Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

2 Pages V   1 2 >  
 Closed TopicStart new topic
> Blekko infection...or? [Solved], I have toolbar I can't find to get rid of!
springerider
post May 17 2012, 03:13 PM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 17-May 12
Member No.: 100,351
Operating System: Windows 7
I've searched high and low to find this toolbar, the only symptoms are a redirection of my homepage to the Blekko search page...so far! I Downloaded OTL and am pasting/posting both notepad files below. The irony is that I got this from Cnet downloading an update to my antivirus!!!

I appreciate your help!!!

John

OTL logfile created on: 5/17/2012 4:44:56 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\John-Sandi 1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.61% Memory free
15.99 Gb Paging File | 12.80 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 857.59 Gb Free Space | 92.06% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 931.02 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: JOHN-SANDI1-PC | User Name: John-Sandi 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John-Sandi 1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\John-Sandi 1\AppData\Local\Temp\63c5c4bd-eaf6-42a8-96a0-7cf728f69de9.exe (Lavasoft Limited)
PRC - C:\Users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()
MOD - C:\Program Files (x86)\LaCie\Genie Backup Assistant\gs_encryption.dll ()
MOD - C:\Program Files (x86)\LaCie\Genie Backup Assistant\GSLogging.dll ()
MOD - C:\Program Files (x86)\Vtune\TBMANAGE.DLL ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 B2 45 7B 38 23 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E66F2FCE-5E45-48E2-ABE4-DA04163E15B9}: "URL" = http://search.avg.com/route/?d=4e3da8b4&am...y=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e3da8b4&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 15:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]

[2011/03/05 11:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Extensions
[2012/05/17 07:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions
[2012/04/21 06:33:22 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/05/17 07:06:57 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/05/17 07:06:59 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/05/15 12:37:01 | 000,005,472 | ---- | M] () -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\searchplugins\startpage-https.xml
[2012/03/15 18:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/31 15:46:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/07/27 12:41:28 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2011/09/09 07:22:40 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2012/03/08 17:01:32 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012/05/10 19:17:31 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/05 09:28:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/22 06:30:28 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011/09/09 07:18:42 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2012/02/01 10:43:34 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/04/27 06:47:00 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/09 21:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/09 21:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/06 19:15:07 | 000,442,891 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15215 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKCU..\Run: [SkyDrive] C:\Users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B7E865-2EF3-446B-BC3C-9143C51800FE}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/12 07:56:09 | 000,000,033 | -HS- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 16:42:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/05/17 07:07:09 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\AppData\Local\adawarebp
[2012/05/17 07:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/05/17 07:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/05/17 07:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/05/17 07:05:18 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\AppData\Roaming\Ad-Aware Antivirus
[2012/05/17 06:43:10 | 006,236,280 | ---- | C] (Lavasoft Limited) -- C:\Users\John-Sandi 1\Desktop\Adaware_Installer.exe
[2012/05/15 07:23:51 | 004,894,432 | ---- | C] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe
[2012/05/10 07:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/10 07:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/10 07:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/10 07:09:16 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 07:09:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 07:09:13 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/10 07:08:54 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/26 20:46:31 | 000,000,000 | R--D | C] -- C:\Users\John-Sandi 1\SkyDrive
[2012/04/26 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

========== Files - Modified Within 30 Days ==========

[2012/05/17 16:42:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/05/17 15:59:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/17 10:50:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/17 08:54:20 | 098,466,176 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/17 06:43:21 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Users\John-Sandi 1\Desktop\Adaware_Installer.exe
[2012/05/16 03:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
[2012/05/14 20:34:47 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/05/14 20:34:47 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/05/11 05:46:31 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\GBM - Easy Layout Backup Job-Full.job
[2012/05/11 00:04:05 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 00:04:05 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 17:17:59 | 000,270,798 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/10 07:25:19 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/10 07:25:19 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/10 07:25:19 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/10 07:20:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/10 07:19:55 | 000,895,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 07:19:44 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 19:15:07 | 000,442,891 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/26 15:22:55 | 004,894,432 | ---- | M] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe
[2012/04/25 19:10:55 | 000,562,478 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\Employment_Application_ACNB_Bank_Final_093010.pdf
[2012/04/18 17:58:19 | 000,442,793 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120506-191507.backup

========== Files Created - No Company Name ==========

[2012/05/08 16:48:21 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/08 16:48:20 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
[2012/04/26 21:38:08 | 000,036,490 | ---- | C] () -- C:\Users\John-Sandi 1\Documents\House rules.rtf
[2012/04/26 21:38:08 | 000,004,671 | ---- | C] () -- C:\Users\John-Sandi 1\Documents\HSV.rtf
[2012/04/26 20:46:30 | 000,002,187 | ---- | C] () -- C:\Users\John-Sandi 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/04/25 19:10:52 | 000,562,478 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\Employment_Application_ACNB_Bank_Final_093010.pdf
[2012/02/11 20:25:04 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2011/12/05 13:14:06 | 000,777,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/25 08:35:44 | 000,002,544 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2011/09/25 08:35:44 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/01 12:27:23 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/01 12:27:23 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/03/07 15:26:43 | 000,007,600 | ---- | C] () -- C:\Users\John-Sandi 1\AppData\Local\Resmon.ResmonCfg
[2011/03/01 13:12:18 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/01 13:12:18 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/01 13:11:56 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/01 13:11:56 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7220.DAT
[2011/03/01 13:10:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/01 13:10:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/01 13:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/02/28 12:56:12 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/23 15:46:51 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/23 15:46:51 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/23 15:46:50 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/23 15:46:50 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/02/23 15:22:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/23 15:22:03 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2012/05/17 15:54:46 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Ad-Aware Antivirus
[2011/03/15 16:04:39 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Auslogics
[2011/08/07 09:48:00 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\AVG
[2011/09/26 12:29:03 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\AVG2012
[2012/04/08 18:07:16 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Encore
[2011/08/22 17:55:34 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Garmin
[2011/05/12 08:09:09 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Genie-Soft
[2011/03/01 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\ImgBurn
[2012/04/03 20:42:05 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\OfficeRecovery
[2011/02/27 17:41:21 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Opera
[2012/04/03 21:35:28 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\PandoraRecovery
[2011/03/01 12:36:00 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Temp
[2011/02/27 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\WinPatrol
[2011/11/30 08:23:48 | 000,000,000 | ---D | M] -- C:\Users\John-Sandi 1\AppData\Roaming\Zoner
[2012/05/11 05:46:31 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\GBM - Easy Layout Backup Job-Full.job
[2012/04/18 18:05:03 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/17 10:50:00 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/16 03:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/05/10 07:19:41 | 000,024,636 | ---- | M] () -- C:\aaw7boot.log
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/10/23 06:20:11 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/05/10 07:19:44 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 07:19:43 | 4293,058,559 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/05 21:13:35 | 000,000,221 | -HS- | M] () -- C:\Users\John-Sandi 1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/05/17 06:43:21 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Users\John-Sandi 1\Desktop\Adaware_Installer.exe
[2012/05/17 16:42:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/04/26 15:22:55 | 004,894,432 | ---- | M] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 5/17/2012 4:44:56 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\John-Sandi 1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.61% Memory free
15.99 Gb Paging File | 12.80 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 857.59 Gb Free Space | 92.06% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 931.02 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: JOHN-SANDI1-PC | User Name: John-Sandi 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039321A6-4914-415C-856C-F0E230595857}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{047B0F73-0903-4A5E-9D59-587C33BC012F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{06365F86-9428-42FC-BC5A-3EFFB9EA176A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31B999CD-9744-4F02-B8CE-E3A9C049EFE9}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{40B6F76B-B307-41D1-88D6-69C82621D198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{443AF4DD-6A2A-4888-9580-3F5B9E2E20E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4933CD35-D6E9-4AF6-BB6E-8B0CAB70217D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4E1F1B13-0C5D-429B-BD03-9831B1D2E96B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4E21A516-BC2C-428E-A64F-B4E86FD2A285}" = lport=445 | protocol=6 | dir=in | app=system |
"{528F3703-6E1C-4101-BE56-047CA2FB7AEE}" = rport=137 | protocol=17 | dir=out | app=system |
"{56DE3F8E-B83D-4BFD-ABBD-B3D52F09B2FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62DA85FD-6409-416E-A6BB-A3E12CE9581E}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D55EB7C-1E36-41FB-BDE0-14B771BAE826}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DAE00CA-9746-4C22-A446-EEEF9D0D2FD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F03C11B-1A61-42C1-BBD5-8B410297CCB9}" = lport=139 | protocol=6 | dir=in | app=system |
"{740932B6-7D85-4172-8487-0DF9438874D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{75E0AB4D-F9B1-4419-8D5C-1FFD1B17D95B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7C1A9968-4E68-44C3-A997-E1C7F08916A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F65AD97-F6E7-4970-A38B-209316B296AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87FB8789-5726-4EC4-A42C-17CFD73ED163}" = rport=445 | protocol=6 | dir=out | app=system |
"{95ACCCD1-295F-4AC4-A4BE-74343D02A686}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B68E2BEE-2B50-47DD-BA2E-DC3801CFFCAC}" = rport=139 | protocol=6 | dir=out | app=system |
"{CCA1B678-3DF4-4B64-88A2-F615BE4F8F0C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{D5C37862-A862-47CB-804F-1C487400F61D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC05426B-B003-466F-88E8-FCAC7D4EE4A7}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{EAEA3C3D-6681-45E1-AFC9-6EB0899F5196}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F6C0BDA8-984A-48BD-A711-B469FA985988}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE017094-71CE-436B-A0B1-528D7A133BD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE7106FE-B4AA-45CA-9C05-32BD073BE579}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BDFAB4-C46B-4F1C-A28F-59B9D3589961}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{087F02F2-F075-43E7-9AA9-57F2C5074486}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{0B48AAC5-2C82-4DB5-B601-05A57B796109}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2DC9EE4C-33B3-4D10-8B02-397728368D25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3035B0DB-1D8D-4D0D-B850-AB28C7D80729}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{381109A5-871F-4FD3-9B33-5FC15BDBA7B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38D39A63-58D5-4A10-A0F9-ADE144A5A71A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{41534830-08EF-467C-9CCD-246362E9E871}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{420A8EA2-6364-44B0-B62B-E7A8E0AE1318}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4659840A-D230-4119-823E-6C72EA161050}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EA797C0-61B8-49AD-A26F-9C1B90A6D8B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{54A5B399-7D3A-458A-84D5-3388AEC1B889}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{556281DC-3809-4890-93A0-559A52287814}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5CECF4F9-D0B6-47D6-B035-ECDEDBD7D60F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C1EC2CF-730C-4A82-8396-368F3EE9BB86}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{71CA602F-CE17-472D-8F41-F0EBF1F73C38}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{796A6C28-4267-4774-9BA7-F6265456E8F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{79BA28C2-6280-4869-8A15-6AE992D3772D}" = protocol=6 | dir=out | app=system |
"{79DEA9C3-D1F5-4497-94BF-67D75784014F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8209EB7F-CCBB-43DB-96DF-B2587B269E98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F4E7AE7-4274-49E1-996C-376D5B7C7CBB}" = protocol=6 | dir=in | app=c:\program files (x86)\electric quilt company\eq6\eq6.exe |
"{9AA7A9D3-FAB3-43D6-8AC8-6DFDC9E182D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9BFAA8E8-B87A-4E9E-9D11-C952FFCBA8E8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9D8DEAD2-6BE8-4F78-A26F-C9D12A624539}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A03C4A93-CACF-4CFB-98FD-E6B26B5FA03E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6B503E7-8D21-462A-8AAD-E4D9CDA8C27B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ADC764E5-B517-4D44-9ABC-DA801FE6CD3A}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{B261112F-6208-41A3-9084-170BB8F7A74D}" = protocol=17 | dir=in | app=c:\program files (x86)\electric quilt company\eq6\eq6.exe |
"{BCD79B83-BDC2-4188-997C-039A870DBA34}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{BFBC976A-FF58-47D0-9C56-BE62356CEA67}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C5219971-39C5-46E8-B7D3-F6A04600D19F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CF2CE366-5419-4967-A51F-959D0EF614FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE0C752-D4F6-419B-AF41-9945F44980FC}" = protocol=6 | dir=in | app=c:\users\john-sandi 1\appdata\local\microsoft\skydrive\skydrive.exe |
"{D29C1ECE-5CF8-4CC5-B41D-8FC2487EC124}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DAE91020-D70A-4657-A199-422F65ED2B0C}" = protocol=17 | dir=in | app=c:\users\john-sandi 1\appdata\local\microsoft\skydrive\skydrive.exe |
"{E9C0A420-C47F-4802-ADE5-1AF4F94AEF68}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{EA946695-1628-416A-9D1D-BC5B218CCE20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFD14F64-5B8D-44E1-A470-CC1FEF43A738}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{FB6F3AC3-AEBF-4B7B-86F3-A7F496DC100C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Office14.SingleImage" = Microsoft Office Professional 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0FABBA-6F8D-4087-B0FB-BF8AB57A0FEF}" = BackupManager
"{1A22A15D-E88A-427A-90E2-137245143239}" = Garmin Lifetime Updater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2C3060F6-F0DC-4F63-A70F-2070BE57EEDC}" = The Print Shop 3.0 Fonts
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{49B3B2D8-3429-492D-BAB5-5542048D5030}" = The Print Shop 3.0 Deluxe
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 3.0.0.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7220
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}" = EQ6
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ImgBurn" = ImgBurn
"Info Center_is1" = Info Center 1.0.0.7
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}" = EQ6
"Mozilla Firefox 10.0.4 (x86 en-US)" = Mozilla Firefox 10.0.4 (x86 en-US)
"MySSID_is1" = Vtune 7.12
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.62.1347" = Opera 11.62
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SpywareBlaster_is1" = SpywareBlaster 4.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/16/2012 5:54:17 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 22
Description =

Error - 3/16/2012 5:54:17 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 8193
Description =

Error - 3/23/2012 5:49:40 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 22
Description =

Error - 3/23/2012 5:49:40 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 8193
Description =

Error - 3/25/2012 12:30:35 AM | Computer Name = John-Sandi1-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/28/2012 12:30:12 AM | Computer Name = John-Sandi1-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/30/2012 12:30:43 AM | Computer Name = John-Sandi1-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/30/2012 5:57:32 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 22
Description =

Error - 3/30/2012 5:57:32 AM | Computer Name = John-Sandi1-PC | Source = VSS | ID = 8193
Description =

Error - 3/30/2012 12:14:59 PM | Computer Name = John-Sandi1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TFService.exe, version: 4.11.2.22, time
stamp: 0x4d63252f Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time
stamp: 0x4dcddbf3 Exception code: 0xc000000d Fault offset: 0x00014ba1 Faulting process
id: 0x8f0 Faulting application start time: 0x01cd0e79ef446328 Faulting application
path: C:\Program Files (x86)\ThreatFire\TFService.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9
a\MSVCR80.dll
Report
Id: 7f1b33da-7a83-11e1-b993-bcaec5309dd8

[ System Events ]
Error - 4/15/2012 1:00:36 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/15/2012 1:01:06 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/18/2012 6:05:02 PM | Computer Name = John-Sandi1-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:02:46 PM on ?4/?18/?2012 was unexpected.

Error - 4/18/2012 6:05:04 PM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 4/22/2012 1:00:37 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/22/2012 1:01:07 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/29/2012 1:00:32 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 4/29/2012 1:01:02 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 5/6/2012 1:00:32 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.

Error - 5/6/2012 1:01:02 AM | Computer Name = John-Sandi1-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Kodak AiO Network Discovery Service service.


< End of report >
Go to the top of the page
 
+Quote Post
Conspire
post May 17 2012, 10:12 PM
Post #2


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 4,463
Joined: 8-August 08
From: Malaysia
Member No.: 80,830
Operating System: Windows 7 Ultimate, Linux Ubuntu 12.10
QUOTE
**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. smile.gif


Hello there, John

welcome.gif

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.


IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Go to the top of the page
 
+Quote Post
Conspire
post May 17 2012, 10:13 PM
Post #3


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 4,463
Joined: 8-August 08
From: Malaysia
Member No.: 80,830
Operating System: Windows 7 Ultimate, Linux Ubuntu 12.10
Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
Go to the top of the page
 
+Quote Post
springerider
post May 18 2012, 03:52 AM
Post #4


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 17-May 12
Member No.: 100,351
Operating System: Windows 7
QUOTE (Conspire @ May 18 2012, 12:13 AM) *
Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Hello Conspire, thanks for responding! I'll do just as you ask but it will be later today...work calls.

Thanks again,
John
Go to the top of the page
 
+Quote Post
springerider
post May 18 2012, 04:45 AM
Post #5


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 17-May 12
Member No.: 100,351
Operating System: Windows 7
Thanks...here are the files as requested.

John

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-18 06:33:59
-----------------------------
06:33:59.751 OS Version: Windows x64 6.1.7601 Service Pack 1
06:33:59.751 Number of processors: 4 586 0x403
06:33:59.752 ComputerName: JOHN-SANDI1-PC UserName: John-Sandi 1
06:34:02.323 Initialize success
06:34:59.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:34:59.391 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
06:34:59.406 Disk 0 MBR read successfully
06:34:59.407 Disk 0 MBR scan
06:34:59.409 Disk 0 Windows 7 default MBR code
06:34:59.413 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
06:34:59.415 Disk 0 scanning C:\Windows\system32\drivers
06:35:03.578 Service scanning
06:35:11.737 Modules scanning
06:35:11.740 Disk 0 trace - called modules:
06:35:11.755 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
06:35:11.758 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b58060]
06:35:11.760 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007aa79b0]
06:35:11.762 5 ACPI.sys[fffff88000f547a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b59680]
06:35:12.091 Scan finished successfully
06:35:28.942 Disk 0 MBR has been saved successfully to "C:\Users\John-Sandi 1\Desktop\MBR.dat"
06:35:28.945 The log file has been saved successfully to "C:\Users\John-Sandi 1\Desktop\aswMBR.txt"



Attached File(s)
Attached File  MBR.zip ( 546bytes ) Number of downloads: 68
 
Go to the top of the page
 
+Quote Post
Conspire
post May 18 2012, 06:13 AM
Post #6


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 4,463
Joined: 8-August 08
From: Malaysia
Member No.: 80,830
Operating System: Windows 7 Ultimate, Linux Ubuntu 12.10
Hello,

Thanks smile.gif

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
Go to the top of the page
 
+Quote Post
springerider
post May 18 2012, 03:28 PM
Post #7


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 17-May 12
Member No.: 100,351
Operating System: Windows 7
Sorry...I have no idea of where to go to find or get to that file:

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

We are going to dinner and will check in when I get back...however the scan showed 0 results! My browser is still being hijacked.

Thanks,
John
Go to the top of the page
 
+Quote Post
springerider
post May 18 2012, 05:45 PM
Post #8


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 17-May 12
Member No.: 100,351
Operating System: Windows 7
I found it! Here you go...

17:23:18.0413 3268 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
17:23:18.0743 3268 ============================================================
17:23:18.0743 3268 Current date / time: 2012/05/18 17:23:18.0743
17:23:18.0743 3268 SystemInfo:
17:23:18.0743 3268
17:23:18.0743 3268 OS Version: 6.1.7601 ServicePack: 1.0
17:23:18.0743 3268 Product type: Workstation
17:23:18.0743 3268 ComputerName: JOHN-SANDI1-PC
17:23:18.0743 3268 UserName: John-Sandi 1
17:23:18.0743 3268 Windows directory: C:\Windows
17:23:18.0743 3268 System windows directory: C:\Windows
17:23:18.0743 3268 Running under WOW64
17:23:18.0743 3268 Processor architecture: Intel x64
17:23:18.0743 3268 Number of processors: 4
17:23:18.0743 3268 Page size: 0x1000
17:23:18.0743 3268 Boot type: Normal boot
17:23:18.0743 3268 ============================================================
17:23:19.0863 3268 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:23:19.0863 3268 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:23:29.0893 3268 ============================================================
17:23:29.0893 3268 \Device\Harddisk0\DR0:
17:23:29.0893 3268 MBR partitions:
17:23:29.0893 3268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
17:23:29.0893 3268 \Device\Harddisk1\DR1:
17:23:29.0893 3268 MBR partitions:
17:23:29.0893 3268 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:23:29.0893 3268 ============================================================
17:23:29.0903 3268 C: <-> \Device\Harddisk0\DR0\Partition0
17:23:29.0923 3268 J: <-> \Device\Harddisk1\DR1\Partition0
17:23:29.0923 3268 ============================================================
17:23:29.0923 3268 Initialize success
17:23:29.0923 3268 ============================================================
17:23:31.0533 5624 ============================================================
17:23:31.0533 5624 Scan started
17:23:31.0533 5624 Mode: Manual;
17:23:31.0533 5624 ============================================================
17:23:31.0983 5624 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:23:31.0993 5624 !SASCORE - ok
17:23:32.0083 5624 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:23:32.0083 5624 1394ohci - ok
17:23:32.0113 5624 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:23:32.0123 5624 ACPI - ok
17:23:32.0143 5624 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:23:32.0143 5624 AcpiPmi - ok
17:23:32.0193 5624 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:23:32.0203 5624 AdobeARMservice - ok
17:23:32.0273 5624 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:23:32.0283 5624 AdobeFlashPlayerUpdateSvc - ok
17:23:32.0323 5624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:23:32.0323 5624 adp94xx - ok
17:23:32.0363 5624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:23:32.0363 5624 adpahci - ok
17:23:32.0393 5624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:23:32.0393 5624 adpu320 - ok
17:23:32.0413 5624 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:23:32.0413 5624 AeLookupSvc - ok
17:23:32.0463 5624 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:23:32.0463 5624 AFD - ok
17:23:32.0483 5624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:23:32.0493 5624 agp440 - ok
17:23:32.0493 5624 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:23:32.0493 5624 ALG - ok
17:23:32.0503 5624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:23:32.0503 5624 aliide - ok
17:23:32.0513 5624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:23:32.0513 5624 amdide - ok
17:23:32.0533 5624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:23:32.0533 5624 AmdK8 - ok
17:23:32.0543 5624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:23:32.0543 5624 AmdPPM - ok
17:23:32.0553 5624 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
17:23:32.0553 5624 amdsata - ok
17:23:32.0583 5624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:23:32.0583 5624 amdsbs - ok
17:23:32.0593 5624 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
17:23:32.0593 5624 amdxata - ok
17:23:32.0633 5624 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:23:32.0633 5624 AppID - ok
17:23:32.0643 5624 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:23:32.0643 5624 AppIDSvc - ok
17:23:32.0673 5624 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:23:32.0683 5624 Appinfo - ok
17:23:32.0703 5624 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:23:32.0713 5624 AppMgmt - ok
17:23:32.0713 5624 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:23:32.0713 5624 arc - ok
17:23:32.0733 5624 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:23:32.0733 5624 arcsas - ok
17:23:32.0783 5624 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
17:23:32.0783 5624 AsIO - ok
17:23:32.0843 5624 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:23:32.0843 5624 aspnet_state - ok
17:23:32.0873 5624 AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
17:23:32.0873 5624 AsSysCtrlService - ok
17:23:32.0893 5624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:23:32.0893 5624 AsyncMac - ok
17:23:32.0903 5624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:23:32.0903 5624 atapi - ok
17:23:32.0923 5624 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:23:32.0923 5624 AtiPcie - ok
17:23:32.0973 5624 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:23:32.0993 5624 AudioEndpointBuilder - ok
17:23:32.0993 5624 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:23:32.0993 5624 AudioSrv - ok
17:23:33.0163 5624 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:23:33.0223 5624 AVGIDSAgent - ok
17:23:33.0323 5624 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
17:23:33.0323 5624 AVGIDSDriver - ok
17:23:33.0333 5624 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
17:23:33.0333 5624 AVGIDSEH - ok
17:23:33.0343 5624 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
17:23:33.0343 5624 AVGIDSFilter - ok
17:23:33.0363 5624 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
17:23:33.0363 5624 Avgldx64 - ok
17:23:33.0373 5624 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:23:33.0373 5624 Avgmfx64 - ok
17:23:33.0393 5624 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:23:33.0393 5624 Avgrkx64 - ok
17:23:33.0433 5624 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
17:23:33.0433 5624 Avgtdia - ok
17:23:33.0463 5624 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:23:33.0463 5624 avgwd - ok
17:23:33.0463 5624 Scan interrupted by user!
17:23:33.0463 5624 Scan interrupted by user!
17:23:33.0463 5624 Scan interrupted by user!
17:23:33.0463 5624 ============================================================
17:23:33.0463 5624 Scan finished
17:23:33.0463 5624 ============================================================
17:23:33.0473 3056 Detected object count: 0
17:23:33.0473 3056 Actual detected object count: 0
17:23:55.0301 1580 ============================================================
17:23:55.0301 1580 Scan started
17:23:55.0301 1580 Mode: Manual; TDLFS;
17:23:55.0301 1580 ============================================================
17:23:55.0561 1580 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:23:55.0561 1580 !SASCORE - ok
17:23:55.0591 1580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:23:55.0601 1580 1394ohci - ok
17:23:55.0611 1580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:23:55.0621 1580 ACPI - ok
17:23:55.0641 1580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:23:55.0641 1580 AcpiPmi - ok
17:23:55.0691 1580 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:23:55.0691 1580 AdobeARMservice - ok
17:23:55.0751 1580 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:23:55.0751 1580 AdobeFlashPlayerUpdateSvc - ok
17:23:55.0781 1580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:23:55.0781 1580 adp94xx - ok
17:23:55.0811 1580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:23:55.0811 1580 adpahci - ok
17:23:55.0841 1580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:23:55.0841 1580 adpu320 - ok
17:23:55.0861 1580 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:23:55.0871 1580 AeLookupSvc - ok
17:23:55.0901 1580 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:23:55.0901 1580 AFD - ok
17:23:55.0941 1580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:23:55.0941 1580 agp440 - ok
17:23:55.0951 1580 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:23:55.0951 1580 ALG - ok
17:23:55.0961 1580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:23:55.0961 1580 aliide - ok
17:23:55.0971 1580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:23:55.0971 1580 amdide - ok
17:23:55.0981 1580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:23:55.0991 1580 AmdK8 - ok
17:23:56.0001 1580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:23:56.0001 1580 AmdPPM - ok
17:23:56.0011 1580 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
17:23:56.0011 1580 amdsata - ok
17:23:56.0031 1580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:23:56.0031 1580 amdsbs - ok
17:23:56.0041 1580 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
17:23:56.0041 1580 amdxata - ok
17:23:56.0061 1580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:23:56.0061 1580 AppID - ok
17:23:56.0071 1580 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:23:56.0081 1580 AppIDSvc - ok
17:23:56.0101 1580 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:23:56.0101 1580 Appinfo - ok
17:23:56.0121 1580 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:23:56.0121 1580 AppMgmt - ok
17:23:56.0131 1580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:23:56.0131 1580 arc - ok
17:23:56.0141 1580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:23:56.0141 1580 arcsas - ok
17:23:56.0181 1580 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
17:23:56.0181 1580 AsIO - ok
17:23:56.0231 1580 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:23:56.0231 1580 aspnet_state - ok
17:23:56.0251 1580 AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
17:23:56.0251 1580 AsSysCtrlService - ok
17:23:56.0261 1580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:23:56.0261 1580 AsyncMac - ok
17:23:56.0271 1580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:23:56.0271 1580 atapi - ok
17:23:56.0281 1580 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:23:56.0281 1580 AtiPcie - ok
17:23:56.0321 1580 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:23:56.0331 1580 AudioEndpointBuilder - ok
17:23:56.0331 1580 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:23:56.0331 1580 AudioSrv - ok
17:23:56.0501 1580 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:23:56.0521 1580 AVGIDSAgent - ok
17:23:56.0591 1580 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
17:23:56.0591 1580 AVGIDSDriver - ok
17:23:56.0601 1580 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
17:23:56.0601 1580 AVGIDSEH - ok
17:23:56.0601 1580 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
17:23:56.0611 1580 AVGIDSFilter - ok
17:23:56.0621 1580 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
17:23:56.0631 1580 Avgldx64 - ok
17:23:56.0641 1580 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:23:56.0641 1580 Avgmfx64 - ok
17:23:56.0651 1580 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:23:56.0651 1580 Avgrkx64 - ok
17:23:56.0691 1580 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
17:23:56.0691 1580 Avgtdia - ok
17:23:56.0721 1580 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:23:56.0721 1580 avgwd - ok
17:23:56.0741 1580 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:23:56.0741 1580 AxInstSV - ok
17:23:56.0781 1580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:23:56.0781 1580 b06bdrv - ok
17:23:56.0831 1580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:23:56.0841 1580 b57nd60a - ok
17:23:56.0861 1580 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:23:56.0861 1580 BDESVC - ok
17:23:56.0871 1580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:23:56.0871 1580 Beep - ok
17:23:56.0941 1580 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:23:56.0971 1580 BFE - ok
17:23:57.0011 1580 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:23:57.0031 1580 BITS - ok
17:23:57.0051 1580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:23:57.0051 1580 blbdrive - ok
17:23:57.0081 1580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:23:57.0081 1580 bowser - ok
17:23:57.0091 1580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:23:57.0091 1580 BrFiltLo - ok
17:23:57.0101 1580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:23:57.0101 1580 BrFiltUp - ok
17:23:57.0121 1580 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:23:57.0121 1580 Browser - ok
17:23:57.0151 1580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
17:23:57.0151 1580 Brserid - ok
17:23:57.0171 1580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:23:57.0171 1580 BrSerWdm - ok
17:23:57.0181 1580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:23:57.0181 1580 BrUsbMdm - ok
17:23:57.0181 1580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
17:23:57.0191 1580 BrUsbSer - ok
17:23:57.0201 1580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:23:57.0201 1580 BTHMODEM - ok
17:23:57.0211 1580 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:23:57.0211 1580 bthserv - ok
17:23:57.0291 1580 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
17:23:57.0291 1580 Cardex - ok
17:23:57.0301 1580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:23:57.0301 1580 cdfs - ok
17:23:57.0331 1580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:23:57.0331 1580 cdrom - ok
17:23:57.0361 1580 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:23:57.0361 1580 CertPropSvc - ok
17:23:57.0371 1580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:23:57.0371 1580 circlass - ok
17:23:57.0401 1580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:23:57.0401 1580 CLFS - ok
17:23:57.0441 1580 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:23:57.0441 1580 clr_optimization_v2.0.50727_32 - ok
17:23:57.0451 1580 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:23:57.0451 1580 clr_optimization_v2.0.50727_64 - ok
17:23:57.0501 1580 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:23:57.0501 1580 clr_optimization_v4.0.30319_32 - ok
17:23:57.0531 1580 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:23:57.0551 1580 clr_optimization_v4.0.30319_64 - ok
17:23:57.0561 1580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:23:57.0561 1580 CmBatt - ok
17:23:57.0581 1580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:23:57.0581 1580 cmdide - ok
17:23:57.0621 1580 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:23:57.0631 1580 CNG - ok
17:23:57.0641 1580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:23:57.0641 1580 Compbatt - ok
17:23:57.0671 1580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:23:57.0671 1580 CompositeBus - ok
17:23:57.0681 1580 COMSysApp - ok
17:23:57.0701 1580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:23:57.0701 1580 crcdisk - ok
17:23:57.0731 1580 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:23:57.0731 1580 CryptSvc - ok
17:23:57.0771 1580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:23:57.0771 1580 CSC - ok
17:23:57.0831 1580 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:23:57.0841 1580 CscService - ok
17:23:57.0881 1580 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:23:57.0891 1580 DcomLaunch - ok
17:23:57.0941 1580 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:23:57.0941 1580 defragsvc - ok
17:23:57.0981 1580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:23:57.0981 1580 DfsC - ok
17:23:58.0001 1580 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:23:58.0001 1580 Dhcp - ok
17:23:58.0021 1580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:23:58.0021 1580 discache - ok
17:23:58.0051 1580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:23:58.0051 1580 Disk - ok
17:23:58.0081 1580 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:23:58.0081 1580 Dnscache - ok
17:23:58.0111 1580 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:23:58.0121 1580 dot3svc - ok
17:23:58.0141 1580 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:23:58.0151 1580 DPS - ok
17:23:58.0161 1580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:23:58.0161 1580 drmkaud - ok
17:23:58.0211 1580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:23:58.0221 1580 DXGKrnl - ok
17:23:58.0241 1580 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:23:58.0251 1580 EapHost - ok
17:23:58.0361 1580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:23:58.0401 1580 ebdrv - ok
17:23:58.0471 1580 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:23:58.0471 1580 EFS - ok
17:23:58.0521 1580 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:23:58.0531 1580 ehRecvr - ok
17:23:58.0551 1580 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:23:58.0551 1580 ehSched - ok
17:23:58.0591 1580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:23:58.0591 1580 elxstor - ok
17:23:58.0621 1580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:23:58.0621 1580 ErrDev - ok
17:23:58.0641 1580 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:23:58.0651 1580 EventSystem - ok
17:23:58.0671 1580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:23:58.0681 1580 exfat - ok
17:23:58.0691 1580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:23:58.0691 1580 fastfat - ok
17:23:58.0751 1580 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:23:58.0761 1580 Fax - ok
17:23:58.0771 1580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:23:58.0781 1580 fdc - ok
17:23:58.0791 1580 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:23:58.0791 1580 fdPHost - ok
17:23:58.0801 1580 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:23:58.0801 1580 FDResPub - ok
17:23:58.0821 1580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:23:58.0821 1580 FileInfo - ok
17:23:58.0821 1580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:23:58.0821 1580 Filetrace - ok
17:23:58.0831 1580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:23:58.0831 1580 flpydisk - ok
17:23:58.0871 1580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:23:58.0871 1580 FltMgr - ok
17:23:58.0931 1580 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:23:58.0941 1580 FontCache - ok
17:23:59.0011 1580 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:23:59.0011 1580 FontCache3.0.0.0 - ok
17:23:59.0021 1580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:23:59.0021 1580 FsDepends - ok
17:23:59.0041 1580 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:23:59.0041 1580 Fs_Rec - ok
17:23:59.0071 1580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:23:59.0071 1580 fvevol - ok
17:23:59.0081 1580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:23:59.0081 1580 gagp30kx - ok
17:23:59.0131 1580 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:23:59.0141 1580 gpsvc - ok
17:23:59.0151 1580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:23:59.0151 1580 hcw85cir - ok
17:23:59.0191 1580 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:23:59.0201 1580 HdAudAddService - ok
17:23:59.0231 1580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:23:59.0231 1580 HDAudBus - ok
17:23:59.0241 1580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:23:59.0241 1580 HidBatt - ok
17:23:59.0261 1580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:23:59.0261 1580 HidBth - ok
17:23:59.0271 1580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:23:59.0271 1580 HidIr - ok
17:23:59.0271 1580 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:23:59.0271 1580 hidserv - ok
17:23:59.0301 1580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:23:59.0301 1580 HidUsb - ok
17:23:59.0331 1580 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:23:59.0331 1580 hkmsvc - ok
17:23:59.0351 1580 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:23:59.0351 1580 HomeGroupListener - ok
17:23:59.0371 1580 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:23:59.0381 1580 HomeGroupProvider - ok
17:23:59.0391 1580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:23:59.0391 1580 HpSAMD - ok
17:23:59.0431 1580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:23:59.0431 1580 HTTP - ok
17:23:59.0461 1580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:23:59.0461 1580 hwpolicy - ok
17:23:59.0471 1580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:23:59.0471 1580 i8042prt - ok
17:23:59.0511 1580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:23:59.0511 1580 iaStorV - ok
17:23:59.0591 1580 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:23:59.0591 1580 IDriverT - ok
17:23:59.0651 1580 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:23:59.0651 1580 idsvc - ok
17:23:59.0711 1580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:23:59.0711 1580 iirsp - ok
17:23:59.0751 1580 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:23:59.0761 1580 IKEEXT - ok
17:23:59.0861 1580 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
17:23:59.0871 1580 IntcAzAudAddService - ok
17:23:59.0941 1580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:23:59.0941 1580 intelide - ok
17:23:59.0961 1580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:23:59.0961 1580 intelppm - ok
17:23:59.0971 1580 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:23:59.0971 1580 IPBusEnum - ok
17:23:59.0981 1580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:23:59.0981 1580 IpFilterDriver - ok
17:24:00.0021 1580 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:24:00.0031 1580 iphlpsvc - ok
17:24:00.0041 1580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:24:00.0041 1580 IPMIDRV - ok
17:24:00.0061 1580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:24:00.0061 1580 IPNAT - ok
17:24:00.0081 1580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:24:00.0081 1580 IRENUM - ok
17:24:00.0091 1580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:24:00.0091 1580 isapnp - ok
17:24:00.0121 1580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:24:00.0131 1580 iScsiPrt - ok
17:24:00.0151 1580 JRAID (4a8a242fda43765f4f73ecde2ba0d62a) C:\Windows\system32\DRIVERS\jraid.sys
17:24:00.0151 1580 JRAID - ok
17:24:00.0171 1580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:24:00.0171 1580 kbdclass - ok
17:24:00.0181 1580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:24:00.0181 1580 kbdhid - ok
17:24:00.0211 1580 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:24:00.0211 1580 KeyIso - ok
17:24:00.0271 1580 Kodak AiO Network Discovery Service (3d1e2d4a75bb4230b0cee140b5585dcd) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
17:24:00.0281 1580 Kodak AiO Network Discovery Service - ok
17:24:00.0281 1580 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:24:00.0281 1580 KSecDD - ok
17:24:00.0301 1580 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:24:00.0301 1580 KSecPkg - ok
17:24:00.0311 1580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:24:00.0311 1580 ksthunk - ok
17:24:00.0331 1580 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:24:00.0331 1580 KtmRm - ok
17:24:00.0361 1580 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:24:00.0361 1580 LanmanServer - ok
17:24:00.0391 1580 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:24:00.0391 1580 LanmanWorkstation - ok
17:24:00.0491 1580 Lavasoft Ad-Aware Service (93b3ef77866490c7daba054f6cbfcd51) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
17:24:00.0511 1580 Lavasoft Ad-Aware Service - ok
17:24:00.0541 1580 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:24:00.0541 1580 Lavasoft Kernexplorer - ok
17:24:00.0581 1580 Lbd - ok
17:24:00.0601 1580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:24:00.0601 1580 lltdio - ok
17:24:00.0621 1580 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:24:00.0621 1580 lltdsvc - ok
17:24:00.0631 1580 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:24:00.0631 1580 lmhosts - ok
17:24:00.0661 1580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:24:00.0661 1580 LSI_FC - ok
17:24:00.0681 1580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:24:00.0681 1580 LSI_SAS - ok
17:24:00.0691 1580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:24:00.0691 1580 LSI_SAS2 - ok
17:24:00.0711 1580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:24:00.0711 1580 LSI_SCSI - ok
17:24:00.0721 1580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:24:00.0721 1580 luafv - ok
17:24:00.0781 1580 McciCMService (944b3087b142cd9bf8da6b3039fbfba5) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
17:24:00.0781 1580 McciCMService - ok
17:24:00.0841 1580 McciCMService64 (fbd57a7c443c85cc6c6169493a020fdf) C:\Program Files\Common Files\Motive\McciCMService.exe
17:24:00.0851 1580 McciCMService64 - ok
17:24:00.0871 1580 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:24:00.0871 1580 Mcx2Svc - ok
17:24:00.0891 1580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:24:00.0891 1580 megasas - ok
17:24:00.0911 1580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:24:00.0911 1580 MegaSR - ok
17:24:00.0921 1580 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:24:00.0931 1580 MMCSS - ok
17:24:00.0931 1580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:24:00.0931 1580 Modem - ok
17:24:00.0941 1580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:24:00.0941 1580 monitor - ok
17:24:00.0971 1580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:24:00.0971 1580 mouclass - ok
17:24:00.0971 1580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:24:00.0971 1580 mouhid - ok
17:24:01.0001 1580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:24:01.0001 1580 mountmgr - ok
17:24:01.0021 1580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:24:01.0021 1580 mpio - ok
17:24:01.0041 1580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:24:01.0041 1580 mpsdrv - ok
17:24:01.0091 1580 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:24:01.0091 1580 MpsSvc - ok
17:24:01.0121 1580 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
17:24:01.0121 1580 MREMP50 - ok
17:24:01.0131 1580 MREMP50a64 - ok
17:24:01.0131 1580 MREMPR5 - ok
17:24:01.0131 1580 MRENDIS5 - ok
17:24:01.0141 1580 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
17:24:01.0141 1580 MRESP50 - ok
17:24:01.0161 1580 MRESP50a64 - ok
17:24:01.0181 1580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:24:01.0191 1580 MRxDAV - ok
17:24:01.0211 1580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:24:01.0211 1580 mrxsmb - ok
17:24:01.0251 1580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:24:01.0251 1580 mrxsmb10 - ok
17:24:01.0271 1580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:24:01.0271 1580 mrxsmb20 - ok
17:24:01.0281 1580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:24:01.0281 1580 msahci - ok
17:24:01.0311 1580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:24:01.0311 1580 msdsm - ok
17:24:01.0331 1580 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:24:01.0331 1580 MSDTC - ok
17:24:01.0341 1580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:24:01.0341 1580 Msfs - ok
17:24:01.0341 1580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:24:01.0341 1580 mshidkmdf - ok
17:24:01.0361 1580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:24:01.0361 1580 msisadrv - ok
17:24:01.0371 1580 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:24:01.0381 1580 MSiSCSI - ok
17:24:01.0381 1580 msiserver - ok
17:24:01.0391 1580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:24:01.0391 1580 MSKSSRV - ok
17:24:01.0391 1580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:24:01.0391 1580 MSPCLOCK - ok
17:24:01.0411 1580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:24:01.0411 1580 MSPQM - ok
17:24:01.0441 1580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:24:01.0441 1580 MsRPC - ok
17:24:01.0451 1580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:24:01.0451 1580 mssmbios - ok
17:24:01.0461 1580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:24:01.0461 1580 MSTEE - ok
17:24:01.0471 1580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:24:01.0471 1580 MTConfig - ok
17:24:01.0501 1580 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
17:24:01.0501 1580 MTsensor - ok
17:24:01.0511 1580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:24:01.0511 1580 Mup - ok
17:24:01.0561 1580 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:24:01.0571 1580 napagent - ok
17:24:01.0601 1580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:24:01.0601 1580 NativeWifiP - ok
17:24:01.0651 1580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:24:01.0661 1580 NDIS - ok
17:24:01.0661 1580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:24:01.0661 1580 NdisCap - ok
17:24:01.0671 1580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:24:01.0671 1580 NdisTapi - ok
17:24:01.0691 1580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:24:01.0691 1580 Ndisuio - ok
17:24:01.0721 1580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:24:01.0721 1580 NdisWan - ok
17:24:01.0751 1580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:24:01.0751 1580 NDProxy - ok
17:24:01.0771 1580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:24:01.0771 1580 NetBIOS - ok
17:24:01.0791 1580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:24:01.0801 1580 NetBT - ok
17:24:01.0821 1580 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:24:01.0821 1580 Netlogon - ok
17:24:01.0851 1580 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:24:01.0851 1580 Netman - ok
17:24:01.0901 1580 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:24:01.0901 1580 NetMsmqActivator - ok
17:24:01.0911 1580 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:24:01.0911 1580 NetPipeActivator - ok
17:24:01.0941 1580 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:24:01.0951 1580 netprofm - ok
17:24:01.0961 1580 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:24:01.0961 1580 NetTcpActivator - ok
17:24:01.0961 1580 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:24:01.0961 1580 NetTcpPortSharing - ok
17:24:01.0981 1580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:24:01.0981 1580 nfrd960 - ok
17:24:02.0021 1580 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:24:02.0021 1580 NlaSvc - ok
17:24:02.0031 1580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:24:02.0031 1580 Npfs - ok
17:24:02.0031 1580 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:24:02.0041 1580 nsi - ok
17:24:02.0041 1580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:24:02.0041 1580 nsiproxy - ok
17:24:02.0121 1580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:24:02.0131 1580 Ntfs - ok
17:24:02.0191 1580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:24:02.0191 1580 Null - ok
17:24:02.0221 1580 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:24:02.0221 1580 nusb3hub - ok
17:24:02.0241 1580 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:24:02.0241 1580 nusb3xhc - ok
17:24:02.0281 1580 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:24:02.0281 1580 NVENETFD - ok
17:24:02.0321 1580 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
17:24:02.0321 1580 NVHDA - ok
17:24:02.0641 1580 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:24:02.0811 1580 nvlddmkm - ok
17:24:02.0851 1580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:24:02.0851 1580 nvraid - ok
17:24:02.0861 1580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:24:02.0861 1580 nvstor - ok
17:24:02.0931 1580 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
17:24:02.0931 1580 nvsvc - ok
17:24:03.0081 1580 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:24:03.0101 1580 nvUpdatusService - ok
17:24:03.0141 1580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:24:03.0141 1580 nv_agp - ok
17:24:03.0151 1580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:24:03.0151 1580 ohci1394 - ok
17:24:03.0191 1580 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:24:03.0191 1580 ose64 - ok
17:24:03.0361 1580 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:24:03.0431 1580 osppsvc - ok
17:24:03.0491 1580 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:24:03.0501 1580 p2pimsvc - ok
17:24:03.0531 1580 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:24:03.0541 1580 p2psvc - ok
17:24:03.0561 1580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:24:03.0561 1580 Parport - ok
17:24:03.0581 1580 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:24:03.0581 1580 partmgr - ok
17:24:03.0601 1580 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:24:03.0601 1580 PcaSvc - ok
17:24:03.0611 1580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:24:03.0621 1580 pci - ok
17:24:03.0621 1580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:24:03.0621 1580 pciide - ok
17:24:03.0641 1580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:24:03.0641 1580 pcmcia - ok
17:24:03.0661 1580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:24:03.0661 1580 pcw - ok
17:24:03.0691 1580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:24:03.0691 1580 PEAUTH - ok
17:24:03.0751 1580 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:24:03.0761 1580 PeerDistSvc - ok
17:24:03.0811 1580 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:24:03.0811 1580 PerfHost - ok
17:24:03.0901 1580 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:24:03.0921 1580 pla - ok
17:24:03.0971 1580 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:24:03.0981 1580 PlugPlay - ok
17:24:03.0991 1580 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:24:03.0991 1580 PNRPAutoReg - ok
17:24:04.0021 1580 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:24:04.0021 1580 PNRPsvc - ok
17:24:04.0071 1580 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:24:04.0071 1580 PolicyAgent - ok
17:24:04.0091 1580 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:24:04.0091 1580 Power - ok
17:24:04.0131 1580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:24:04.0131 1580 PptpMiniport - ok
17:24:04.0151 1580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:24:04.0151 1580 Processor - ok
17:24:04.0171 1580 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:24:04.0171 1580 ProfSvc - ok
17:24:04.0191 1580 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:24:04.0191 1580 ProtectedStorage - ok
17:24:04.0221 1580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:24:04.0221 1580 Psched - ok
17:24:04.0241 1580 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
17:24:04.0241 1580 PSI - ok
17:24:04.0311 1580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:24:04.0321 1580 ql2300 - ok
17:24:04.0361 1580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:24:04.0361 1580 ql40xx - ok
17:24:04.0381 1580 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:24:04.0391 1580 QWAVE - ok
17:24:04.0391 1580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:24:04.0391 1580 QWAVEdrv - ok
17:24:04.0411 1580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:24:04.0411 1580 RasAcd - ok
17:24:04.0421 1580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:24:04.0421 1580 RasAgileVpn - ok
17:24:04.0431 1580 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:24:04.0431 1580 RasAuto - ok
17:24:04.0461 1580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:24:04.0461 1580 Rasl2tp - ok
17:24:04.0501 1580 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:24:04.0501 1580 RasMan - ok
17:24:04.0511 1580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:24:04.0511 1580 RasPppoe - ok
17:24:04.0521 1580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:24:04.0521 1580 RasSstp - ok
17:24:04.0541 1580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:24:04.0541 1580 rdbss - ok
17:24:04.0551 1580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:24:04.0551 1580 rdpbus - ok
17:24:04.0561 1580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:24:04.0561 1580 RDPCDD - ok
17:24:04.0591 1580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:24:04.0591 1580 RDPDR - ok
17:24:04.0601 1580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:24:04.0601 1580 RDPENCDD - ok
17:24:04.0611 1580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:24:04.0611 1580 RDPREFMP - ok
17:24:04.0631 1580 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:24:04.0631 1580 RDPWD - ok
17:24:04.0661 1580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:24:04.0661 1580 rdyboost - ok
17:24:04.0691 1580 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:24:04.0691 1580 RemoteAccess - ok
17:24:04.0711 1580 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:24:04.0711 1580 RemoteRegistry - ok
17:24:04.0721 1580 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:24:04.0721 1580 RpcEptMapper - ok
17:24:04.0741 1580 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:24:04.0741 1580 RpcLocator - ok
17:24:04.0781 1580 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:24:04.0781 1580 RpcSs - ok
17:24:04.0801 1580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:24:04.0801 1580 rspndr - ok
17:24:04.0841 1580 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:24:04.0841 1580 RTL8167 - ok
17:24:04.0861 1580 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:24:04.0861 1580 s3cap - ok
17:24:04.0861 1580 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:24:04.0861 1580 SamSs - ok
17:24:04.0901 1580 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:24:04.0901 1580 SASDIFSV - ok
17:24:04.0931 1580 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:24:04.0931 1580 SASKUTIL - ok
17:24:04.0951 1580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:24:04.0951 1580 sbp2port - ok
17:24:05.0021 1580 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:24:05.0031 1580 SBSDWSCService - ok
17:24:05.0041 1580 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:24:05.0051 1580 SCardSvr - ok
17:24:05.0071 1580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:24:05.0071 1580 scfilter - ok
17:24:05.0141 1580 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:24:05.0151 1580 Schedule - ok
17:24:05.0161 1580 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:24:05.0161 1580 SCPolicySvc - ok
17:24:05.0181 1580 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:24:05.0181 1580 SDRSVC - ok
17:24:05.0201 1580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:24:05.0201 1580 secdrv - ok
17:24:05.0221 1580 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:24:05.0221 1580 seclogon - ok
17:24:05.0281 1580 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:24:05.0291 1580 Secunia PSI Agent - ok
17:24:05.0321 1580 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe
17:24:05.0321 1580 Secunia Update Agent - ok
17:24:05.0381 1580 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:24:05.0381 1580 SENS - ok
17:24:05.0381 1580 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:24:05.0381 1580 SensrSvc - ok
17:24:05.0391 1580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:24:05.0391 1580 Serenum - ok
17:24:05.0401 1580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:24:05.0401 1580 Serial - ok
17:24:05.0421 1580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:24:05.0421 1580 sermouse - ok
17:24:05.0451 1580 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:24:05.0451 1580 SessionEnv - ok
17:24:05.0471 1580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:24:05.0471 1580 sffdisk - ok
17:24:05.0481 1580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:24:05.0481 1580 sffp_mmc - ok
17:24:05.0491 1580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:24:05.0491 1580 sffp_sd - ok
17:24:05.0501 1580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:24:05.0501 1580 sfloppy - ok
17:24:05.0541 1580 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:24:05.0541 1580 SharedAccess - ok
17:24:05.0571 1580 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:24:05.0571 1580 ShellHWDetection - ok
17:24:05.0591 1580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:24:05.0591 1580 SiSRaid2 - ok
17:24:05.0601 1580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:24:05.0601 1580 SiSRaid4 - ok
17:24:05.0621 1580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:24:05.0621 1580 Smb - ok
17:24:05.0631 1580 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:24:05.0631 1580 SNMPTRAP - ok
17:24:05.0651 1580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:24:05.0651 1580 spldr - ok
17:24:05.0691 1580 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:24:05.0701 1580 Spooler - ok
17:24:05.0831 1580 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:24:05.0881 1580 sppsvc - ok
17:24:05.0911 1580 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:24:05.0911 1580 sppuinotify - ok
17:24:05.0951 1580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:24:05.0951 1580 srv - ok
17:24:05.0981 1580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:24:05.0981 1580 srv2 - ok
17:24:06.0001 1580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:24:06.0001 1580 srvnet - ok
17:24:06.0011 1580 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:24:06.0011 1580 SSDPSRV - ok
17:24:06.0021 1580 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:24:06.0021 1580 SstpSvc - ok
17:24:06.0081 1580 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:24:06.0081 1580 Stereo Service - ok
17:24:06.0091 1580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:24:06.0091 1580 stexstor - ok
17:24:06.0141 1580 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:24:06.0141 1580 stisvc - ok
17:24:06.0161 1580 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:24:06.0161 1580 storflt - ok
17:24:06.0181 1580 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:24:06.0181 1580 StorSvc - ok
17:24:06.0191 1580 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:24:06.0191 1580 storvsc - ok
17:24:06.0191 1580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:24:06.0191 1580 swenum - ok
17:24:06.0231 1580 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:24:06.0231 1580 swprv - ok
17:24:06.0321 1580 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:24:06.0341 1580 SysMain - ok
17:24:06.0381 1580 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:24:06.0381 1580 TabletInputService - ok
17:24:06.0411 1580 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:24:06.0421 1580 TapiSrv - ok
17:24:06.0431 1580 TBPanel - ok
17:24:06.0431 1580 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:24:06.0431 1580 TBS - ok
17:24:06.0521 1580 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:24:06.0531 1580 Tcpip - ok
17:24:06.0621 1580 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:24:06.0631 1580 TCPIP6 - ok
17:24:06.0671 1580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:24:06.0671 1580 tcpipreg - ok
17:24:06.0691 1580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:24:06.0691 1580 TDPIPE - ok
17:24:06.0711 1580 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:24:06.0711 1580 TDTCP - ok
17:24:06.0731 1580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:24:06.0731 1580 tdx - ok
17:24:06.0741 1580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:24:06.0741 1580 TermDD - ok
17:24:06.0781 1580 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:24:06.0801 1580 TermService - ok
17:24:06.0821 1580 TfFsMon (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
17:24:06.0821 1580 TfFsMon - ok
17:24:06.0821 1580 TfNetMon (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
17:24:06.0821 1580 TfNetMon - ok
17:24:06.0831 1580 TfSysMon (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
17:24:06.0831 1580 TfSysMon - ok
17:24:06.0841 1580 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:24:06.0851 1580 Themes - ok
17:24:06.0871 1580 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:24:06.0871 1580 THREADORDER - ok
17:24:06.0871 1580 ThreatFire - ok
17:24:06.0891 1580 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:24:06.0891 1580 TrkWks - ok
17:24:06.0931 1580 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:24:06.0931 1580 TrustedInstaller - ok
17:24:06.0951 1580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:24:06.0951 1580 tssecsrv - ok
17:24:06.0981 1580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:24:06.0991 1580 TsUsbFlt - ok
17:24:07.0021 1580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:24:07.0021 1580 tunnel - ok
17:24:07.0031 1580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:24:07.0031 1580 uagp35 - ok
17:24:07.0061 1580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:24:07.0061 1580 udfs - ok
17:24:07.0071 1580 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:24:07.0071 1580 UI0Detect - ok
17:24:07.0081 1580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:24:07.0081 1580 uliagpkx - ok
17:24:07.0111 1580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:24:07.0111 1580 umbus - ok
17:24:07.0131 1580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:24:07.0131 1580 UmPass - ok
17:24:07.0151 1580 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:24:07.0161 1580 UmRdpService - ok
17:24:07.0181 1580 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:24:07.0191 1580 upnphost - ok
17:24:07.0211 1580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:24:07.0211 1580 usbccgp - ok
17:24:07.0231 1580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:24:07.0231 1580 usbcir - ok
17:24:07.0241 1580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:24:07.0241 1580 usbehci - ok
17:24:07.0251 1580 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
17:24:07.0251 1580 usbfilter - ok
17:24:07.0281 1580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:24:07.0281 1580 usbhub - ok
17:24:07.0291 1580 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:24:07.0291 1580 usbohci - ok
17:24:07.0311 1580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:24:07.0311 1580 usbprint - ok
17:24:07.0321 1580 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:24:07.0321 1580 usbscan - ok
17:24:07.0331 1580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:24:07.0331 1580 USBSTOR - ok
17:24:07.0341 1580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:24:07.0341 1580 usbuhci - ok
17:24:07.0351 1580 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:24:07.0361 1580 UxSms - ok
17:24:07.0371 1580 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:24:07.0381 1580 VaultSvc - ok
17:24:07.0381 1580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:24:07.0381 1580 vdrvroot - ok
17:24:07.0441 1580 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:24:07.0441 1580 vds - ok
17:24:07.0461 1580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:24:07.0461 1580 vga - ok
17:24:07.0471 1580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:24:07.0471 1580 VgaSave - ok
17:24:07.0491 1580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:24:07.0491 1580 vhdmp - ok
17:24:07.0511 1580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:24:07.0511 1580 viaide - ok
17:24:07.0531 1580 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:24:07.0531 1580 vmbus - ok
17:24:07.0561 1580 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:24:07.0571 1580 VMBusHID - ok
17:24:07.0651 1580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:24:07.0651 1580 volmgr - ok
17:24:07.0751 1580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:24:07.0751 1580 volmgrx - ok
17:24:07.0781 1580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:24:07.0781 1580 volsnap - ok
17:24:07.0801 1580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:24:07.0801 1580 vsmraid - ok
17:24:07.0881 1580 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:24:07.0891 1580 VSS - ok
17:24:07.0941 1580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:24:07.0941 1580 vwifibus - ok
17:24:07.0961 1580 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:24:07.0971 1580 W32Time - ok
17:24:07.0991 1580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:24:07.0991 1580 WacomPen - ok
17:24:08.0011 1580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:24:08.0011 1580 WANARP - ok
17:24:08.0011 1580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:24:08.0011 1580 Wanarpv6 - ok
17:24:08.0101 1580 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:24:08.0111 1580 WatAdminSvc - ok
17:24:08.0191 1580 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:24:08.0201 1580 wbengine - ok
17:24:08.0241 1580 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:24:08.0241 1580 WbioSrvc - ok
17:24:08.0281 1580 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:24:08.0281 1580 wcncsvc - ok
17:24:08.0291 1580 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:24:08.0291 1580 WcsPlugInService - ok
17:24:08.0311 1580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:24:08.0311 1580 Wd - ok
17:24:08.0341 1580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:24:08.0351 1580 Wdf01000 - ok
17:24:08.0361 1580 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:24:08.0361 1580 WdiServiceHost - ok
17:24:08.0371 1580 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:24:08.0371 1580 WdiSystemHost - ok
17:24:08.0391 1580 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:24:08.0401 1580 WebClient - ok
17:24:08.0421 1580 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:24:08.0421 1580 Wecsvc - ok
17:24:08.0431 1580 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:24:08.0431 1580 wercplsupport - ok
17:24:08.0441 1580 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:24:08.0451 1580 WerSvc - ok
17:24:08.0471 1580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:24:08.0471 1580 WfpLwf - ok
17:24:08.0481 1580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:24:08.0481 1580 WIMMount - ok
17:24:08.0511 1580 WinDefend - ok
17:24:08.0521 1580 WinHttpAutoProxySvc - ok
17:24:08.0551 1580 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:24:08.0561 1580 Winmgmt - ok
17:24:08.0641 1580 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:24:08.0661 1580 WinRM - ok
17:24:08.0731 1580 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:24:08.0751 1580 Wlansvc - ok
17:24:08.0771 1580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:24:08.0771 1580 WmiAcpi - ok
17:24:08.0791 1580 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:24:08.0791 1580 wmiApSrv - ok
17:24:08.0811 1580 WMPNetworkSvc - ok
17:24:08.0821 1580 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:24:08.0821 1580 WPCSvc - ok
17:24:08.0831 1580 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:24:08.0831 1580 WPDBusEnum - ok
17:24:08.0841 1580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:24:08.0841 1580 ws2ifsl - ok
17:24:08.0861 1580 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:24:08.0861 1580 wscsvc - ok
17:24:08.0861 1580 WSearch - ok
17:24:08.0971 1580 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:24:09.0011 1580 wuauserv - ok
17:24:09.0041 1580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:24:09.0041 1580 WudfPf - ok
17:24:09.0071 1580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:24:09.0071 1580 WUDFRd - ok
17:24:09.0091 1580 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:24:09.0091 1580 wudfsvc - ok
17:24:09.0121 1580 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:24:09.0121 1580 WwanSvc - ok
17:24:09.0141 1580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:24:09.0691 1580 \Device\Harddisk0\DR0 - ok
17:24:09.0691 1580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:24:09.0741 1580 \Device\Harddisk1\DR1 - ok
17:24:09.0751 1580 Boot (0x1200) (1e99d5fe6d6f7e61a2eb48eef710a68f) \Device\Harddisk0\DR0\Partition0
17:24:09.0751 1580 \Device\Harddisk0\DR0\Partition0 - ok
17:24:09.0751 1580 Boot (0x1200) (c4c5cf2fec5f28c6839d0347877e08e2) \Device\Harddisk1\DR1\Partition0
17:24:09.0751 1580 \Device\Harddisk1\DR1\Partition0 - ok
17:24:09.0751 1580 ============================================================
17:24:09.0751 1580 Scan finished
17:24:09.0751 1580 ============================================================
17:24:09.0761 3508 Detected object count: 0
17:24:09.0761 3508 Actual detected object count: 0
Go to the top of the page
 
+Quote Post
Conspire
post May 18 2012, 11:46 PM
Post #9


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 4,463
Joined: 8-August 08
From: Malaysia
Member No.: 80,830
Operating System: Windows 7 Ultimate, Linux Ubuntu 12.10
TDSSK didn't find anything.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Go to the top of the page
 
+Quote Post
springerider
post May 19 2012, 04:14 AM
Post #10


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 17-May 12
Member No.: 100,351
Operating System: Windows 7
Here's the ComboFix file as requested:

I also had an odd report from "WinPatrol" that hasn't shown up before, it's a apparently new program called "ObjectDelayLoad" and it's found at: C:\Windows\System32\webcheck.dll. Is this something that I should be concerned about, I haven't given it permission to run yet?


ComboFix 12-05-19.01 - John-Sandi 1 05/19/2012 5:46.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5707 [GMT -4:00]
Running from: c:\users\John-Sandi 1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll
J:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 09:57 . 2012-05-19 09:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-17 11:07 . 2012-05-17 11:07 -------- d-----w- c:\users\John-Sandi 1\AppData\Local\adawarebp
2012-05-17 11:07 . 2012-05-17 11:07 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-05-17 11:07 . 2012-05-17 11:07 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-05-17 11:06 . 2012-05-17 11:07 -------- d-----w- c:\program files (x86)\adawaretb
2012-05-17 11:05 . 2012-05-17 19:54 -------- d-----w- c:\users\John-Sandi 1\AppData\Roaming\Ad-Aware Antivirus
2012-05-10 11:25 . 2012-05-10 11:25 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 11:25 . 2012-05-10 11:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 11:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 11:09 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 11:09 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 11:09 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 11:09 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 11:09 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 11:09 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 11:09 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:09 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:09 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 11:09 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 11:08 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 11:08 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-27 00:46 . 2012-05-19 09:43 -------- d-----r- c:\users\John-Sandi 1\SkyDrive
2012-04-27 00:46 . 2012-04-27 00:46 -------- d-----w- c:\programdata\Microsoft SkyDrive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 10:28 . 2012-03-29 10:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 10:28 . 2011-09-11 23:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 06:46 . 2012-04-12 09:02 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 09:02 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 09:02 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 09:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 09:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 09:02 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 09:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 09:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 09:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 09:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 09:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 09:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 09:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 09:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 09:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-05-15 11:23 208096 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-05-15 11:23 208096 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-05-15 11:23 208096 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"GBMLite8AgentLaCie"="c:\program files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-27 4786048]
"SkyDrive"="c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-05-15 296672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-16 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-02-13 325000]
"GBMLite8AgentLaCie"="c:\program files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
"Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2011-09-26 24216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-12 2152688]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-06-13 441344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-10 17152]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:28]
.
2012-05-18 c:\windows\Tasks\GBM - Easy Layout Backup Job-Full.job
- c:\program files (x86)\LaCie\Genie Backup Assistant\GBM8.exe [2011-06-21 14:15]
.
2012-05-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-05-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-05-15 11:23 232672 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-05-15 11:23 232672 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-05-15 11:23 232672 ----a-w- c:\users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.src=ym&.done=http%3A%2F%2Fca.mc886.mail.yahoo.com%2Fmc%2Fwelcome%3Fswitch%3D1
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e3da8b4&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zb_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zb_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\windows\DAODx.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-05-19 06:07:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 10:07
.
Pre-Run: 922,457,374,720 bytes free
Post-Run: 921,855,291,392 bytes free
.
- - End Of File - - 9E518EF1970FBE978566EBE3AA24E02D
Go to the top of the page
 
+Quote Post
Conspire
post May 19 2012, 06:46 AM
Post #11


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 4,463
Joined: 8-August 08
From: Malaysia
Member No.: 80,830
Operating System: Windows 7 Ultimate, Linux Ubuntu 12.10
No it's not something you should be worried about. It's identified as safe.

Are you still facing a redirect?
Go to the top of the page
 
+Quote Post
springerider
post May 19 2012, 03:41 PM
Post #12


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 17-May 12
Member No.: 100,351
Operating System: Windows 7
Yes I'm still getting a redirect. Here's how it's working. When I open the browser it's fine, any new tabs open directly into "Blekko" search engine page and in the address bar it reads "about: newtab". There is no listing of it in program files, no listing in browser add-ons and I can't find it in the program files. None of the various uninstall methods works because of the above! Every time I do a google search for a way to get rid of it I get redirected to all Blekko pages!!! My initial homepage remains the correct one...just the tabs redirect. I'm getting pretty concerned!!!
Go to the top of the page
 
+Quote Post
Conspire
post May 19 2012, 09:37 PM
Post #13


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 4,463
Joined: 8-August 08
From: Malaysia
Member No.: 80,830
Operating System: Windows 7 Ultimate, Linux Ubuntu 12.10
Does it happen to only one browser or others as well? What browser are you using?

Please get a new OTL scan log. Please set OTL up this way for the scan.

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UNCheck the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following
    C:\Documents and Settings\Shopping Report\*.*
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Go to the top of the page
 
+Quote Post
springerider
post May 20 2012, 06:21 AM
Post #14


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 17-May 12
Member No.: 100,351
Operating System: Windows 7
I never thought to check my other browsers! Neither Opera or IE seem infected! Here's the new report:

OTL logfile created on: 5/20/2012 7:12:20 AM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\John-Sandi 1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 73.67% Memory free
15.99 Gb Paging File | 13.59 Gb Available in Paging File | 84.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 858.20 Gb Free Space | 92.13% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 931.02 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: JOHN-SANDI1-PC | User Name: John-Sandi 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John-Sandi 1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Program Files (x86)\LaCie\Genie Backup Assistant\gs_encryption.dll ()
MOD - C:\Program Files (x86)\LaCie\Genie Backup Assistant\GSLogging.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 62 06 0A 79 36 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E66F2FCE-5E45-48E2-ABE4-DA04163E15B9}: "URL" = http://search.avg.com/route/?d=4e3da8b4&am...y=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.src=ym&.done=http%3A%2F%2Fca.mc886.mail.yahoo.com%2Fmc%2Fwelcome%3Fswitch%3D1"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e3da8b4&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 15:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 07:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 06:44:10 | 000,000,000 | ---D | M]

[2011/03/05 11:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Extensions
[2012/05/20 06:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions
[2012/04/21 06:33:22 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/05/17 07:06:57 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/05/17 07:06:59 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/05/20 06:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\extensions\staged
[2012/05/18 17:08:45 | 000,005,472 | ---- | M] () -- C:\Users\John-Sandi 1\AppData\Roaming\Mozilla\Firefox\Profiles\p3z1nlo0.default\searchplugins\startpage-https.xml
[2012/03/15 18:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/31 15:46:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/07/27 12:41:28 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2011/09/09 07:22:40 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2012/03/08 17:01:32 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012/05/10 19:17:31 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/05 09:28:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/22 06:30:28 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011/09/09 07:18:42 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2012/02/01 10:43:34 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/04/27 06:47:00 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/09 21:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/09 21:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/19 06:01:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKCU..\Run: [SkyDrive] C:\Users\John-Sandi 1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32B7E865-2EF3-446B-BC3C-9143C51800FE}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 06:07:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/19 06:01:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/19 05:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/19 05:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/19 05:44:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/19 05:44:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/19 05:43:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/19 05:43:08 | 004,498,946 | R--- | C] (Swearware) -- C:\Users\John-Sandi 1\Desktop\ComboFix.exe
[2012/05/18 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\Desktop\tdsskiller
[2012/05/18 05:52:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John-Sandi 1\Desktop\aswMBR.exe
[2012/05/17 16:42:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/05/17 07:07:09 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\AppData\Local\adawarebp
[2012/05/17 07:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/05/17 07:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/05/17 07:05:18 | 000,000,000 | ---D | C] -- C:\Users\John-Sandi 1\AppData\Roaming\Ad-Aware Antivirus
[2012/05/15 07:23:51 | 004,894,432 | ---- | C] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe
[2012/05/10 07:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/10 07:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/10 07:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/10 07:09:16 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 07:09:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 07:09:13 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/10 07:08:54 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/26 20:46:31 | 000,000,000 | R--D | C] -- C:\Users\John-Sandi 1\SkyDrive
[2012/04/26 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

========== Files - Modified Within 30 Days ==========

[2012/05/20 06:59:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 02:50:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/19 18:21:20 | 098,646,037 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/19 18:20:47 | 000,272,498 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/19 06:08:18 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 06:08:18 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 06:06:07 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/19 06:06:07 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/19 06:06:07 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/19 06:01:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/19 06:00:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 06:00:33 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 05:43:14 | 004,498,946 | R--- | M] (Swearware) -- C:\Users\John-Sandi 1\Desktop\ComboFix.exe
[2012/05/19 03:00:00 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
[2012/05/18 20:37:24 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/05/18 20:37:24 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/05/18 17:22:25 | 002,107,843 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\tdsskiller.zip
[2012/05/18 06:44:59 | 000,000,546 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\MBR.zip
[2012/05/18 06:35:28 | 000,000,512 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\MBR.dat
[2012/05/18 05:53:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John-Sandi 1\Desktop\aswMBR.exe
[2012/05/18 05:51:38 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\GBM - Easy Layout Backup Job-Full.job
[2012/05/17 16:42:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John-Sandi 1\Desktop\OTL.exe
[2012/05/10 07:19:55 | 000,895,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/26 15:22:55 | 004,894,432 | ---- | M] (Microsoft Corporation) -- C:\Users\John-Sandi 1\Desktop\SkyDriveSetup.exe
[2012/04/25 19:10:55 | 000,562,478 | ---- | M] () -- C:\Users\John-Sandi 1\Desktop\Employment_Application_ACNB_Bank_Final_093010.pdf

========== Files Created - No Company Name ==========

[2012/05/19 05:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/19 05:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/19 05:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/19 05:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/19 05:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/18 17:22:23 | 002,107,843 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\tdsskiller.zip
[2012/05/18 06:44:59 | 000,000,546 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\MBR.zip
[2012/05/18 06:35:28 | 000,000,512 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\MBR.dat
[2012/05/08 16:48:21 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1f7551e3-d253-488a-926d-44e29d7bb744.job
[2012/05/08 16:48:20 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b0987a63-dfee-4766-933f-4ace86b3c42d.job
[2012/04/26 21:38:08 | 000,036,490 | ---- | C] () -- C:\Users\John-Sandi 1\Documents\House rules.rtf
[2012/04/26 21:38:08 | 000,004,671 | ---- | C] () -- C:\Users\John-Sandi 1\Documents\HSV.rtf
[2012/04/26 20:46:30 | 000,002,187 | ---- | C] () -- C:\Users\John-Sandi 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/04/25 19:10:52 | 000,562,478 | ---- | C] () -- C:\Users\John-Sandi 1\Desktop\Employment_Application_ACNB_Bank_Final_093010.pdf
[2012/02/11 20:25:04 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2011/12/05 13:14:06 | 000,777,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/25 08:35:44 | 000,002,544 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2011/09/25 08:35:44 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/01 12:27:23 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/01 12:27:23 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/03/07 15:26:43 | 000,007,600 | ---- | C] () -- C:\Users\John-Sandi 1\AppData\Local\Resmon.ResmonCfg
[2011/03/01 13:12:18 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/01 13:12:18 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/01 13:11:56 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/01 13:11:56 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7220.DAT
[2011/03/01 13:10:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/01 13:10:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/01 13:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/02/28 12:56:12 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/23 15:46:51 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/23 15:46:51 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/23 15:46:50 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/23 15:46:50 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/02/23 15:22:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/23 15:22:03 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== Custom Scans ==========

< C:\Documents and Settings\Shopping Report\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Go to the top of the page
 
+Quote Post
Conspire
post May 20 2012, 07:58 AM
Post #15


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 4,463
Joined: 8-August 08
From: Malaysia
Member No.: 80,830
Operating System: Windows 7 Ultimate, Linux Ubuntu 12.10
Let's see if we nailed this one out.

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    CODE
    :OTL
    [2011/09/09 07:18:42 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
    [2012/02/01 10:43:34 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\JOHN-SANDI 1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P3Z1NLO0.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI

    :Commands
    [EMPTYFLASH]
    [EMPTYTEMP]
    [RESETHOSTS]
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
Go to the top of the page
 
+Quote Post
« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »
 

2 Pages V   1 2 >
Closed TopicStart new topic
3 User(s) are reading this topic (3 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 22nd May 2013 - 03:17 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2013  IPS, Inc.