8-4F78-A26F-C9D12A624539}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A03C4A93-CACF-4CFB-98FD-E6B26B5FA03E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6B503E7-8D21-462A-8AAD-E4D9CDA8C27B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ADC764E5-B517-4D44-9ABC-DA801FE6CD3A}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{B261112F-6208-41A3-9084-170BB8F7A74D}" = protocol=17 | dir=in | app=c:\program files (x86)\electric quilt company\eq6\eq6.exe |
"{BCD79B83-BDC2-4188-997C-039A870DBA34}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{BFBC976A-FF58-47D0-9C56-BE62356CEA67}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C5219971-39C5-46E8-B7D3-F6A04600D19F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CF2CE366-5419-4967-A51F-959D0EF614FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE0C752-D4F6-419B-AF41-9945F44980FC}" = protocol=6 | dir=in | app=c:\users\john-sandi 1\appdata\local\microsoft\skydrive\skydrive.exe |
"{D29C1ECE-5CF8-4CC5-B41D-8FC2487EC124}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DAE91020-D70A-4657-A199-422F65ED2B0C}" = protocol=17 | dir=in | app=c:\users\john-sandi 1\appdata\local\microsoft\skydrive\skydrive.exe |
"{E9C0A420-C47F-4802-ADE5-1AF4F94AEF68}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{EA946695-1628-416A-9D1D-BC5B218CCE20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFD14F64-5B8D-44E1-A470-CC1FEF43A738}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{FB6F3AC3-AEBF-4B7B-86F3-A7F496DC100C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Office14.SingleImage" = Microsoft Office Professional 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0FABBA-6F8D-4087-B0FB-BF8AB57A0FEF}" = BackupManager
"{1A22A15D-E88A-427A-90E2-137245143239}" = Garmin Lifetime Updater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2C3060F6-F0DC-4F63-A70F-2070BE57EEDC}" = The Print Shop 3.0 Fonts
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{49B3B2D8-3429-492D-BAB5-5542048D5030}" = The Print Shop 3.0 Deluxe
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 3.0.0.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7220
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}" = EQ6
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ImgBurn" = ImgBurn
"Info Center_is1" = Info Center 1.0.0.7
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}" = EQ6
"Mozilla Firefox 10.0.4 (x86 en-US)" = Mozilla Firefox 10.0.4 (x86 en-US)
"MySSID_is1" = Vtune 7.12
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.62.1347" = Opera 11.62
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SpywareBlaster_is1" = SpywareBlaster 4.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/16/2012 5:54:17 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 22
Description =

Error - 3/16/2012 5:54:17 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 8193
Description =

Error - 3/23/2012 5:49:40 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 22
Description =

Error - 3/23/2012 5:49:40 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 8193
Description =

Error - 3/25/2012 12:30:35 AM | Computer Name = John-Sandi1-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/28/2012 12:30:12 AM | Computer Name = John-Sandi1-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/30/2012 12:30:43 AM | Computer Name = John-Sandi1-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/30/2012 5:57:32 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 22
Description =

Error - 3/30/2012 5:57:32 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 8193
Description =

Error - 3/30/2012 12:14:59 PM | Computer Name = John-Sandi1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TFService.exe, version: 4.11.2.22, time
stamp: 0x4d63252f Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time
stamp: 0x4dcddbf3 Exception code: 0xc000000d Fault offset: 0x00014ba1 Faulting process
id: 0x8f0 Faulting application start time: 0x01cd0e79ef446328 Faulting application
path: C:\Program Files (x86)\ThreatFire\TFService.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9
a\MSVCR80.dll
Report
Id: 7f1b33da-7a83-11e1-b993-bcaec5309dd8

[ System Events ]
Error - 4/15/2012 1:00:36 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/15/2012 1:01:06 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/18/2012 6:05:02 PM | Computer Name = John-Sandi1-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:02:46 PM on ?4/?18/?2012 was unexpected.

Error - 4/18/2012 6:05:04 PM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 4/22/2012 1:00:37 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/22/2012 1:01:07 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/29/2012 1:00:32 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/29/2012 1:01:02 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 5/6/2012 1:00:32 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 5/6/2012 1:01:02 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

< End of report >

Advertisements

Register to Remove

#2 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 17 May 2012 - 10:12 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, John

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:

Read the entire procedure
It is important to perform ALL actions in sequence.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with me till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#3 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 17 May 2012 - 10:13 PM

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#4 springerider

Authentic Member

Authentic Member
22 posts

Posted 18 May 2012 - 03:52 AM

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan

Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Hello Conspire, thanks for responding! I'll do just as you ask but it will be later today...work calls.

Thanks again,
John

#5 springerider

Authentic Member

Authentic Member
22 posts

Posted 18 May 2012 - 04:45 AM

Thanks...here are the files as requested. John aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-05-18 06:33:59 ----------------------------- 06:33:59.751 OS Version: Windows x64 6.1.7601 Service Pack 1 06:33:59.751 Number of processors: 4 586 0x403 06:33:59.752 ComputerName: JOHN-SANDI1-PC UserName: John-Sandi 1 06:34:02.323 Initialize success 06:34:59.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 06:34:59.391 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3 06:34:59.406 Disk 0 MBR read successfully 06:34:59.407 Disk 0 MBR scan 06:34:59.409 Disk 0 Windows 7 default MBR code 06:34:59.413 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048 06:34:59.415 Disk 0 scanning C:\Windows\system32\drivers 06:35:03.578 Service scanning 06:35:11.737 Modules scanning 06:35:11.740 Disk 0 trace - called modules: 06:35:11.755 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 06:35:11.758 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b58060] 06:35:11.760 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007aa79b0] 06:35:11.762 5 ACPI.sys[fffff88000f547a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b59680] 06:35:12.091 Scan finished successfully 06:35:28.942 Disk 0 MBR has been saved successfully to "C:\Users\John-Sandi 1\Desktop\MBR.dat" 06:35:28.945 The log file has been saved successfully to "C:\Users\John-Sandi 1\Desktop\aswMBR.txt"

Attached Files

MBR.zip 546bytes 242 downloads

#6 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 18 May 2012 - 06:13 AM

Hello,

Thanks

Please download TDSSKiller.zip and and extract it.

Run TDSSKiller.exe.
Click on Change Parameters
Put a check in the box of Detect TDLFS file system
Click Start scan.
When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
Let reboot if needed and tell me if the tool needed a reboot.
Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#7 springerider

Authentic Member

Authentic Member
22 posts

Posted 18 May 2012 - 03:28 PM

Sorry...I have no idea of where to go to find or get to that file: Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt. We are going to dinner and will check in when I get back...however the scan showed 0 results! My browser is still being hijacked. Thanks, John

#8 springerider

Authentic Member

Authentic Member
22 posts

Posted 18 May 2012 - 05:45 PM

I found it! Here you go... 17:23:18.0413 3268 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57 17:23:18.0743 3268 ============================================================ 17:23:18.0743 3268 Current date / time: 2012/05/18 17:23:18.0743 17:23:18.0743 3268 SystemInfo: 17:23:18.0743 3268 17:23:18.0743 3268 OS Version: 6.1.7601 ServicePack: 1.0 17:23:18.0743 3268 Product type: Workstation 17:23:18.0743 3268 ComputerName: JOHN-SANDI1-PC 17:23:18.0743 3268 UserName: John-Sandi 1 17:23:18.0743 3268 Windows directory: C:\Windows 17:23:18.0743 3268 System windows directory: C:\Windows 17:23:18.0743 3268 Running under WOW64 17:23:18.0743 3268 Processor architecture: Intel x64 17:23:18.0743 3268 Number of processors: 4 17:23:18.0743 3268 Page size: 0x1000 17:23:18.0743 3268 Boot type: Normal boot 17:23:18.0743 3268 ============================================================ 17:23:19.0863 3268 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:23:19.0863 3268 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:23:29.0893 3268 ============================================================ 17:23:29.0893 3268 \Device\Harddisk0\DR0: 17:23:29.0893 3268 MBR partitions: 17:23:29.0893 3268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0 17:23:29.0893 3268 \Device\Harddisk1\DR1: 17:23:29.0893 3268 MBR partitions: 17:23:29.0893 3268 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 17:23:29.0893 3268 ============================================================ 17:23:29.0903 3268 C: <-> \Device\Harddisk0\DR0\Partition0 17:23:29.0923 3268 J: <-> \Device\Harddisk1\DR1\Partition0 17:23:29.0923 3268 ============================================================ 17:23:29.0923 3268 Initialize success 17:23:29.0923 3268 ============================================================ 17:23:31.0533 5624 ============================================================ 17:23:31.0533 5624 Scan started 17:23:31.0533 5624 Mode: Manual; 17:23:31.0533 5624 ============================================================ 17:23:31.0983 5624 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 17:23:31.0993 5624 !SASCORE - ok 17:23:32.0083 5624 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 17:23:32.0083 5624 1394ohci - ok 17:23:32.0113 5624 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 17:23:32.0123 5624 ACPI - ok 17:23:32.0143 5624 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 17:23:32.0143 5624 AcpiPmi - ok 17:23:32.0193 5624 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:23:32.0203 5624 AdobeARMservice - ok 17:23:32.0273 5624 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:23:32.0283 5624 AdobeFlashPlayerUpdateSvc - ok 17:23:32.0323 5624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 17:23:32.0323 5624 adp94xx - ok 17:23:32.0363 5624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 17:23:32.0363 5624 adpahci - ok 17:23:32.0393 5624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 17:23:32.0393 5624 adpu320 - ok 17:23:32.0413 5624 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 17:23:32.0413 5624 AeLookupSvc - ok 17:23:32.0463 5624 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 17:23:32.0463 5624 AFD - ok 17:23:32.0483 5624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 17:23:32.0493 5624 agp440 - ok 17:23:32.0493 5624 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 17:23:32.0493 5624 ALG - ok 17:23:32.0503 5624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 17:23:32.0503 5624 aliide - ok 17:23:32.0513 5624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 17:23:32.0513 5624 amdide - ok 17:23:32.0533 5624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 17:23:32.0533 5624 AmdK8 - ok 17:23:32.0543 5624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 17:23:32.0543 5624 AmdPPM - ok 17:23:32.0553 5624 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys 17:23:32.0553 5624 amdsata - ok 17:23:32.0583 5624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 17:23:32.0583 5624 amdsbs - ok 17:23:32.0593 5624 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys 17:23:32.0593 5624 amdxata - ok 17:23:32.0633 5624 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 17:23:32.0633 5624 AppID - ok 17:23:32.0643 5624 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 17:23:32.0643 5624 AppIDSvc - ok 17:23:32.0673 5624 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 17:23:32.0683 5624 Appinfo - ok 17:23:32.0703 5624 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 17:23:32.0713 5624 AppMgmt - ok 17:23:32.0713 5624 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 17:23:32.0713 5624 arc - ok 17:23:32.0733 5624 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 17:23:32.0733 5624 arcsas - ok 17:23:32.0783 5624 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys 17:23:32.0783 5624 AsIO - ok 17:23:32.0843 5624 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:23:32.0843 5624 aspnet_state - ok 17:23:32.0873 5624 AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe 17:23:32.0873 5624 AsSysCtrlService - ok 17:23:32.0893 5624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:23:32.0893 5624 AsyncMac - ok 17:23:32.0903 5624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 17:23:32.0903 5624 atapi - ok 17:23:32.0923 5624 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 17:23:32.0923 5624 AtiPcie - ok 17:23:32.0973 5624 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 17:23:32.0993 5624 AudioEndpointBuilder - ok 17:23:32.0993 5624 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 17:23:32.0993 5624 AudioSrv - ok 17:23:33.0163 5624 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe 17:23:33.0223 5624 AVGIDSAgent - ok 17:23:33.0323 5624 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 17:23:33.0323 5624 AVGIDSDriver - ok 17:23:33.0333 5624 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 17:23:33.0333 5624 AVGIDSEH - ok 17:23:33.0343 5624 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 17:23:33.0343 5624 AVGIDSFilter - ok 17:23:33.0363 5624 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys 17:23:33.0363 5624 Avgldx64 - ok 17:23:33.0373 5624 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys 17:23:33.0373 5624 Avgmfx64 - ok 17:23:33.0393 5624 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys 17:23:33.0393 5624 Avgrkx64 - ok 17:23:33.0433 5624 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys 17:23:33.0433 5624 Avgtdia - ok 17:23:33.0463 5624 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 17:23:33.0463 5624 avgwd - ok 17:23:33.0463 5624 Scan interrupted by user! 17:23:33.0463 5624 Scan interrupted by user! 17:23:33.0463 5624 Scan interrupted by user! 17:23:33.0463 5624 ============================================================ 17:23:33.0463 5624 Scan finished 17:23:33.0463 5624 ============================================================ 17:23:33.0473 3056 Detected object count: 0 17:23:33.0473 3056 Actual detected object count: 0 17:23:55.0301 1580 ============================================================ 17:23:55.0301 1580 Scan started 17:23:55.0301 1580 Mode: Manual; TDLFS; 17:23:55.0301 1580 ============================================================ 17:23:55.0561 1580 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 17:23:55.0561 1580 !SASCORE - ok 17:23:55.0591 1580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 17:23:55.0601 1580 1394ohci - ok 17:23:55.0611 1580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 17:23:55.0621 1580 ACPI - ok 17:23:55.0641 1580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 17:23:55.0641 1580 AcpiPmi - ok 17:23:55.0691 1580 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:23:55.0691 1580 AdobeARMservice - ok 17:23:55.0751 1580 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:23:55.0751 1580 AdobeFlashPlayerUpdateSvc - ok 17:23:55.0781 1580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 17:23:55.0781 1580 adp94xx - ok 17:23:55.0811 1580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 17:23:55.0811 1580 adpahci - ok 17:23:55.0841 1580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 17:23:55.0841 1580 adpu320 - ok 17:23:55.0861 1580 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 17:23:55.0871 1580 AeLookupSvc - ok 17:23:55.0901 1580 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 17:23:55.0901 1580 AFD - ok 17:23:55.0941 1580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 17:23:55.0941 1580 agp440 - ok 17:23:55.0951 1580 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 17:23:55.0951 1580 ALG - ok 17:23:55.0961 1580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 17:23:55.0961 1580 aliide - ok 17:23:55.0971 1580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 17:23:55.0971 1580 amdide - ok 17:23:55.0981 1580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 17:23:55.0991 1580 AmdK8 - ok 17:23:56.0001 1580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 17:23:56.0001 1580 AmdPPM - ok 17:23:56.0011 1580 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys 17:23:56.0011 1580 amdsata - ok 17:23:56.0031 1580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 17:23:56.0031 1580 amdsbs - ok 17:23:56.0041 1580 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys 17:23:56.0041 1580 amdxata - ok 17:23:56.0061 1580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 17:23:56.0061 1580 AppID - ok 17:23:56.0071 1580 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 17:23:56.0081 1580 AppIDSvc - ok 17:23:56.0101 1580 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 17:23:56.0101 1580 Appinfo - ok 17:23:56.0121 1580 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 17:23:56.0121 1580 AppMgmt - ok 17:23:56.0131 1580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 17:23:56.0131 1580 arc - ok 17:23:56.0141 1580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 17:23:56.0141 1580 arcsas - ok 17:23:56.0181 1580 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys 17:23:56.0181 1580 AsIO - ok 17:23:56.0231 1580 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:23:56.0231 1580 aspnet_state - ok 17:23:56.0251 1580 AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe 17:23:56.0251 1580 AsSysCtrlService - ok 17:23:56.0261 1580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:23:56.0261 1580 AsyncMac - ok 17:23:56.0271 1580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 17:23:56.0271 1580 atapi - ok 17:23:56.0281 1580 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 17:23:56.0281 1580 AtiPcie - ok 17:23:56.0321 1580 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 17:23:56.0331 1580 AudioEndpointBuilder - ok 17:23:56.0331 1580 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 17:23:56.0331 1580 AudioSrv - ok 17:23:56.0501 1580 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe 17:23:56.0521 1580 AVGIDSAgent - ok 17:23:56.0591 1580 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 17:23:56.0591 1580 AVGIDSDriver - ok 17:23:56.0601 1580 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 17:23:56.0601 1580 AVGIDSEH - ok 17:23:56.0601 1580 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 17:23:56.0611 1580 AVGIDSFilter - ok 17:23:56.0621 1580 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys 17:23:56.0631 1580 Avgldx64 - ok 17:23:56.0641 1580 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys 17:23:56.0641 1580 Avgmfx64 - ok 17:23:56.0651 1580 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys 17:23:56.0651 1580 Avgrkx64 - ok 17:23:56.0691 1580 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys 17:23:56.0691 1580 Avgtdia - ok 17:23:56.0721 1580 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 17:23:56.0721 1580 avgwd - ok 17:23:56.0741 1580 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 17:23:56.0741 1580 AxInstSV - ok 17:23:56.0781 1580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 17:23:56.0781 1580 b06bdrv - ok 17:23:56.0831 1580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 17:23:56.0841 1580 b57nd60a - ok 17:23:56.0861 1580 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 17:23:56.0861 1580 BDESVC - ok 17:23:56.0871 1580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 17:23:56.0871 1580 Beep - ok 17:23:56.0941 1580 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 17:23:56.0971 1580 BFE - ok 17:23:57.0011 1580 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 17:23:57.0031 1580 BITS - ok 17:23:57.0051 1580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 17:23:57.0051 1580 blbdrive - ok 17:23:57.0081 1580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 17:23:57.0081 1580 bowser - ok 17:23:57.0091 1580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:23:57.0091 1580 BrFiltLo - ok 17:23:57.0101 1580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:23:57.0101 1580 BrFiltUp - ok 17:23:57.0121 1580 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 17:23:57.0121 1580 Browser - ok 17:23:57.0151 1580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys 17:23:57.0151 1580 Brserid - ok 17:23:57.0171 1580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 17:23:57.0171 1580 BrSerWdm - ok 17:23:57.0181 1580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:23:57.0181 1580 BrUsbMdm - ok 17:23:57.0181 1580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys 17:23:57.0191 1580 BrUsbSer - ok 17:23:57.0201 1580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 17:23:57.0201 1580 BTHMODEM - ok 17:23:57.0211 1580 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 17:23:57.0211 1580 bthserv - ok 17:23:57.0291 1580 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS 17:23:57.0291 1580 Cardex - ok 17:23:57.0301 1580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 17:23:57.0301 1580 cdfs - ok 17:23:57.0331 1580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 17:23:57.0331 1580 cdrom - ok 17:23:57.0361 1580 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 17:23:57.0361 1580 CertPropSvc - ok 17:23:57.0371 1580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 17:23:57.0371 1580 circlass - ok 17:23:57.0401 1580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 17:23:57.0401 1580 CLFS - ok 17:23:57.0441 1580 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:23:57.0441 1580 clr_optimization_v2.0.50727_32 - ok 17:23:57.0451 1580 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:23:57.0451 1580 clr_optimization_v2.0.50727_64 - ok 17:23:57.0501 1580 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:23:57.0501 1580 clr_optimization_v4.0.30319_32 - ok 17:23:57.0531 1580 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:23:57.0551 1580 clr_optimization_v4.0.30319_64 - ok 17:23:57.0561 1580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 17:23:57.0561 1580 CmBatt - ok 17:23:57.0581 1580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 17:23:57.0581 1580 cmdide - ok 17:23:57.0621 1580 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 17:23:57.0631 1580 CNG - ok 17:23:57.0641 1580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 17:23:57.0641 1580 Compbatt - ok 17:23:57.0671 1580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 17:23:57.0671 1580 CompositeBus - ok 17:23:57.0681 1580 COMSysApp - ok 17:23:57.0701 1580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 17:23:57.0701 1580 crcdisk - ok 17:23:57.0731 1580 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 17:23:57.0731 1580 CryptSvc - ok 17:23:57.0771 1580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 17:23:57.0771 1580 CSC - ok 17:23:57.0831 1580 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 17:23:57.0841 1580 CscService - ok 17:23:57.0881 1580 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 17:23:57.0891 1580 DcomLaunch - ok 17:23:57.0941 1580 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 17:23:57.0941 1580 defragsvc - ok 17:23:57.0981 1580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 17:23:57.0981 1580 DfsC - ok 17:23:58.0001 1580 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 17:23:58.0001 1580 Dhcp - ok 17:23:58.0021 1580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 17:23:58.0021 1580 discache - ok 17:23:58.0051 1580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 17:23:58.0051 1580 Disk - ok 17:23:58.0081 1580 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 17:23:58.0081 1580 Dnscache - ok 17:23:58.0111 1580 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 17:23:58.0121 1580 dot3svc - ok 17:23:58.0141 1580 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 17:23:58.0151 1580 DPS - ok 17:23:58.0161 1580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 17:23:58.0161 1580 drmkaud - ok 17:23:58.0211 1580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 17:23:58.0221 1580 DXGKrnl - ok 17:23:58.0241 1580 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 17:23:58.0251 1580 EapHost - ok 17:23:58.0361 1580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 17:23:58.0401 1580 ebdrv - ok 17:23:58.0471 1580 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 17:23:58.0471 1580 EFS - ok 17:23:58.0521 1580 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 17:23:58.0531 1580 ehRecvr - ok 17:23:58.0551 1580 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 17:23:58.0551 1580 ehSched - ok 17:23:58.0591 1580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 17:23:58.0591 1580 elxstor - ok 17:23:58.0621 1580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 17:23:58.0621 1580 ErrDev - ok 17:23:58.0641 1580 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 17:23:58.0651 1580 EventSystem - ok 17:23:58.0671 1580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 17:23:58.0681 1580 exfat - ok 17:23:58.0691 1580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 17:23:58.0691 1580 fastfat - ok 17:23:58.0751 1580 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 17:23:58.0761 1580 Fax - ok 17:23:58.0771 1580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 17:23:58.0781 1580 fdc - ok 17:23:58.0791 1580 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 17:23:58.0791 1580 fdPHost - ok 17:23:58.0801 1580 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 17:23:58.0801 1580 FDResPub - ok 17:23:58.0821 1580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 17:23:58.0821 1580 FileInfo - ok 17:23:58.0821 1580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 17:23:58.0821 1580 Filetrace - ok 17:23:58.0831 1580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 17:23:58.0831 1580 flpydisk - ok 17:23:58.0871 1580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 17:23:58.0871 1580 FltMgr - ok 17:23:58.0931 1580 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 17:23:58.0941 1580 FontCache - ok 17:23:59.0011 1580 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:23:59.0011 1580 FontCache3.0.0.0 - ok 17:23:59.0021 1580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 17:23:59.0021 1580 FsDepends - ok 17:23:59.0041 1580 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 17:23:59.0041 1580 Fs_Rec - ok 17:23:59.0071 1580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 17:23:59.0071 1580 fvevol - ok 17:23:59.0081 1580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:23:59.0081 1580 gagp30kx - ok 17:23:59.0131 1580 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 17:23:59.0141 1580 gpsvc - ok 17:23:59.0151 1580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 17:23:59.0151 1580 hcw85cir - ok 17:23:59.0191 1580 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 17:23:59.0201 1580 HdAudAddService - ok 17:23:59.0231 1580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 17:23:59.0231 1580 HDAudBus - ok 17:23:59.0241 1580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 17:23:59.0241 1580 HidBatt - ok 17:23:59.0261 1580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 17:23:59.0261 1580 HidBth - ok 17:23:59.0271 1580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 17:23:59.0271 1580 HidIr - ok 17:23:59.0271 1580 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 17:23:59.0271 1580 hidserv - ok 17:23:59.0301 1580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 17:23:59.0301 1580 HidUsb - ok 17:23:59.0331 1580 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 17:23:59.0331 1580 hkmsvc - ok 17:23:59.0351 1580 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 17:23:59.0351 1580 HomeGroupListener - ok 17:23:59.0371 1580 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 17:23:59.0381 1580 HomeGroupProvider - ok 17:23:59.0391 1580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 17:23:59.0391 1580 HpSAMD - ok 17:23:59.0431 1580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 17:23:59.0431 1580 HTTP - ok 17:23:59.0461 1580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 17:23:59.0461 1580 hwpolicy - ok 17:23:59.0471 1580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 17:23:59.0471 1580 i8042prt - ok 17:23:59.0511 1580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 17:23:59.0511 1580 iaStorV - ok 17:23:59.0591 1580 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 17:23:59.0591 1580 IDriverT - ok 17:23:59.0651 1580 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:23:59.0651 1580 idsvc - ok 17:23:59.0711 1580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 17:23:59.0711 1580 iirsp - ok 17:23:59.0751 1580 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 17:23:59.0761 1580 IKEEXT - ok 17:23:59.0861 1580 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys 17:23:59.0871 1580 IntcAzAudAddService - ok 17:23:59.0941 1580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 17:23:59.0941 1580 intelide - ok 17:23:59.0961 1580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 17:23:59.0961 1580 intelppm - ok 17:23:59.0971 1580 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 17:23:59.0971 1580 IPBusEnum - ok 17:23:59.0981 1580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:23:59.0981 1580 IpFilterDriver - ok 17:24:00.0021 1580 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 17:24:00.0031 1580 iphlpsvc - ok 17:24:00.0041 1580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 17:24:00.0041 1580 IPMIDRV - ok 17:24:00.0061 1580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 17:24:00.0061 1580 IPNAT - ok 17:24:00.0081 1580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 17:24:00.0081 1580 IRENUM - ok 17:24:00.0091 1580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 17:24:00.0091 1580 isapnp - ok 17:24:00.0121 1580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 17:24:00.0131 1580 iScsiPrt - ok 17:24:00.0151 1580 JRAID (4a8a242fda43765f4f73ecde2ba0d62a) C:\Windows\system32\DRIVERS\jraid.sys 17:24:00.0151 1580 JRAID - ok 17:24:00.0171 1580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 17:24:00.0171 1580 kbdclass - ok 17:24:00.0181 1580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 17:24:00.0181 1580 kbdhid - ok 17:24:00.0211 1580 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:24:00.0211 1580 KeyIso - ok 17:24:00.0271 1580 Kodak AiO Network Discovery Service (3d1e2d4a75bb4230b0cee140b5585dcd) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe 17:24:00.0281 1580 Kodak AiO Network Discovery Service - ok 17:24:00.0281 1580 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 17:24:00.0281 1580 KSecDD - ok 17:24:00.0301 1580 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 17:24:00.0301 1580 KSecPkg - ok 17:24:00.0311 1580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 17:24:00.0311 1580 ksthunk - ok 17:24:00.0331 1580 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 17:24:00.0331 1580 KtmRm - ok 17:24:00.0361 1580 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 17:24:00.0361 1580 LanmanServer - ok 17:24:00.0391 1580 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 17:24:00.0391 1580 LanmanWorkstation - ok 17:24:00.0491 1580 Lavasoft Ad-Aware Service (93b3ef77866490c7daba054f6cbfcd51) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe 17:24:00.0511 1580 Lavasoft Ad-Aware Service - ok 17:24:00.0541 1580 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 17:24:00.0541 1580 Lavasoft Kernexplorer - ok 17:24:00.0581 1580 Lbd - ok 17:24:00.0601 1580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 17:24:00.0601 1580 lltdio - ok 17:24:00.0621 1580 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 17:24:00.0621 1580 lltdsvc - ok 17:24:00.0631 1580 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 17:24:00.0631 1580 lmhosts - ok 17:24:00.0661 1580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:24:00.0661 1580 LSI_FC - ok 17:24:00.0681 1580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:24:00.0681 1580 LSI_SAS - ok 17:24:00.0691 1580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:24:00.0691 1580 LSI_SAS2 - ok 17:24:00.0711 1580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:24:00.0711 1580 LSI_SCSI - ok 17:24:00.0721 1580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 17:24:00.0721 1580 luafv - ok 17:24:00.0781 1580 McciCMService (944b3087b142cd9bf8da6b3039fbfba5) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe 17:24:00.0781 1580 McciCMService - ok 17:24:00.0841 1580 McciCMService64 (fbd57a7c443c85cc6c6169493a020fdf) C:\Program Files\Common Files\Motive\McciCMService.exe 17:24:00.0851 1580 McciCMService64 - ok 17:24:00.0871 1580 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 17:24:00.0871 1580 Mcx2Svc - ok 17:24:00.0891 1580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 17:24:00.0891 1580 megasas - ok 17:24:00.0911 1580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 17:24:00.0911 1580 MegaSR - ok 17:24:00.0921 1580 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:24:00.0931 1580 MMCSS - ok 17:24:00.0931 1580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 17:24:00.0931 1580 Modem - ok 17:24:00.0941 1580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 17:24:00.0941 1580 monitor - ok 17:24:00.0971 1580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 17:24:00.0971 1580 mouclass - ok 17:24:00.0971 1580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 17:24:00.0971 1580 mouhid - ok 17:24:01.0001 1580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 17:24:01.0001 1580 mountmgr - ok 17:24:01.0021 1580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 17:24:01.0021 1580 mpio - ok 17:24:01.0041 1580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 17:24:01.0041 1580 mpsdrv - ok 17:24:01.0091 1580 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 17:24:01.0091 1580 MpsSvc - ok 17:24:01.0121 1580 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 17:24:01.0121 1580 MREMP50 - ok 17:24:01.0131 1580 MREMP50a64 - ok 17:24:01.0131 1580 MREMPR5 - ok 17:24:01.0131 1580 MRENDIS5 - ok 17:24:01.0141 1580 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 17:24:01.0141 1580 MRESP50 - ok 17:24:01.0161 1580 MRESP50a64 - ok 17:24:01.0181 1580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 17:24:01.0191 1580 MRxDAV - ok 17:24:01.0211 1580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:24:01.0211 1580 mrxsmb - ok 17:24:01.0251 1580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:24:01.0251 1580 mrxsmb10 - ok 17:24:01.0271 1580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:24:01.0271 1580 mrxsmb20 - ok 17:24:01.0281 1580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 17:24:01.0281 1580 msahci - ok 17:24:01.0311 1580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 17:24:01.0311 1580 msdsm - ok 17:24:01.0331 1580 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 17:24:01.0331 1580 MSDTC - ok 17:24:01.0341 1580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 17:24:01.0341 1580 Msfs - ok 17:24:01.0341 1580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 17:24:01.0341 1580 mshidkmdf - ok 17:24:01.0361 1580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 17:24:01.0361 1580 msisadrv - ok 17:24:01.0371 1580 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 17:24:01.0381 1580 MSiSCSI - ok 17:24:01.0381 1580 msiserver - ok 17:24:01.0391 1580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 17:24:01.0391 1580 MSKSSRV - ok 17:24:01.0391 1580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 17:24:01.0391 1580 MSPCLOCK - ok 17:24:01.0411 1580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 17:24:01.0411 1580 MSPQM - ok 17:24:01.0441 1580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 17:24:01.0441 1580 MsRPC - ok 17:24:01.0451 1580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 17:24:01.0451 1580 mssmbios - ok 17:24:01.0461 1580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 17:24:01.0461 1580 MSTEE - ok 17:24:01.0471 1580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 17:24:01.0471 1580 MTConfig - ok 17:24:01.0501 1580 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys 17:24:01.0501 1580 MTsensor - ok 17:24:01.0511 1580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 17:24:01.0511 1580 Mup - ok 17:24:01.0561 1580 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 17:24:01.0571 1580 napagent - ok 17:24:01.0601 1580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 17:24:01.0601 1580 NativeWifiP - ok 17:24:01.0651 1580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 17:24:01.0661 1580 NDIS - ok 17:24:01.0661 1580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 17:24:01.0661 1580 NdisCap - ok 17:24:01.0671 1580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 17:24:01.0671 1580 NdisTapi - ok 17:24:01.0691 1580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 17:24:01.0691 1580 Ndisuio - ok 17:24:01.0721 1580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 17:24:01.0721 1580 NdisWan - ok 17:24:01.0751 1580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 17:24:01.0751 1580 NDProxy - ok 17:24:01.0771 1580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 17:24:01.0771 1580 NetBIOS - ok 17:24:01.0791 1580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 17:24:01.0801 1580 NetBT - ok 17:24:01.0821 1580 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:24:01.0821 1580 Netlogon - ok 17:24:01.0851 1580 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 17:24:01.0851 1580 Netman - ok 17:24:01.0901 1580 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:24:01.0901 1580 NetMsmqActivator - ok 17:24:01.0911 1580 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:24:01.0911 1580 NetPipeActivator - ok 17:24:01.0941 1580 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 17:24:01.0951 1580 netprofm - ok 17:24:01.0961 1580 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:24:01.0961 1580 NetTcpActivator - ok 17:24:01.0961 1580 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:24:01.0961 1580 NetTcpPortSharing - ok 17:24:01.0981 1580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 17:24:01.0981 1580 nfrd960 - ok 17:24:02.0021 1580 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 17:24:02.0021 1580 NlaSvc - ok 17:24:02.0031 1580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 17:24:02.0031 1580 Npfs - ok 17:24:02.0031 1580 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 17:24:02.0041 1580 nsi - ok 17:24:02.0041 1580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 17:24:02.0041 1580 nsiproxy - ok 17:24:02.0121 1580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 17:24:02.0131 1580 Ntfs - ok 17:24:02.0191 1580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 17:24:02.0191 1580 Null - ok 17:24:02.0221 1580 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys 17:24:02.0221 1580 nusb3hub - ok 17:24:02.0241 1580 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys 17:24:02.0241 1580 nusb3xhc - ok 17:24:02.0281 1580 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 17:24:02.0281 1580 NVENETFD - ok 17:24:02.0321 1580 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys 17:24:02.0321 1580 NVHDA - ok 17:24:02.0641 1580 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:24:02.0811 1580 nvlddmkm - ok 17:24:02.0851 1580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 17:24:02.0851 1580 nvraid - ok 17:24:02.0861 1580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 17:24:02.0861 1580 nvstor - ok 17:24:02.0931 1580 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe 17:24:02.0931 1580 nvsvc - ok 17:24:03.0081 1580 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 17:24:03.0101 1580 nvUpdatusService - ok 17:24:03.0141 1580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 17:24:03.0141 1580 nv_agp - ok 17:24:03.0151 1580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 17:24:03.0151 1580 ohci1394 - ok 17:24:03.0191 1580 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:24:03.0191 1580 ose64 - ok 17:24:03.0361 1580 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:24:03.0431 1580 osppsvc - ok 17:24:03.0491 1580 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:24:03.0501 1580 p2pimsvc - ok 17:24:03.0531 1580 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 17:24:03.0541 1580 p2psvc - ok 17:24:03.0561 1580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 17:24:03.0561 1580 Parport - ok 17:24:03.0581 1580 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 17:24:03.0581 1580 partmgr - ok 17:24:03.0601 1580 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 17:24:03.0601 1580 PcaSvc - ok 17:24:03.0611 1580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 17:24:03.0621 1580 pci - ok 17:24:03.0621 1580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 17:24:03.0621 1580 pciide - ok 17:24:03.0641 1580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 17:24:03.0641 1580 pcmcia - ok 17:24:03.0661 1580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 17:24:03.0661 1580 pcw - ok 17:24:03.0691 1580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 17:24:03.0691 1580 PEAUTH - ok 17:24:03.0751 1580 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 17:24:03.0761 1580 PeerDistSvc - ok 17:24:03.0811 1580 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 17:24:03.0811 1580 PerfHost - ok 17:24:03.0901 1580 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 17:24:03.0921 1580 pla - ok 17:24:03.0971 1580 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 17:24:03.0981 1580 PlugPlay - ok 17:24:03.0991 1580 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 17:24:03.0991 1580 PNRPAutoReg - ok 17:24:04.0021 1580 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:24:04.0021 1580 PNRPsvc - ok 17:24:04.0071 1580 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 17:24:04.0071 1580 PolicyAgent - ok 17:24:04.0091 1580 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 17:24:04.0091 1580 Power - ok 17:24:04.0131 1580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 17:24:04.0131 1580 PptpMiniport - ok 17:24:04.0151 1580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 17:24:04.0151 1580 Processor - ok 17:24:04.0171 1580 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 17:24:04.0171 1580 ProfSvc - ok 17:24:04.0191 1580 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:24:04.0191 1580 ProtectedStorage - ok 17:24:04.0221 1580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 17:24:04.0221 1580 Psched - ok 17:24:04.0241 1580 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys 17:24:04.0241 1580 PSI - ok 17:24:04.0311 1580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 17:24:04.0321 1580 ql2300 - ok 17:24:04.0361 1580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 17:24:04.0361 1580 ql40xx - ok 17:24:04.0381 1580 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 17:24:04.0391 1580 QWAVE - ok 17:24:04.0391 1580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 17:24:04.0391 1580 QWAVEdrv - ok 17:24:04.0411 1580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 17:24:04.0411 1580 RasAcd - ok 17:24:04.0421 1580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:24:04.0421 1580 RasAgileVpn - ok 17:24:04.0431 1580 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 17:24:04.0431 1580 RasAuto - ok 17:24:04.0461 1580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:24:04.0461 1580 Rasl2tp - ok 17:24:04.0501 1580 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 17:24:04.0501 1580 RasMan - ok 17:24:04.0511 1580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 17:24:04.0511 1580 RasPppoe - ok 17:24:04.0521 1580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 17:24:04.0521 1580 RasSstp - ok 17:24:04.0541 1580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 17:24:04.0541 1580 rdbss - ok 17:24:04.0551 1580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 17:24:04.0551 1580 rdpbus - ok 17:24:04.0561 1580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:24:04.0561 1580 RDPCDD - ok 17:24:04.0591 1580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 17:24:04.0591 1580 RDPDR - ok 17:24:04.0601 1580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 17:24:04.0601 1580 RDPENCDD - ok 17:24:04.0611 1580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 17:24:04.0611 1580 RDPREFMP - ok 17:24:04.0631 1580 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 17:24:04.0631 1580 RDPWD - ok 17:24:04.0661 1580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 17:24:04.0661 1580 rdyboost - ok 17:24:04.0691 1580 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 17:24:04.0691 1580 RemoteAccess - ok 17:24:04.0711 1580 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 17:24:04.0711 1580 RemoteRegistry - ok 17:24:04.0721 1580 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 17:24:04.0721 1580 RpcEptMapper - ok 17:24:04.0741 1580 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 17:24:04.0741 1580 RpcLocator - ok 17:24:04.0781 1580 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 17:24:04.0781 1580 RpcSs - ok 17:24:04.0801 1580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 17:24:04.0801 1580 rspndr - ok 17:24:04.0841 1580 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys 17:24:04.0841 1580 RTL8167 - ok 17:24:04.0861 1580 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 17:24:04.0861 1580 s3cap - ok 17:24:04.0861 1580 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:24:04.0861 1580 SamSs - ok 17:24:04.0901 1580 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 17:24:04.0901 1580 SASDIFSV - ok 17:24:04.0931 1580 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 17:24:04.0931 1580 SASKUTIL - ok 17:24:04.0951 1580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 17:24:04.0951 1580 sbp2port - ok 17:24:05.0021 1580 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 17:24:05.0031 1580 SBSDWSCService - ok 17:24:05.0041 1580 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 17:24:05.0051 1580 SCardSvr - ok 17:24:05.0071 1580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 17:24:05.0071 1580 scfilter - ok 17:24:05.0141 1580 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 17:24:05.0151 1580 Schedule - ok 17:24:05.0161 1580 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 17:24:05.0161 1580 SCPolicySvc - ok 17:24:05.0181 1580 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 17:24:05.0181 1580 SDRSVC - ok 17:24:05.0201 1580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:24:05.0201 1580 secdrv - ok 17:24:05.0221 1580 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 17:24:05.0221 1580 seclogon - ok 17:24:05.0281 1580 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe 17:24:05.0291 1580 Secunia PSI Agent - ok 17:24:05.0321 1580 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe 17:24:05.0321 1580 Secunia Update Agent - ok 17:24:05.0381 1580 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 17:24:05.0381 1580 SENS - ok 17:24:05.0381 1580 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 17:24:05.0381 1580 SensrSvc - ok 17:24:05.0391 1580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 17:24:05.0391 1580 Serenum - ok 17:24:05.0401 1580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 17:24:05.0401 1580 Serial - ok 17:24:05.0421 1580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 17:24:05.0421 1580 sermouse - ok 17:24:05.0451 1580 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 17:24:05.0451 1580 SessionEnv - ok 17:24:05.0471 1580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 17:24:05.0471 1580 sffdisk - ok 17:24:05.0481 1580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 17:24:05.0481 1580 sffp_mmc - ok 17:24:05.0491 1580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 17:24:05.0491 1580 sffp_sd - ok 17:24:05.0501 1580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 17:24:05.0501 1580 sfloppy - ok 17:24:05.0541 1580 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 17:24:05.0541 1580 SharedAccess - ok 17:24:05.0571 1580 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 17:24:05.0571 1580 ShellHWDetection - ok 17:24:05.0591 1580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:24:05.0591 1580 SiSRaid2 - ok 17:24:05.0601 1580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 17:24:05.0601 1580 SiSRaid4 - ok 17:24:05.0621 1580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 17:24:05.0621 1580 Smb - ok 17:24:05.0631 1580 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 17:24:05.0631 1580 SNMPTRAP - ok 17:24:05.0651 1580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 17:24:05.0651 1580 spldr - ok 17:24:05.0691 1580 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 17:24:05.0701 1580 Spooler - ok 17:24:05.0831 1580 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 17:24:05.0881 1580 sppsvc - ok 17:24:05.0911 1580 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 17:24:05.0911 1580 sppuinotify - ok 17:24:05.0951 1580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 17:24:05.0951 1580 srv - ok 17:24:05.0981 1580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 17:24:05.0981 1580 srv2 - ok 17:24:06.0001 1580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 17:24:06.0001 1580 srvnet - ok 17:24:06.0011 1580 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 17:24:06.0011 1580 SSDPSRV - ok 17:24:06.0021 1580 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 17:24:06.0021 1580 SstpSvc - ok 17:24:06.0081 1580 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 17:24:06.0081 1580 Stereo Service - ok 17:24:06.0091 1580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 17:24:06.0091 1580 stexstor - ok 17:24:06.0141 1580 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 17:24:06.0141 1580 stisvc - ok 17:24:06.0161 1580 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 17:24:06.0161 1580 storflt - ok 17:24:06.0181 1580 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 17:24:06.0181 1580 StorSvc - ok 17:24:06.0191 1580 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 17:24:06.0191 1580 storvsc - ok 17:24:06.0191 1580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 17:24:06.0191 1580 swenum - ok 17:24:06.0231 1580 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 17:24:06.0231 1580 swprv - ok 17:24:06.0321 1580 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 17:24:06.0341 1580 SysMain - ok 17:24:06.0381 1580 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 17:24:06.0381 1580 TabletInputService - ok 17:24:06.0411 1580 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 17:24:06.0421 1580 TapiSrv - ok 17:24:06.0431 1580 TBPanel - ok 17:24:06.0431 1580 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 17:24:06.0431 1580 TBS - ok 17:24:06.0521 1580 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 17:24:06.0531 1580 Tcpip - ok 17:24:06.0621 1580 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 17:24:06.0631 1580 TCPIP6 - ok 17:24:06.0671 1580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 17:24:06.0671 1580 tcpipreg - ok 17:24:06.0691 1580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:24:06.0691 1580 TDPIPE - ok 17:24:06.0711 1580 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 17:24:06.0711 1580 TDTCP - ok 17:24:06.0731 1580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 17:24:06.0731 1580 tdx - ok 17:24:06.0741 1580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 17:24:06.0741 1580 TermDD - ok 17:24:06.0781 1580 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 17:24:06.0801 1580 TermService - ok 17:24:06.0821 1580 TfFsMon (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys 17:24:06.0821 1580 TfFsMon - ok 17:24:06.0821 1580 TfNetMon (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys 17:24:06.0821 1580 TfNetMon - ok 17:24:06.0831 1580 TfSysMon (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys 17:24:06.0831 1580 TfSysMon - ok 17:24:06.0841 1580 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 17:24:06.0851 1580 Themes - ok 17:24:06.0871 1580 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:24:06.0871 1580 THREADORDER - ok 17:24:06.0871 1580 ThreatFire - ok 17:24:06.0891 1580 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 17:24:06.0891 1580 TrkWks - ok 17:24:06.0931 1580 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 17:24:06.0931 1580 TrustedInstaller - ok 17:24:06.0951 1580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:24:06.0951 1580 tssecsrv - ok 17:24:06.0981 1580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 17:24:06.0991 1580 TsUsbFlt - ok 17:24:07.0021 1580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 17:24:07.0021 1580 tunnel - ok 17:24:07.0031 1580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 17:24:07.0031 1580 uagp35 - ok 17:24:07.0061 1580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 17:24:07.0061 1580 udfs - ok 17:24:07.0071 1580 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 17:24:07.0071 1580 UI0Detect - ok 17:24:07.0081 1580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 17:24:07.0081 1580 uliagpkx - ok 17:24:07.0111 1580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 17:24:07.0111 1580 umbus - ok 17:24:07.0131 1580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 17:24:07.0131 1580 UmPass - ok 17:24:07.0151 1580 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 17:24:07.0161 1580 UmRdpService - ok 17:24:07.0181 1580 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 17:24:07.0191 1580 upnphost - ok 17:24:07.0211 1580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 17:24:07.0211 1580 usbccgp - ok 17:24:07.0231 1580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 17:24:07.0231 1580 usbcir - ok 17:24:07.0241 1580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 17:24:07.0241 1580 usbehci - ok 17:24:07.0251 1580 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys 17:24:07.0251 1580 usbfilter - ok 17:24:07.0281 1580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 17:24:07.0281 1580 usbhub - ok 17:24:07.0291 1580 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 17:24:07.0291 1580 usbohci - ok 17:24:07.0311 1580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:24:07.0311 1580 usbprint - ok 17:24:07.0321 1580 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 17:24:07.0321 1580 usbscan - ok 17:24:07.0331 1580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:24:07.0331 1580 USBSTOR - ok 17:24:07.0341 1580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 17:24:07.0341 1580 usbuhci - ok 17:24:07.0351 1580 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 17:24:07.0361 1580 UxSms - ok 17:24:07.0371 1580 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:24:07.0381 1580 VaultSvc - ok 17:24:07.0381 1580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 17:24:07.0381 1580 vdrvroot - ok 17:24:07.0441 1580 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 17:24:07.0441 1580 vds - ok 17:24:07.0461 1580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:24:07.0461 1580 vga - ok 17:24:07.0471 1580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:24:07.0471 1580 VgaSave - ok 17:24:07.0491 1580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 17:24:07.0491 1580 vhdmp - ok 17:24:07.0511 1580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 17:24:07.0511 1580 viaide - ok 17:24:07.0531 1580 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 17:24:07.0531 1580 vmbus - ok 17:24:07.0561 1580 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 17:24:07.0571 1580 VMBusHID - ok 17:24:07.0651 1580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 17:24:07.0651 1580 volmgr - ok 17:24:07.0751 1580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 17:24:07.0751 1580 volmgrx - ok 17:24:07.0781 1580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 17:24:07.0781 1580 volsnap - ok 17:24:07.0801 1580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 17:24:07.0801 1580 vsmraid - ok 17:24:07.0881 1580 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 17:24:07.0891 1580 VSS - ok 17:24:07.0941 1580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 17:24:07.0941 1580 vwifibus - ok 17:24:07.0961 1580 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 17:24:07.0971 1580 W32Time - ok 17:24:07.0991 1580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 17:24:07.0991 1580 WacomPen - ok 17:24:08.0011 1580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:24:08.0011 1580 WANARP - ok 17:24:08.0011 1580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:24:08.0011 1580 Wanarpv6 - ok 17:24:08.0101 1580 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 17:24:08.0111 1580 WatAdminSvc - ok 17:24:08.0191 1580 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 17:24:08.0201 1580 wbengine - ok 17:24:08.0241 1580 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 17:24:08.0241 1580 WbioSrvc - ok 17:24:08.0281 1580 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 17:24:08.0281 1580 wcncsvc - ok 17:24:08.0291 1580 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 17:24:08.0291 1580 WcsPlugInService - ok 17:24:08.0311 1580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 17:24:08.0311 1580 Wd - ok 17:24:08.0341 1580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:24:08.0351 1580 Wdf01000 - ok 17:24:08.0361 1580 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:24:08.0361 1580 WdiServiceHost - ok 17:24:08.0371 1580 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:24:08.0371 1580 WdiSystemHost - ok 17:24:08.0391 1580 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 17:24:08.0401 1580 WebClient - ok 17:24:08.0421 1580 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 17:24:08.0421 1580 Wecsvc - ok 17:24:08.0431 1580 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 17:24:08.0431 1580 wercplsupport - ok 17:24:08.0441 1580 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 17:24:08.0451 1580 WerSvc - ok 17:24:08.0471 1580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:24:08.0471 1580 WfpLwf - ok 17:24:08.0481 1580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:24:08.0481 1580 WIMMount - ok 17:24:08.0511 1580 WinDefend - ok 17:24:08.0521 1580 WinHttpAutoProxySvc - ok 17:24:08.0551 1580 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 17:24:08.0561 1580 Winmgmt - ok 17:24:08.0641 1580 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 17:24:08.0661 1580 WinRM - ok 17:24:08.0731 1580 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 17:24:08.0751 1580 Wlansvc - ok 17:24:08.0771 1580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 17:24:08.0771 1580 WmiAcpi - ok 17:24:08.0791 1580 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 17:24:08.0791 1580 wmiApSrv - ok 17:24:08.0811 1580 WMPNetworkSvc - ok 17:24:08.0821 1580 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 17:24:08.0821 1580 WPCSvc - ok 17:24:08.0831 1580 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 17:24:08.0831 1580 WPDBusEnum - ok 17:24:08.0841 1580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:24:08.0841 1580 ws2ifsl - ok 17:24:08.0861 1580 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 17:24:08.0861 1580 wscsvc - ok 17:24:08.0861 1580 WSearch - ok 17:24:08.0971 1580 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 17:24:09.0011 1580 wuauserv - ok 17:24:09.0041 1580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 17:24:09.0041 1580 WudfPf - ok 17:24:09.0071 1580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:24:09.0071 1580 WUDFRd - ok 17:24:09.0091 1580 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 17:24:09.0091 1580 wudfsvc - ok 17:24:09.0121 1580 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 17:24:09.0121 1580 WwanSvc - ok 17:24:09.0141 1580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:24:09.0691 1580 \Device\Harddisk0\DR0 - ok 17:24:09.0691 1580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 17:24:09.0741 1580 \Device\Harddisk1\DR1 - ok 17:24:09.0751 1580 Boot (0x1200) (1e99d5fe6d6f7e61a2eb48eef710a68f) \Device\Harddisk0\DR0\Partition0 17:24:09.0751 1580 \Device\Harddisk0\DR0\Partition0 - ok 17:24:09.0751 1580 Boot (0x1200) (c4c5cf2fec5f28c6839d0347877e08e2) \Device\Harddisk1\DR1\Partition0 17:24:09.0751 1580 \Device\Harddisk1\DR1\Partition0 - ok 17:24:09.0751 1580 ============================================================ 17:24:09.0751 1580 Scan finished 17:24:09.0751 1580 ============================================================ 17:24:09.0761 3508 Detected object count: 0 17:24:09.0761 3508 Actual detected object count: 0

#9 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 18 May 2012 - 11:46 PM

TDSSK didn't find anything.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#10 springerider

Authentic Member

Authentic Member
22 posts

Posted 19 May 2012 - 04:14 AM

Here's the ComboFix file as requested: I also had an odd report from "WinPatrol" that hasn't shown up before, it's a apparently new program called "ObjectDelayLoad" and it's found at: C:\Windows\System32\webcheck.dll. Is this something that I should be concerned about, I haven't given it permission to run yet? ComboFix 12-05-19.01 - John-Sandi 1 05/19/2012 5:46.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5707 [GMT -4:00] Running from: c:\users\John-Sandi 1\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll J:\autorun.inf . . ((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 ))))))))))))))))))))))))))))))) . . 2012-05-19 09:57 . 2012-05-19 09:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-05-17 11:07 . 2012-05-17 11:07 -------- d-----w- c:\users\John-Sandi 1\AppData\Local\adawarebp 2012-05-17 11:07 . 2012-05-17 11:07 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-05-17 11:07 . 2012-05-17 11:07 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2012-05-17 11:06 . 2012-05-17 11:07 -------- d-----w- c:\program files (x86)\adawaretb 2012-05-17 11:05 . 2012-05-17 19:54 -------- d-----w- c:\users\John-Sandi 1\AppData\Roaming\Ad-Aware Antivirus 2012-05-10 11:25 . 2012-05-10 11:25 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-10 11:25 . 2012-05-10 11:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-05-10 11:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-10 11:09 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-10 11:09 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-10 11:09 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-10 11:09 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-10 11:09 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-10 11:09 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-10 11:09 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 11:09 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 11:09 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-10 11:09 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-10 11:08 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-10 11:08 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-04-27 00:46 . 2012-05-19 09:43 -------- d-----r- c:\users\John-Sandi 1\SkyDrive 2012-04-27 00:46 . 2012-04-27 00:46 -------- d-----w- c:\programdata\Microsoft SkyDrive . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-29 10:28 . 2012-03-29 10:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-03-29 10:28 . 2011-09-11 23:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-01 06:46 . 2012-04-12 09:02 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-12 09:02 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-12 09:02 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-12 09:02 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-12 09:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-12 09:02 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-12 09:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-12 09:03 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-12 09:03 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-12 09:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-12 09:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-12 09:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-12 09:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-12 09:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-12 09:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-05-15 11:23 208096 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-05-15 11:23 208096 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-05-15 11:23 208096 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "GBMLite8AgentLaCie"="c:\program files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-27 4786048] "SkyDrive"="c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-05-15 296672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-16 9936512] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-02-13 325000] "GBMLite8AgentLaCie"="c:\program files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128] "Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2011-09-26 24216] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableStartupSound"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThumbnailCache"= 1 (0x1) "DisableThumbnailsOnNetworkFolders"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-12 2152688] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-06-13 441344] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472] S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-10 17152] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . Contents of the 'Scheduled Tasks' folder . 2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:28] . 2012-05-18 c:\windows\Tasks\GBM - Easy Layout Backup Job-Full.job - c:\program files (x86)\LaCie\Genie Backup Assistant\GBM8.exe [2011-06-21 14:15] . 2012-05-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-05-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-05-15 11:23 232672 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-05-15 11:23 232672 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-05-15 11:23 232672 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.src=ym&.done=http%3A%2F%2Fca.mc886.mail.yahoo.com%2Fmc%2Fwelcome%3Fswitch%3D1 FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e3da8b4&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire] "AlternateImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zb_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zb_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\program files (x86)\ThreatFire\TFService.exe c:\windows\DAODx.exe c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2012-05-19 06:07:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-19 10:07 . Pre-Run: 922,457,374,720 bytes free Post-Run: 921,855,291,392 bytes free . - - End Of File - - 9E518EF1970FBE978566EBE3AA24E02D

Advertisements

Register to Remove

#11 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 19 May 2012 - 06:46 AM

No it's not something you should be worried about. It's identified as safe. Are you still facing a redirect?

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#12 springerider

Authentic Member

Authentic Member
22 posts

Posted 19 May 2012 - 03:41 PM

Yes I'm still getting a redirect. Here's how it's working. When I open the browser it's fine, any new tabs open directly into "Blekko" search engine page and in the address bar it reads "about: newtab". There is no listing of it in program files, no listing in browser add-ons and I can't find it in the program files. None of the various uninstall methods works because of the above! Every time I do a google search for a way to get rid of it I get redirected to all Blekko pages!!! My initial homepage remains the correct one...just the tabs redirect. I'm getting pretty concerned!!!

#13 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 19 May 2012 - 09:37 PM

Does it happen to only one browser or others as well? What browser are you using?

Please get a new OTL scan log. Please set OTL up this way for the scan.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
UNCheck the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
C:\Documents and Settings\Shopping Report\*.*
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#14 springerider

Authentic Member

Authentic Member
22 posts

Posted 20 May 2012 - 06:21 AM

I never thought to check my other browsers! Neither Opera or IE seem infected! Here's the new report:

OTL logfile created on: 5/20/2012 7:12:20 AM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\John-Sandi 1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 73.67% Memory free
15.99 Gb Paging File | 13.59 Gb Available in Paging File | 84.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 858.20 Gb Free Space | 92.13% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 931.02 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: JOHN-SANDI1-PC | User Name: John-Sandi 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John-Sandi 1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Program Files (x86)\LaCie\Genie Backup Assistant\gs_encryption.dll ()
MOD - C:\Program Files (x86)\LaCie\Genie Backup Assistant\GSLogging.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows ® Server 2003 DDK provider)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 62 06 0A 79 36 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E66F2FCE-5E45-48E2-ABE4-DA04163E15B9}: "URL" = http://search.avg.co...m...y=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.yahoo....lcome?switch=1"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 15:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]

[2011/03/05 11:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Extensions
[2012/05/20 06:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions
[2012/04/21 06:33:22 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/05/17 07:06:57 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/05/17 07:06:59 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/05/20 06:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\staged
[2012/05/18 17:08:45 | 000,005,472 | ---- | M] () -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\searchplugins\startpage-https.xml
[2012/03/15 18:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/31 15:46:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/07/27 12:41:28 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2011/09/09 07:22:40 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2012/03/08 17:01:32 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012/05/10 19:17:31 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/05 09:28:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/22 06:30:28 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011/09/09 07:18:42 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2012/02/01 10:43:34 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/04/27 06:47:00 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/09 21:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/09 21:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/19 06:01:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKCU..\Run: [SkyDrive] C:\Users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B7E865-2EF3-446B-BC3C-9143C51800FE}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 06:07:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/19 06:01:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/19 05:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/19 05:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/19 05:44:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/19 05:44:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/19 05:43:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/19 05:43:08 | 004,498,946 | R--- | C] (Swearware) -- C:\Users\John-Sandi 1\Desktop\ComboFix.exe
[2012/05/18 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\Desktop\tdsskiller
[2012/05/18 05:52:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John-Sandi 1\Desktop\aswMBR.exe
[2012/05/17 16:42:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/05/17 07:07:09 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\AppData\Local\adawarebp
[2012/05/17 07:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/05/17 07:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/05/17 07:05:18 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\AppData\Roaming\Ad-Aware Antivirus
[2012/05/15 07:23:51 | 004,894,432 | ---- | C] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe
[2012/05/10 07:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/10 07:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/10 07:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/10 07:09:16 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 07:09:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 07:09:13 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/10 07:08:54 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/26 20:46:31 | 000,000,000 | R--D | C] -- C:\Users\John-Sandi 1\SkyDrive
[2012/04/26 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

========== Files - Modified Within 30 Days ==========

[2012/05/20 06:59:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 02:50:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/19 18:21:20 | 098,646,037 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/19 18:20:47 | 000,272,498 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/19 06:08:18 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 06:08:18 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 06:06:07 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/19 06:06:07 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/19 06:06:07 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/19 06:01:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/19 06:00:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 06:00:33 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 05:43:14 | 004,498,946 | R--- | M] (Swearware) -- C:\Users\John-Sandi 1\Desktop\ComboFix.exe
[2012/05/19 03:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
[2012/05/18 20:37:24 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/05/18 20:37:24 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/05/18 17:22:25 | 002,107,843 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\tdsskiller.zip
[2012/05/18 06:44:59 | 000,000,546 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\MBR.zip
[2012/05/18 06:35:28 | 000,000,512 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\MBR.dat
[2012/05/18 05:53:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John-Sandi 1\Desktop\aswMBR.exe
[2012/05/18 05:51:38 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\GBM - Easy Layout Backup Job-Full.job
[2012/05/17 16:42:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/05/10 07:19:55 | 000,895,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/26 15:22:55 | 004,894,432 | ---- | M] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe
[2012/04/25 19:10:55 | 000,562,478 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\Employment_Application_ACNB_Bank_Final_093010.pdf

========== Files Created - No Company Name ==========

[2012/05/19 05:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/19 05:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/19 05:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/19 05:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/19 05:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/18 17:22:23 | 002,107,843 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\tdsskiller.zip
[2012/05/18 06:44:59 | 000,000,546 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\MBR.zip
[2012/05/18 06:35:28 | 000,000,512 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\MBR.dat
[2012/05/08 16:48:21 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/08 16:48:20 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
[2012/04/26 21:38:08 | 000,036,490 | ---- | C] () -- C:\Users\John-Sandi 1\Documents\House rules.rtf
[2012/04/26 21:38:08 | 000,004,671 | ---- | C] () -- C:\Users\John-Sandi 1\Documents\HSV.rtf
[2012/04/26 20:46:30 | 000,002,187 | ---- | C] () -- C:\Users\John-Sandi 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/04/25 19:10:52 | 000,562,478 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\Employment_Application_ACNB_Bank_Final_093010.pdf
[2012/02/11 20:25:04 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2011/12/05 13:14:06 | 000,777,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/25 08:35:44 | 000,002,544 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2011/09/25 08:35:44 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/01 12:27:23 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/01 12:27:23 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/03/07 15:26:43 | 000,007,600 | ---- | C] () -- C:\Users\John-Sandi 1\AppData\Local\Resmon.ResmonCfg
[2011/03/01 13:12:18 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/01 13:12:18 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/01 13:11:56 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/01 13:11:56 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7220.DAT
[2011/03/01 13:10:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/01 13:10:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/01 13:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/02/28 12:56:12 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/23 15:46:51 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/23 15:46:51 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/23 15:46:50 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/23 15:46:50 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/02/23 15:22:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/23 15:22:03 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== Custom Scans ==========

< C:\Documents and Settings\Shopping Report\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#15 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 20 May 2012 - 07:58 AM

Let's see if we nailed this one out.

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
[2011/09/09 07:18:42 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2012/02/01 10:43:34 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI

:Commands
[EMPTYFLASH]
[EMPTYTEMP]
[RESETHOSTS]
[CLEARALLRESTOREPOINTS]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

Body Background

skin color theme