Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87491 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

blekko.com


  • This topic is locked This topic is locked
18 replies to this topic

#1 Bjorn P

Bjorn P

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 June 2012 - 12:33 AM

Hi, my computer has been running slow lately, takes a long time especially to start/stop internet browser windows. Chrome frequently gives me the out of memory error. I also noticed that blekko.com had been added as search engine provider in all of my browsers (IE, chrome, firefox). I think I have a virus or malware infection. Thanks for any help you can offer!

HiJackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:29 AM, on 6/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Users\Bjorn\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\rundll32.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bjorn\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061218
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bjorn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [chromium] C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Bjorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
O4 - Startup: Dropbox.lnk = Bjorn\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://design.bighammer.com
O15 - Trusted Zone: http://budget.bkp-net.com
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://myinfo.healt...svrloader32.cab
O16 - DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} (UltraMJCamX Class) - http://192.168.1.113...UltraMJCamX.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-31-0.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF4499D6-2B51-4868-A1AB-2AA7ACC3A785}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6AB7B7F-23DC-4F7C-81FD-599A62864FD8}: NameServer = 8.8.8.8
O18 - Protocol: ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: x-ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - (no file)
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: dlcf_device - - C:\Windows\system32\dlcfcoms.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15470 bytes

#2 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 15 June 2012 - 05:10 AM

Hello,
Welcome to WhatTheTech. My name is mowman, and I will be helping you fix your problems.

If you do not make a reply in 3 days, we will have to close your topic.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.

Please take note of some guidelines for this fix:

•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post





Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
      If suspicious objects are found select skip
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)












  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


#3 Bjorn P

Bjorn P

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 June 2012 - 01:41 PM

TDSSKiller output: 11:47:50.0767 6664 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 11:47:51.0143 6664 ============================================================ 11:47:51.0143 6664 Current date / time: 2012/06/15 11:47:51.0143 11:47:51.0144 6664 SystemInfo: 11:47:51.0144 6664 11:47:51.0144 6664 OS Version: 6.0.6002 ServicePack: 2.0 11:47:51.0144 6664 Product type: Workstation 11:47:51.0144 6664 ComputerName: XPSLAPTOP 11:47:51.0144 6664 UserName: Bjorn 11:47:51.0144 6664 Windows directory: C:\Windows 11:47:51.0144 6664 System windows directory: C:\Windows 11:47:51.0145 6664 Processor architecture: Intel x86 11:47:51.0145 6664 Number of processors: 2 11:47:51.0145 6664 Page size: 0x1000 11:47:51.0145 6664 Boot type: Normal boot 11:47:51.0145 6664 ============================================================ 11:47:54.0693 6664 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 11:47:54.0723 6664 ============================================================ 11:47:54.0723 6664 \Device\Harddisk0\DR0: 11:47:54.0776 6664 MBR partitions: 11:47:54.0776 6664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0xD1C993D 11:47:54.0809 6664 ============================================================ 11:47:55.0356 6664 C: <-> \Device\Harddisk0\DR0\Partition0 11:47:55.0391 6664 ============================================================ 11:47:55.0391 6664 Initialize success 11:47:55.0391 6664 ============================================================ 11:48:16.0999 0652 ============================================================ 11:48:16.0999 0652 Scan started 11:48:16.0999 0652 Mode: Manual; 11:48:16.0999 0652 ============================================================ 11:48:27.0427 0652 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 11:48:27.0431 0652 61883 - ok 11:48:28.0023 0652 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\Windows\system32\DRIVERS\ABP480N5.SYS 11:48:28.0080 0652 abp480n5 - ok 11:48:28.0420 0652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 11:48:28.0428 0652 ACPI - ok 11:48:28.0462 0652 adfs - ok 11:48:29.0526 0652 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 11:48:29.0530 0652 AdobeARMservice - ok 11:48:30.0416 0652 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 11:48:30.0422 0652 AdobeFlashPlayerUpdateSvc - ok 11:48:31.0325 0652 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 11:48:31.0392 0652 adp94xx - ok 11:48:32.0391 0652 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 11:48:32.0433 0652 adpahci - ok 11:48:32.0494 0652 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 11:48:32.0498 0652 adpu160m - ok 11:48:32.0898 0652 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 11:48:32.0903 0652 adpu320 - ok 11:48:33.0081 0652 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 11:48:33.0098 0652 AeLookupSvc - ok 11:48:34.0382 0652 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 11:48:34.0398 0652 AFD - ok 11:48:34.0453 0652 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 11:48:34.0456 0652 agp440 - ok 11:48:34.0559 0652 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\Windows\system32\DRIVERS\aha154x.sys 11:48:34.0570 0652 Aha154x - ok 11:48:34.0624 0652 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\Windows\system32\DRIVERS\aic78u2.sys 11:48:34.0627 0652 aic78u2 - ok 11:48:34.0705 0652 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 11:48:34.0715 0652 aic78xx - ok 11:48:34.0899 0652 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 11:48:34.0926 0652 ALG - ok 11:48:35.0041 0652 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 11:48:35.0096 0652 aliide - ok 11:48:35.0157 0652 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 11:48:35.0160 0652 amdagp - ok 11:48:35.0183 0652 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 11:48:35.0186 0652 amdide - ok 11:48:35.0228 0652 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 11:48:35.0230 0652 AmdK7 - ok 11:48:35.0254 0652 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 11:48:35.0257 0652 AmdK8 - ok 11:48:35.0340 0652 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\Windows\system32\DRIVERS\amsint.sys 11:48:35.0342 0652 amsint - ok 11:48:35.0412 0652 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys 11:48:35.0447 0652 androidusb - ok 11:48:38.0563 0652 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe 11:48:38.0662 0652 AntiSpywareService - ok 11:48:39.0240 0652 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 11:48:39.0391 0652 Appinfo - ok 11:48:40.0693 0652 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:48:40.0697 0652 Apple Mobile Device - ok 11:48:40.0787 0652 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 11:48:40.0790 0652 arc - ok 11:48:41.0287 0652 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 11:48:41.0290 0652 arcsas - ok 11:48:41.0333 0652 asc (62d318e9a0c8fc9b780008e724283707) C:\Windows\system32\DRIVERS\asc.sys 11:48:41.0336 0652 asc - ok 11:48:41.0360 0652 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\Windows\system32\DRIVERS\asc3350p.sys 11:48:41.0363 0652 asc3350p - ok 11:48:41.0389 0652 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\Windows\system32\DRIVERS\asc3550.sys 11:48:41.0391 0652 asc3550 - ok 11:48:41.0435 0652 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\Windows\system32\drivers\ASCTRM.sys 11:48:41.0437 0652 ASCTRM - ok 11:48:41.0519 0652 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\Windows\system32\drivers\ASPI32.sys 11:48:41.0522 0652 ASPI32 - ok 11:48:41.0604 0652 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 11:48:41.0606 0652 AsyncMac - ok 11:48:41.0665 0652 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 11:48:41.0666 0652 atapi - ok 11:48:42.0172 0652 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 11:48:42.0205 0652 AudioEndpointBuilder - ok 11:48:42.0213 0652 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 11:48:42.0218 0652 Audiosrv - ok 11:48:42.0300 0652 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 11:48:42.0311 0652 Avc - ok 11:48:44.0634 0652 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 11:48:44.0813 0652 AVGIDSAgent - ok 11:48:45.0076 0652 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys 11:48:45.0081 0652 AVGIDSDriver - ok 11:48:45.0124 0652 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys 11:48:45.0127 0652 AVGIDSFilter - ok 11:48:45.0181 0652 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys 11:48:45.0184 0652 AVGIDSHX - ok 11:48:45.0234 0652 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys 11:48:45.0237 0652 AVGIDSShim - ok 11:48:45.0302 0652 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys 11:48:45.0309 0652 Avgldx86 - ok 11:48:45.0372 0652 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys 11:48:45.0375 0652 Avgmfx86 - ok 11:48:45.0409 0652 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys 11:48:45.0412 0652 Avgrkx86 - ok 11:48:45.0493 0652 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys 11:48:45.0516 0652 Avgtdix - ok 11:48:45.0701 0652 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 11:48:45.0708 0652 avgwd - ok 11:48:45.0772 0652 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 11:48:45.0775 0652 bcm4sbxp - ok 11:48:45.0844 0652 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 11:48:45.0846 0652 Beep - ok 11:48:46.0945 0652 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 11:48:47.0112 0652 BFE - ok 11:48:48.0947 0652 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 11:48:49.0157 0652 BITS - ok 11:48:49.0163 0652 blbdrive - ok 11:48:50.0699 0652 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 11:48:50.0751 0652 Bonjour Service - ok 11:48:51.0023 0652 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 11:48:51.0032 0652 bowser - ok 11:48:51.0095 0652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 11:48:51.0098 0652 BrFiltLo - ok 11:48:51.0167 0652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 11:48:51.0170 0652 BrFiltUp - ok 11:48:51.0229 0652 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 11:48:51.0233 0652 Bridge - ok 11:48:51.0246 0652 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 11:48:51.0248 0652 BridgeMP - ok 11:48:51.0346 0652 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 11:48:51.0350 0652 Browser - ok 11:48:51.0398 0652 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 11:48:51.0402 0652 Brserid - ok 11:48:51.0426 0652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 11:48:51.0429 0652 BrSerWdm - ok 11:48:51.0469 0652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 11:48:51.0471 0652 BrUsbMdm - ok 11:48:51.0493 0652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 11:48:51.0495 0652 BrUsbSer - ok 11:48:51.0567 0652 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 11:48:51.0570 0652 BthEnum - ok 11:48:51.0632 0652 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 11:48:51.0635 0652 BTHMODEM - ok 11:48:51.0688 0652 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 11:48:51.0693 0652 BthPan - ok 11:48:51.0783 0652 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 11:48:51.0807 0652 BTHPORT - ok 11:48:51.0881 0652 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll 11:48:51.0884 0652 BthServ - ok 11:48:51.0919 0652 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 11:48:51.0922 0652 BTHUSB - ok 11:48:51.0927 0652 BTWUSB - ok 11:48:51.0966 0652 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\Windows\system32\DRIVERS\cd20xrnt.sys 11:48:51.0969 0652 cd20xrnt - ok 11:48:52.0018 0652 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 11:48:52.0021 0652 cdfs - ok 11:48:52.0089 0652 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 11:48:52.0093 0652 cdrom - ok 11:48:52.0168 0652 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 11:48:52.0170 0652 CertPropSvc - ok 11:48:52.0208 0652 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 11:48:52.0211 0652 circlass - ok 11:48:52.0299 0652 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 11:48:52.0307 0652 CLFS - ok 11:48:52.0705 0652 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:48:52.0711 0652 clr_optimization_v2.0.50727_32 - ok 11:48:54.0100 0652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:48:54.0150 0652 clr_optimization_v4.0.30319_32 - ok 11:48:54.0302 0652 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 11:48:54.0325 0652 CmBatt - ok 11:48:54.0389 0652 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 11:48:54.0391 0652 cmdide - ok 11:48:54.0614 0652 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 11:48:54.0617 0652 Compbatt - ok 11:48:54.0623 0652 COMSysApp - ok 11:48:54.0700 0652 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\Windows\system32\DRIVERS\cpqarray.sys 11:48:54.0713 0652 Cpqarray - ok 11:48:55.0089 0652 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 11:48:55.0108 0652 crcdisk - ok 11:48:55.0468 0652 Creative Labs Licensing Service (7db5e3f44d797bd38b8e336ccc2e49d5) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe 11:48:55.0472 0652 Creative Labs Licensing Service - ok 11:48:55.0529 0652 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\system32\CTsvcCDA.exe 11:48:55.0532 0652 Creative Service for CDROM Access - ok 11:48:55.0556 0652 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 11:48:55.0559 0652 Crusoe - ok 11:48:55.0723 0652 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 11:48:55.0728 0652 CryptSvc - ok 11:48:55.0795 0652 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys 11:48:55.0799 0652 ctxusbm - ok 11:48:56.0416 0652 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\Windows\system32\DRIVERS\dac2w2k.sys 11:48:56.0422 0652 dac2w2k - ok 11:48:56.0451 0652 dac960nt (683789caa3864eb46125ae86ff677d34) C:\Windows\system32\DRIVERS\dac960nt.sys 11:48:56.0453 0652 dac960nt - ok 11:48:58.0653 0652 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 11:48:58.0696 0652 DcomLaunch - ok 11:48:59.0064 0652 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 11:48:59.0136 0652 DfsC - ok 11:49:03.0735 0652 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 11:49:03.0841 0652 DFSR - ok 11:49:05.0608 0652 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys 11:49:05.0611 0652 DgiVecp - ok 11:49:05.0729 0652 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 11:49:05.0736 0652 Dhcp - ok 11:49:05.0811 0652 DigiNet (e70ac14f6addcc9589cf513af725178c) C:\Windows\system32\DRIVERS\diginet.sys 11:49:05.0813 0652 DigiNet - ok 11:49:05.0982 0652 DigiRefresh - ok 11:49:06.0332 0652 digiSPTIService (52e112e8b13522352db42b78ac9bab0c) C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe 11:49:06.0357 0652 digiSPTIService - ok 11:49:06.0436 0652 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 11:49:06.0440 0652 disk - ok 11:49:06.0507 0652 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS 11:49:06.0510 0652 DLABMFSM - ok 11:49:06.0525 0652 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS 11:49:06.0529 0652 DLABOIOM - ok 11:49:06.0545 0652 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS 11:49:06.0548 0652 DLACDBHM - ok 11:49:06.0562 0652 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS 11:49:06.0565 0652 DLADResM - ok 11:49:06.0583 0652 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS 11:49:06.0588 0652 DLAIFS_M - ok 11:49:06.0608 0652 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS 11:49:06.0611 0652 DLAOPIOM - ok 11:49:06.0626 0652 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS 11:49:06.0629 0652 DLAPoolM - ok 11:49:06.0700 0652 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS 11:49:06.0711 0652 DLARTL_M - ok 11:49:06.0723 0652 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS 11:49:06.0728 0652 DLAUDFAM - ok 11:49:06.0761 0652 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS 11:49:06.0765 0652 DLAUDF_M - ok 11:49:06.0789 0652 dlcf_device - ok 11:49:07.0068 0652 dldfCATSCustConnectService (37b339fbac80633cea47d58a643a7c67) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe 11:49:07.0150 0652 dldfCATSCustConnectService - ok 11:49:07.0156 0652 dldf_device - ok 11:49:07.0223 0652 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 11:49:07.0228 0652 Dnscache - ok 11:49:07.0370 0652 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 11:49:07.0377 0652 dot3svc - ok 11:49:07.0608 0652 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 11:49:07.0613 0652 DPS - ok 11:49:07.0701 0652 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\Windows\system32\DRIVERS\dpti2o.sys 11:49:07.0714 0652 dpti2o - ok 11:49:07.0792 0652 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 11:49:07.0795 0652 drmkaud - ok 11:49:08.0053 0652 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS 11:49:08.0083 0652 DRVMCDB - ok 11:49:08.0116 0652 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS 11:49:08.0125 0652 DRVNDDM - ok 11:49:08.0216 0652 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 11:49:08.0250 0652 DXGKrnl - ok 11:49:08.0296 0652 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 11:49:08.0300 0652 E1G60 - ok 11:49:08.0360 0652 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 11:49:08.0364 0652 EapHost - ok 11:49:08.0465 0652 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 11:49:08.0471 0652 Ecache - ok 11:49:08.0581 0652 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 11:49:08.0596 0652 ehRecvr - ok 11:49:08.0649 0652 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 11:49:08.0653 0652 ehSched - ok 11:49:08.0707 0652 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 11:49:08.0710 0652 ehstart - ok 11:49:08.0771 0652 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 11:49:08.0819 0652 elxstor - ok 11:49:08.0955 0652 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 11:49:08.0983 0652 EMDMgmt - ok 11:49:09.0108 0652 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 11:49:09.0125 0652 EventSystem - ok 11:49:09.0253 0652 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 11:49:09.0259 0652 exfat - ok 11:49:09.0337 0652 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 11:49:09.0342 0652 fastfat - ok 11:49:09.0390 0652 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 11:49:09.0392 0652 fdc - ok 11:49:09.0463 0652 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 11:49:09.0466 0652 fdPHost - ok 11:49:09.0518 0652 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 11:49:09.0522 0652 FDResPub - ok 11:49:09.0591 0652 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 11:49:09.0595 0652 FileInfo - ok 11:49:09.0646 0652 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 11:49:09.0649 0652 Filetrace - ok 11:49:09.0670 0652 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 11:49:09.0673 0652 flpydisk - ok 11:49:09.0750 0652 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 11:49:09.0756 0652 FltMgr - ok 11:49:10.0687 0652 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 11:49:10.0773 0652 FontCache - ok 11:49:11.0399 0652 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 11:49:11.0403 0652 FontCache3.0.0.0 - ok 11:49:11.0469 0652 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 11:49:11.0472 0652 fssfltr - ok 11:49:15.0347 0652 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 11:49:15.0607 0652 fsssvc - ok 11:49:16.0531 0652 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 11:49:16.0548 0652 Fs_Rec - ok 11:49:16.0599 0652 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\Windows\system32\drivers\ftdibus.sys 11:49:16.0602 0652 FTDIBUS - ok 11:49:16.0644 0652 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\Windows\system32\drivers\ftser2k.sys 11:49:16.0648 0652 FTSER2K - ok 11:49:16.0718 0652 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 11:49:16.0721 0652 gagp30kx - ok 11:49:16.0800 0652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 11:49:16.0814 0652 GEARAspiWDM - ok 11:49:17.0365 0652 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 11:49:17.0396 0652 gpsvc - ok 11:49:17.0614 0652 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 11:49:17.0618 0652 gupdate - ok 11:49:17.0640 0652 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 11:49:17.0643 0652 gupdatem - ok 11:49:17.0706 0652 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 11:49:17.0713 0652 gusvc - ok 11:49:17.0810 0652 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 11:49:17.0835 0652 HdAudAddService - ok 11:49:18.0380 0652 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:49:18.0410 0652 HDAudBus - ok 11:49:18.0468 0652 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 11:49:18.0471 0652 HidBth - ok 11:49:18.0492 0652 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 11:49:18.0495 0652 HidIr - ok 11:49:18.0580 0652 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 11:49:18.0584 0652 hidserv - ok 11:49:18.0659 0652 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 11:49:18.0673 0652 HidUsb - ok 11:49:18.0816 0652 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 11:49:18.0828 0652 hkmsvc - ok 11:49:19.0104 0652 hnmsvc (4bda4856bd308c90cd5a98b6bf294a73) C:\Program Files\Dell Network Assistant\hnm_svc.exe 11:49:19.0109 0652 hnmsvc - ok 11:49:19.0153 0652 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 11:49:19.0156 0652 HpCISSs - ok 11:49:19.0222 0652 hpn (b028377dea0546a5fcfba928a8aefae0) C:\Windows\system32\DRIVERS\hpn.sys 11:49:19.0235 0652 hpn - ok 11:49:19.0349 0652 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 11:49:19.0357 0652 HSFHWAZL - ok 11:49:19.0721 0652 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys 11:49:19.0784 0652 HSF_DPV - ok 11:49:19.0863 0652 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 11:49:19.0870 0652 HSXHWAZL - ok 11:49:20.0160 0652 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 11:49:20.0241 0652 HTTP - ok 11:49:20.0280 0652 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 11:49:20.0296 0652 i2omp - ok 11:49:20.0378 0652 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 11:49:20.0381 0652 i8042prt - ok 11:49:20.0432 0652 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 11:49:20.0459 0652 iaStorV - ok 11:49:20.0786 0652 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 11:49:20.0792 0652 IDriverT - ok 11:49:22.0365 0652 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:49:22.0409 0652 idsvc - ok 11:49:23.0333 0652 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 11:49:23.0337 0652 iirsp - ok 11:49:23.0848 0652 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 11:49:23.0879 0652 IKEEXT - ok 11:49:23.0921 0652 iLokDrvr (719ba15f965fa657c8959bd833782324) C:\Windows\system32\DRIVERS\iLokDrvr.sys 11:49:23.0937 0652 iLokDrvr - ok 11:49:23.0974 0652 ini910u (4a40e045faee58631fd8d91afc620719) C:\Windows\system32\DRIVERS\ini910u.sys 11:49:23.0977 0652 ini910u - ok 11:49:24.0037 0652 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys 11:49:24.0040 0652 intelide - ok 11:49:24.0080 0652 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 11:49:24.0101 0652 intelppm - ok 11:49:24.0191 0652 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 11:49:24.0197 0652 IPBusEnum - ok 11:49:24.0244 0652 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:49:24.0264 0652 IpFilterDriver - ok 11:49:24.0491 0652 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 11:49:24.0512 0652 iphlpsvc - ok 11:49:24.0519 0652 IpInIp - ok 11:49:24.0622 0652 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 11:49:24.0632 0652 IPMIDRV - ok 11:49:24.0711 0652 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 11:49:24.0726 0652 IPNAT - ok 11:49:25.0829 0652 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe 11:49:25.0862 0652 iPod Service - ok 11:49:25.0901 0652 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\Windows\system32\drivers\iPodDrv.sys 11:49:25.0903 0652 iPodDrv - ok 11:49:26.0035 0652 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 11:49:26.0061 0652 IRENUM - ok 11:49:26.0246 0652 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 11:49:26.0269 0652 isapnp - ok 11:49:26.0374 0652 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 11:49:26.0380 0652 iScsiPrt - ok 11:49:26.0401 0652 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 11:49:26.0404 0652 iteatapi - ok 11:49:26.0438 0652 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 11:49:26.0442 0652 iteraid - ok 11:49:27.0097 0652 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe 11:49:27.0107 0652 ITMRTSVC - ok 11:49:27.0169 0652 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 11:49:27.0172 0652 kbdclass - ok 11:49:27.0254 0652 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 11:49:27.0266 0652 kbdhid - ok 11:49:27.0370 0652 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 11:49:27.0526 0652 KeyIso - ok 11:49:27.0563 0652 KORGUMDS (cd2b7f4c57ff0d8422a3a7aa9995874a) C:\Windows\system32\Drivers\KORGUMDS.SYS 11:49:27.0566 0652 KORGUMDS - ok 11:49:28.0626 0652 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 11:49:28.0741 0652 KSecDD - ok 11:49:29.0365 0652 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 11:49:29.0381 0652 KtmRm - ok 11:49:30.0039 0652 L6PODX3LV (8b70e4e9ee5fccdab0919aa6d58be6ec) C:\Windows\system32\Drivers\L6PODX3LV.sys 11:49:30.0076 0652 L6PODX3LV - ok 11:49:30.0183 0652 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 11:49:30.0195 0652 LanmanServer - ok 11:49:30.0335 0652 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 11:49:30.0345 0652 LanmanWorkstation - ok 11:49:30.0514 0652 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 11:49:30.0530 0652 lltdio - ok 11:49:30.0817 0652 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 11:49:30.0825 0652 lltdsvc - ok 11:49:30.0883 0652 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 11:49:30.0888 0652 lmhosts - ok 11:49:30.0951 0652 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 11:49:30.0955 0652 LSI_FC - ok 11:49:30.0986 0652 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 11:49:30.0989 0652 LSI_SAS - ok 11:49:31.0022 0652 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 11:49:31.0026 0652 LSI_SCSI - ok 11:49:31.0089 0652 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 11:49:31.0093 0652 luafv - ok 11:49:31.0158 0652 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys 11:49:31.0163 0652 MarvinBus - ok 11:49:31.0249 0652 MAUSBFTP (a07af79cac2b923d65d51eaad5dafc69) C:\Windows\system32\DRIVERS\mausb.sys 11:49:31.0254 0652 MAUSBFTP - ok 11:49:31.0263 0652 mcdbus - ok 11:49:31.0406 0652 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 11:49:31.0416 0652 Mcx2Svc - ok 11:49:31.0967 0652 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 11:49:31.0997 0652 MDM - ok 11:49:32.0042 0652 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 11:49:32.0045 0652 mdmxsdk - ok 11:49:32.0076 0652 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 11:49:32.0079 0652 megasas - ok 11:49:32.0130 0652 MHN (b7521f69c0a9b29d356157229376fb21) C:\Windows\System32\mhn.dll 11:49:32.0137 0652 MHN - ok 11:49:32.0197 0652 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\Windows\system32\DRIVERS\mhndrv.sys 11:49:32.0200 0652 MHNDRV - ok 11:49:32.0332 0652 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 11:49:32.0337 0652 MMCSS - ok 11:49:32.0403 0652 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 11:49:32.0406 0652 Modem - ok 11:49:32.0579 0652 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\Windows\system32\drivers\monfilt.sys 11:49:32.0638 0652 monfilt - ok 11:49:32.0887 0652 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 11:49:32.0890 0652 monitor - ok 11:49:32.0943 0652 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 11:49:32.0946 0652 mouclass - ok 11:49:32.0998 0652 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 11:49:33.0000 0652 mouhid - ok 11:49:33.0061 0652 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 11:49:33.0065 0652 MountMgr - ok 11:49:33.0175 0652 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 11:49:33.0179 0652 MozillaMaintenance - ok 11:49:33.0231 0652 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 11:49:33.0235 0652 mpio - ok 11:49:33.0281 0652 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 11:49:33.0284 0652 mpsdrv - ok 11:49:33.0378 0652 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 11:49:33.0399 0652 MpsSvc - ok 11:49:33.0433 0652 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 11:49:33.0436 0652 Mraid35x - ok 11:49:33.0507 0652 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 11:49:33.0511 0652 MRxDAV - ok 11:49:33.0559 0652 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:49:33.0563 0652 mrxsmb - ok 11:49:33.0626 0652 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:49:33.0633 0652 mrxsmb10 - ok 11:49:33.0655 0652 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:49:33.0660 0652 mrxsmb20 - ok 11:49:33.0699 0652 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys 11:49:33.0702 0652 msahci - ok 11:49:33.0731 0652 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 11:49:33.0736 0652 msdsm - ok 11:49:33.0777 0652 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 11:49:33.0785 0652 MSDTC - ok 11:49:33.0823 0652 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 11:49:33.0826 0652 MSDV - ok 11:49:33.0872 0652 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 11:49:33.0875 0652 Msfs - ok 11:49:33.0922 0652 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 11:49:33.0925 0652 msisadrv - ok 11:49:33.0969 0652 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 11:49:33.0976 0652 MSiSCSI - ok 11:49:34.0002 0652 msiserver - ok 11:49:34.0066 0652 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 11:49:34.0068 0652 MSKSSRV - ok 11:49:34.0124 0652 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 11:49:34.0127 0652 MSPCLOCK - ok 11:49:34.0144 0652 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 11:49:34.0147 0652 MSPQM - ok 11:49:34.0225 0652 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 11:49:34.0230 0652 MsRPC - ok 11:49:34.0269 0652 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 11:49:34.0272 0652 mssmbios - ok 11:49:37.0858 0652 MSSQL$MICROSOFTSMLBIZ (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe 11:49:38.0188 0652 MSSQL$MICROSOFTSMLBIZ - ok 11:49:38.0307 0652 MSSQLServerADHelper (1d1b22613eab9287af902398867bc93c) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 11:49:38.0312 0652 MSSQLServerADHelper - ok 11:49:38.0523 0652 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 11:49:38.0525 0652 MSTEE - ok 11:49:38.0591 0652 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 11:49:38.0594 0652 Mup - ok 11:49:38.0691 0652 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 11:49:38.0715 0652 napagent - ok 11:49:38.0800 0652 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 11:49:38.0805 0652 NativeWifiP - ok 11:49:38.0926 0652 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 11:49:38.0958 0652 NDIS - ok 11:49:39.0013 0652 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 11:49:39.0015 0652 NdisTapi - ok 11:49:39.0073 0652 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 11:49:39.0076 0652 Ndisuio - ok 11:49:39.0104 0652 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 11:49:39.0109 0652 NdisWan - ok 11:49:39.0167 0652 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 11:49:39.0171 0652 NDProxy - ok 11:49:39.0190 0652 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 11:49:39.0193 0652 NetBIOS - ok 11:49:39.0265 0652 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 11:49:39.0272 0652 netbt - ok 11:49:39.0379 0652 NetFxUpdate_v1.1.4322 (503919cf44a9ebb945be441d4bd32619) C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe 11:49:39.0384 0652 NetFxUpdate_v1.1.4322 - ok 11:49:39.0427 0652 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 11:49:39.0431 0652 Netlogon - ok 11:49:39.0499 0652 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 11:49:39.0527 0652 Netman - ok 11:49:39.0596 0652 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 11:49:39.0607 0652 netprofm - ok 11:49:39.0716 0652 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:49:39.0720 0652 NetTcpPortSharing - ok 11:49:39.0989 0652 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 11:49:40.0073 0652 NETw3v32 - ok 11:49:40.0473 0652 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 11:49:40.0557 0652 NETw4v32 - ok 11:49:40.0715 0652 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 11:49:40.0719 0652 nfrd960 - ok 11:49:40.0787 0652 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 11:49:40.0795 0652 NlaSvc - ok 11:49:40.0862 0652 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 11:49:40.0865 0652 Npfs - ok 11:49:40.0920 0652 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 11:49:40.0925 0652 nsi - ok 11:49:40.0982 0652 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 11:49:40.0984 0652 nsiproxy - ok 11:49:41.0165 0652 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 11:49:41.0206 0652 Ntfs - ok 11:49:41.0226 0652 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 11:49:41.0229 0652 ntrigdigi - ok 11:49:41.0262 0652 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 11:49:41.0265 0652 Null - ok 11:49:42.0207 0652 nvlddmkm (dc89868592d74de404406c9420c3f277) C:\Windows\system32\DRIVERS\nvlddmkm.sys 11:49:42.0484 0652 nvlddmkm - ok 11:49:42.0687 0652 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 11:49:42.0691 0652 nvraid - ok 11:49:42.0719 0652 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 11:49:42.0722 0652 nvstor - ok 11:49:42.0749 0652 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 11:49:42.0754 0652 nv_agp - ok 11:49:42.0761 0652 NwlnkFlt - ok 11:49:42.0772 0652 NwlnkFwd - ok 11:49:42.0877 0652 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 11:49:42.0880 0652 ohci1394 - ok 11:49:42.0978 0652 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:49:42.0982 0652 ose - ok 11:49:43.0114 0652 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 11:49:43.0143 0652 p2pimsvc - ok 11:49:43.0155 0652 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 11:49:43.0168 0652 p2psvc - ok 11:49:43.0196 0652 Packet (8f856dae19383bd69db444004d5d4f50) C:\Windows\system32\DRIVERS\packet.sys 11:49:43.0199 0652 Packet - ok 11:49:43.0219 0652 PalmUSBD - ok 11:49:43.0261 0652 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 11:49:43.0265 0652 Parport - ok 11:49:43.0325 0652 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 11:49:43.0329 0652 partmgr - ok 11:49:43.0353 0652 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 11:49:43.0356 0652 Parvdm - ok 11:49:43.0416 0652 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 11:49:43.0422 0652 PcaSvc - ok 11:49:43.0497 0652 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 11:49:43.0503 0652 pci - ok 11:49:43.0557 0652 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys 11:49:43.0560 0652 pciide - ok 11:49:43.0593 0652 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\Windows\system32\drivers\pclepci.sys 11:49:43.0596 0652 PCLEPCI - ok 11:49:43.0640 0652 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 11:49:43.0646 0652 pcmcia - ok 11:49:43.0772 0652 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 11:49:43.0815 0652 PEAUTH - ok 11:49:44.0038 0652 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 11:49:44.0136 0652 pla - ok 11:49:44.0361 0652 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 11:49:44.0372 0652 PlugPlay - ok 11:49:44.0512 0652 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 11:49:44.0525 0652 PNRPAutoReg - ok 11:49:44.0545 0652 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 11:49:44.0558 0652 PNRPsvc - ok 11:49:44.0602 0652 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 11:49:44.0630 0652 PolicyAgent - ok 11:49:44.0669 0652 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 11:49:44.0673 0652 PptpMiniport - ok 11:49:44.0713 0652 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 11:49:44.0716 0652 Processor - ok 11:49:44.0802 0652 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 11:49:44.0811 0652 ProfSvc - ok 11:49:44.0872 0652 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 11:49:44.0876 0652 ProtectedStorage - ok 11:49:44.0909 0652 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 11:49:44.0912 0652 PSched - ok 11:49:44.0975 0652 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys 11:49:44.0979 0652 PxHelp20 - ok 11:49:45.0015 0652 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\Windows\system32\DRIVERS\ql1080.sys 11:49:45.0018 0652 ql1080 - ok 11:49:45.0046 0652 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\Windows\system32\DRIVERS\ql10wnt.sys 11:49:45.0049 0652 Ql10wnt - ok 11:49:45.0080 0652 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\Windows\system32\DRIVERS\ql12160.sys 11:49:45.0084 0652 ql12160 - ok 11:49:45.0109 0652 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\Windows\system32\DRIVERS\ql1240.sys 11:49:45.0113 0652 ql1240 - ok 11:49:45.0139 0652 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\Windows\system32\DRIVERS\ql1280.sys 11:49:45.0143 0652 ql1280 - ok 11:49:45.0271 0652 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 11:49:45.0312 0652 ql2300 - ok 11:49:45.0352 0652 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 11:49:45.0357 0652 ql40xx - ok 11:49:45.0425 0652 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 11:49:45.0437 0652 QWAVE - ok 11:49:45.0494 0652 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 11:49:45.0496 0652 QWAVEdrv - ok 11:49:45.0565 0652 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 11:49:45.0568 0652 RasAcd - ok 11:49:45.0632 0652 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 11:49:45.0640 0652 RasAuto - ok 11:49:45.0701 0652 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:49:45.0705 0652 Rasl2tp - ok 11:49:45.0795 0652 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 11:49:45.0807 0652 RasMan - ok 11:49:45.0873 0652 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 11:49:45.0876 0652 RasPppoe - ok 11:49:45.0947 0652 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 11:49:45.0951 0652 RasSstp - ok 11:49:46.0036 0652 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 11:49:46.0043 0652 rdbss - ok 11:49:46.0095 0652 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:49:46.0097 0652 RDPCDD - ok 11:49:46.0181 0652 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 11:49:46.0189 0652 rdpdr - ok 11:49:46.0197 0652 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 11:49:46.0201 0652 RDPENCDD - ok 11:49:46.0256 0652 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 11:49:46.0262 0652 RDPWD - ok 11:49:46.0346 0652 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 11:49:46.0352 0652 RemoteAccess - ok 11:49:46.0426 0652 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 11:49:46.0434 0652 RemoteRegistry - ok 11:49:46.0503 0652 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 11:49:46.0508 0652 RFCOMM - ok 11:49:46.0545 0652 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys 11:49:46.0548 0652 rimmptsk - ok 11:49:46.0586 0652 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys 11:49:46.0589 0652 rimsptsk - ok 11:49:46.0615 0652 RimUsb - ok 11:49:46.0741 0652 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 11:49:46.0771 0652 RimVSerPort - ok 11:49:46.0871 0652 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 11:49:46.0874 0652 rismxdp - ok 11:49:46.0918 0652 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 11:49:46.0922 0652 ROOTMODEM - ok 11:49:46.0959 0652 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 11:49:46.0963 0652 RpcLocator - ok 11:49:47.0082 0652 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 11:49:47.0094 0652 RpcSs - ok 11:49:47.0161 0652 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 11:49:47.0164 0652 rspndr - ok 11:49:47.0288 0652 RTL8192cu (03b23895f3bdb25944d8e31397f7b18f) C:\Windows\system32\DRIVERS\RTL8192cu.sys 11:49:47.0318 0652 RTL8192cu - ok 11:49:47.0372 0652 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 11:49:47.0377 0652 SamSs - ok 11:49:47.0423 0652 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 11:49:47.0428 0652 sbp2port - ok 11:49:47.0503 0652 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 11:49:47.0511 0652 SCardSvr - ok 11:49:47.0616 0652 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 11:49:47.0648 0652 Schedule - ok 11:49:47.0718 0652 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 11:49:47.0720 0652 SCPolicySvc - ok 11:49:47.0793 0652 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 11:49:47.0798 0652 sdbus - ok 11:49:47.0868 0652 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 11:49:47.0876 0652 SDRSVC - ok 11:49:48.0041 0652 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 11:49:48.0049 0652 SeaPort - ok 11:49:48.0094 0652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 11:49:48.0097 0652 secdrv - ok 11:49:48.0156 0652 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 11:49:48.0163 0652 seclogon - ok 11:49:48.0182 0652 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 11:49:48.0189 0652 SENS - ok 11:49:48.0221 0652 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 11:49:48.0224 0652 Serenum - ok 11:49:48.0248 0652 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 11:49:48.0252 0652 Serial - ok 11:49:48.0275 0652 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 11:49:48.0278 0652 sermouse - ok 11:49:48.0353 0652 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 11:49:48.0361 0652 SessionEnv - ok 11:49:48.0419 0652 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 11:49:48.0422 0652 sffdisk - ok 11:49:48.0446 0652 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 11:49:48.0449 0652 sffp_mmc - ok 11:49:48.0520 0652 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 11:49:48.0523 0652 sffp_sd - ok 11:49:48.0556 0652 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 11:49:48.0559 0652 sfloppy - ok 11:49:48.0640 0652 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 11:49:48.0653 0652 SharedAccess - ok 11:49:48.0717 0652 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 11:49:48.0728 0652 ShellHWDetection - ok 11:49:48.0777 0652 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 11:49:48.0780 0652 sisagp - ok 11:49:48.0809 0652 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 11:49:48.0812 0652 SiSRaid2 - ok 11:49:48.0839 0652 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 11:49:48.0843 0652 SiSRaid4 - ok 11:49:49.0239 0652 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 11:49:49.0364 0652 slsvc - ok 11:49:49.0580 0652 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 11:49:49.0587 0652 SLUINotify - ok 11:49:49.0671 0652 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 11:49:49.0674 0652 Smb - ok 11:49:49.0740 0652 SndTDriverV32 (325c87d5640abfceda25aef70a9a7b00) C:\Windows\system32\drivers\SndTDriverV32.sys 11:49:49.0743 0652 SndTDriverV32 - ok 11:49:49.0780 0652 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 11:49:49.0787 0652 SNMPTRAP - ok 11:49:49.0826 0652 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\Windows\system32\DRIVERS\sparrow.sys 11:49:49.0829 0652 Sparrow - ok 11:49:49.0869 0652 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 11:49:49.0872 0652 spldr - ok 11:49:49.0966 0652 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 11:49:49.0975 0652 Spooler - ok 11:49:50.0122 0652 SQLAgent$MICROSOFTSMLBIZ (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE 11:49:50.0139 0652 SQLAgent$MICROSOFTSMLBIZ - ok 11:49:50.0204 0652 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 11:49:50.0219 0652 srv - ok 11:49:50.0277 0652 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 11:49:50.0283 0652 srv2 - ok 11:49:50.0309 0652 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 11:49:50.0314 0652 srvnet - ok 11:49:50.0391 0652 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys 11:49:50.0395 0652 ssadbus - ok 11:49:50.0455 0652 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\Windows\system32\DRIVERS\ssadmdfl.sys 11:49:50.0458 0652 ssadmdfl - ok 11:49:50.0517 0652 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\Windows\system32\DRIVERS\ssadmdm.sys 11:49:50.0522 0652 ssadmdm - ok 11:49:50.0603 0652 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys 11:49:50.0608 0652 sscdbus - ok 11:49:50.0631 0652 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys 11:49:50.0634 0652 sscdmdfl - ok 11:49:50.0669 0652 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys 11:49:50.0672 0652 sscdmdm - ok 11:49:50.0736 0652 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 11:49:50.0745 0652 SSDPSRV - ok 11:49:50.0789 0652 SSPORT (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys 11:49:50.0792 0652 SSPORT - ok 11:49:50.0882 0652 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 11:49:50.0891 0652 SstpSvc - ok 11:49:50.0980 0652 STacSV (cf26eb925f557d4d70973c702c8e7a49) C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe 11:49:50.0985 0652 STacSV - ok 11:49:51.0098 0652 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys 11:49:51.0131 0652 STHDA - ok 11:49:51.0256 0652 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 11:49:51.0281 0652 stisvc - ok 11:49:51.0390 0652 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 11:49:51.0395 0652 stllssvr - ok 11:49:51.0439 0652 SuperMounter - ok 11:49:51.0500 0652 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 11:49:51.0504 0652 swenum - ok 11:49:51.0598 0652 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 11:49:51.0623 0652 swprv - ok 11:49:51.0654 0652 symc810 (1ff3217614018630d0a6758630fc698c) C:\Windows\system32\DRIVERS\symc810.sys 11:49:51.0657 0652 symc810 - ok 11:49:51.0703 0652 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 11:49:51.0706 0652 Symc8xx - ok 11:49:51.0727 0652 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 11:49:51.0730 0652 Sym_hi - ok 11:49:51.0754 0652 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 11:49:51.0757 0652 Sym_u3 - ok 11:49:51.0845 0652 SynTP (fa2daa32bed908023272a0f77d625dae) C:\Windows\system32\DRIVERS\SynTP.sys 11:49:51.0852 0652 SynTP - ok 11:49:52.0073 0652 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 11:49:52.0102 0652 SysMain - ok 11:49:52.0156 0652 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 11:49:52.0165 0652 TabletInputService - ok 11:49:52.0209 0652 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\Windows\system32\DRIVERS\tap0901.sys 11:49:52.0212 0652 tap0901 - ok 11:49:52.0313 0652 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 11:49:52.0325 0652 TapiSrv - ok 11:49:52.0388 0652 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 11:49:52.0395 0652 TBS - ok 11:49:52.0546 0652 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys 11:49:52.0587 0652 Tcpip - ok 11:49:52.0609 0652 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys 11:49:52.0621 0652 Tcpip6 - ok 11:49:52.0692 0652 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 11:49:52.0695 0652 tcpipreg - ok 11:49:52.0734 0652 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 11:49:52.0737 0652 TDPIPE - ok 11:49:52.0778 0652 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 11:49:52.0781 0652 TDTCP - ok 11:49:52.0823 0652 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 11:49:52.0827 0652 tdx - ok 11:49:52.0894 0652 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 11:49:52.0898 0652 TermDD - ok 11:49:53.0007 0652 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 11:49:53.0033 0652 TermService - ok 11:49:53.0107 0652 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 11:49:53.0116 0652 Themes - ok 11:49:53.0176 0652 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 11:49:53.0181 0652 THREADORDER - ok 11:49:53.0252 0652 TlntSvr (5e1bc006cb4a26507d4512795cf08373) C:\Windows\System32\tlntsvr.exe 11:49:53.0260 0652 TlntSvr - ok 11:49:53.0300 0652 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\Windows\system32\DRIVERS\toside.sys 11:49:53.0303 0652 TosIde - ok 11:49:53.0362 0652 TPkd (5f226c681049fb1df1578af32bb641f1) C:\Windows\system32\drivers\TPkd.sys 11:49:53.0367 0652 TPkd - ok 11:49:53.0397 0652 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 11:49:53.0405 0652 TrkWks - ok 11:49:53.0498 0652 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 11:49:53.0500 0652 TrustedInstaller - ok 11:49:53.0556 0652 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:49:53.0559 0652 tssecsrv - ok 11:49:53.0631 0652 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 11:49:53.0634 0652 tunmp - ok 11:49:53.0717 0652 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 11:49:53.0720 0652 tunnel - ok 11:49:53.0762 0652 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 11:49:53.0765 0652 uagp35 - ok 11:49:53.0862 0652 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 11:49:53.0870 0652 udfs - ok 11:49:53.0931 0652 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 11:49:53.0938 0652 UI0Detect - ok 11:49:53.0968 0652 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 11:49:53.0972 0652 uliagpkx - ok 11:49:54.0028 0652 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 11:49:54.0036 0652 uliahci - ok 11:49:54.0065 0652 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 11:49:54.0069 0652 UlSata - ok 11:49:54.0104 0652 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 11:49:54.0108 0652 ulsata2 - ok 11:49:54.0162 0652 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\Windows\system32\DRIVERS\ultra.sys 11:49:54.0165 0652 ultra - ok 11:49:54.0216 0652 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 11:49:54.0220 0652 umbus - ok 11:49:54.0299 0652 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 11:49:54.0311 0652 upnphost - ok 11:49:54.0377 0652 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys 11:49:54.0380 0652 USBAAPL - ok 11:49:54.0469 0652 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 11:49:54.0473 0652 usbaudio - ok 11:49:54.0551 0652 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 11:49:54.0555 0652 usbccgp - ok 11:49:54.0611 0652 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 11:49:54.0616 0652 usbcir - ok 11:49:54.0684 0652 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 11:49:54.0687 0652 usbehci - ok 11:49:54.0721 0652 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 11:49:54.0727 0652 usbhub - ok 11:49:54.0753 0652 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 11:49:54.0756 0652 usbohci - ok 11:49:54.0811 0652 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 11:49:54.0814 0652 usbprint - ok 11:49:54.0874 0652 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 11:49:54.0877 0652 usbscan - ok 11:49:54.0903 0652 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:49:54.0907 0652 USBSTOR - ok 11:49:54.0958 0652 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 11:49:54.0961 0652 usbuhci - ok 11:49:55.0020 0652 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 11:49:55.0028 0652 UxSms - ok 11:49:55.0036 0652 VClone - ok 11:49:55.0132 0652 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 11:49:55.0155 0652 vds - ok 11:49:55.0200 0652 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 11:49:55.0203 0652 vga - ok 11:49:55.0253 0652 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 11:49:55.0256 0652 VgaSave - ok 11:49:55.0290 0652 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 11:49:55.0293 0652 viaagp - ok 11:49:55.0317 0652 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 11:49:55.0320 0652 ViaC7 - ok 11:49:55.0361 0652 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 11:49:55.0364 0652 viaide - ok 11:49:55.0457 0652 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\Windows\system32\Drivers\vmm.sys 11:49:55.0464 0652 vmm - ok 11:49:55.0535 0652 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 11:49:55.0539 0652 volmgr - ok 11:49:55.0630 0652 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 11:49:55.0644 0652 volmgrx - ok 11:49:55.0729 0652 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 11:49:55.0736 0652 volsnap - ok 11:49:55.0795 0652 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\Windows\system32\DRIVERS\VMNetSrv.sys 11:49:55.0799 0652 VPCNetS2 - ok 11:49:55.0854 0652 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 11:49:55.0859 0652 vsmraid - ok 11:49:56.0039 0652 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 11:49:56.0088 0652 VSS - ok 11:49:56.0195 0652 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 11:49:56.0222 0652 W32Time - ok 11:49:56.0291 0652 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 11:49:56.0295 0652 WacomPen - ok 11:49:56.0351 0652 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 11:49:56.0355 0652 Wanarp - ok 11:49:56.0361 0652 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 11:49:56.0363 0652 Wanarpv6 - ok 11:49:56.0420 0652 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 11:49:56.0450 0652 wcncsvc - ok 11:49:56.0497 0652 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 11:49:56.0505 0652 WcsPlugInService - ok 11:49:56.0548 0652 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 11:49:56.0552 0652 Wd - ok 11:49:56.0647 0652 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 11:49:56.0674 0652 Wdf01000 - ok 11:49:56.0740 0652 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 11:49:56.0748 0652 WdiServiceHost - ok 11:49:56.0756 0652 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 11:49:56.0764 0652 WdiSystemHost - ok 11:49:56.0848 0652 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 11:49:56.0859 0652 WebClient - ok 11:49:56.0920 0652 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 11:49:56.0931 0652 Wecsvc - ok 11:49:57.0002 0652 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 11:49:57.0011 0652 wercplsupport - ok 11:49:57.0286 0652 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 11:49:57.0295 0652 WerSvc - ok 11:49:57.0391 0652 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 11:49:57.0428 0652 winachsf - ok 11:49:57.0592 0652 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 11:49:57.0606 0652 WinDefend - ok 11:49:57.0616 0652 WinHttpAutoProxySvc - ok 11:49:57.0750 0652 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 11:49:57.0755 0652 Winmgmt - ok 11:49:57.0915 0652 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 11:49:57.0973 0652 WinRM - ok 11:49:58.0076 0652 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 11:49:58.0109 0652 Wlansvc - ok 11:49:58.0355 0652 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:49:58.0473 0652 wlidsvc - ok 11:49:58.0699 0652 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 11:49:58.0702 0652 WmiAcpi - ok 11:49:58.0827 0652 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 11:49:58.0832 0652 wmiApSrv - ok 11:49:59.0009 0652 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 11:49:59.0047 0652 WMPNetworkSvc - ok 11:49:59.0135 0652 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 11:49:59.0145 0652 WPCSvc - ok 11:49:59.0207 0652 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 11:49:59.0216 0652 WPDBusEnum - ok 11:49:59.0339 0652 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 11:49:59.0342 0652 WpdUsb - ok 11:49:59.0659 0652 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 11:49:59.0691 0652 WPFFontCache_v0400 - ok 11:49:59.0741 0652 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 11:49:59.0744 0652 ws2ifsl - ok 11:49:59.0857 0652 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 11:49:59.0865 0652 wscsvc - ok 11:49:59.0873 0652 WSearch - ok 11:50:00.0135 0652 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 11:50:00.0219 0652 wuauserv - ok 11:50:00.0448 0652 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:50:00.0453 0652 WUDFRd - ok 11:50:00.0517 0652 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 11:50:00.0527 0652 wudfsvc - ok 11:50:00.0562 0652 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 11:50:00.0565 0652 XAudio - ok 11:50:00.0626 0652 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe 11:50:00.0643 0652 XAudioService - ok 11:50:00.0715 0652 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 11:50:01.0489 0652 \Device\Harddisk0\DR0 - ok 11:50:01.0494 0652 Boot (0x1200) (6a5de7da301c790e4c5c33bffef37a50) \Device\Harddisk0\DR0\Partition0 11:50:01.0497 0652 \Device\Harddisk0\DR0\Partition0 - ok 11:50:01.0497 0652 ============================================================ 11:50:01.0497 0652 Scan finished 11:50:01.0498 0652 ============================================================ 11:50:01.0516 7008 Detected object count: 0 11:50:01.0516 7008 Actual detected object count: 0 11:50:10.0475 7428 Deinitialize success

#4 Bjorn P

Bjorn P

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 June 2012 - 01:43 PM

OTL.txt:


OTL logfile created on: 6/15/2012 1:30:39 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Bjorn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.71% Memory free
2.56 Gb Paging File | 1.09 Gb Available in Paging File | 42.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.89 Gb Total Space | 4.46 Gb Free Space | 4.25% Space Free | Partition Type: NTFS

Computer Name: XPSLAPTOP | User Name: Bjorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bjorn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Bjorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Users\Bjorn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Bjorn\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
PRC - C:\Program Files\Dell AIO Printer 948\memcard.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
PRC - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\Windows\System32\dldfcoms.exe ( )
PRC - C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\dlcfcoms.exe ( )


========== Modules (No Company Name) ==========

MOD - C:\Users\Bjorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2native.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
MOD - C:\Program Files\Dell AIO Printer 948\memcard.exe ()
MOD - C:\Program Files\Dell AIO Printer 948\dldfscw.dll ()
MOD - C:\Program Files\Dell AIO Printer 948\dldfdatr.dll ()
MOD - C:\Program Files\Dell AIO Printer 948\dldfcfg.dll ()
MOD - C:\Program Files\Dell AIO Printer 948\DLDFptp.dll ()
MOD - C:\Program Files\Dell AIO Printer 948\dldfcats.dll ()
MOD - C:\Windows\System32\APOMngr.dll ()
MOD - C:\Windows\System32\CmdRtr.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiSpywareService) -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ITMRTSVC) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (dldfCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe ()
SRV - (dldf_device) -- C:\Windows\System32\dldfcoms.exe ( )
SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (dlcf_device) -- C:\Windows\System32\dlcfcoms.exe ( )
SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)


========== Driver Services (SafeList) ==========

DRV - (VClone) -- system32\DRIVERS\VClone.sys File not found
DRV - (SuperMounter) -- File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PalmUSBD) -- system32\drivers\PalmUSBD.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (adfs) -- File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows ® Codename Longhorn DDK provider)
DRV - (RTL8192cu) -- C:\Windows\System32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation )
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (L6PODX3LV) -- C:\Windows\System32\drivers\L6PODX3LV.sys (Line 6)
DRV - (DigiNet) -- C:\Windows\System32\drivers\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (KORGUMDS) -- C:\Windows\System32\drivers\KORGUMDS.SYS (KORG Inc.)
DRV - (iLokDrvr) -- C:\Windows\System32\drivers\iLokDrvr.sys (PACE Anti-Piracy, Inc.)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (MAUSBFTP) Service for M-Audio Fast Track Pro (WDM) -- C:\Windows\System32\drivers\mausb.sys (Avid Technology, Inc.)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SndTDriverV32) -- C:\Windows\System32\drivers\SndTDriverV32.sys (Windows ® Codename Longhorn DDK provider)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (ASCTRM) -- C:\Windows\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (Packet) -- C:\Windows\System32\drivers\packet.sys (SingleClick Systems)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (monfilt) -- C:\Windows\System32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (ASPI32) -- C:\Windows\System32\drivers\Aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061218
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\..\SearchScopes,DefaultScope = {936011F8-ED91-422C-9676-67752E86E5CA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{936011F8-ED91-422C-9676-67752E86E5CA}: "URL" = http://www.google.co...amp;rlz=1I7DMUS
IE - HKCU\..\SearchScopes\{C57986B7-942D-4A6F-8EC1-CF10938AE5E0}: "URL" = http://search.avg.co...m...hte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.6b: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bjorn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bjorn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bjorn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bjorn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/11 10:59:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/12 22:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/19 22:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/19 22:37:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3DFF29E4-8B1A-428D-9F12-8CDADB1A5E97}: C:\Users\Bjorn\AppData\Local\{3DFF29E4-8B1A-428D-9F12-8CDADB1A5E97}

[2010/09/20 22:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bjorn\AppData\Roaming\Mozilla\Extensions
[2012/05/04 02:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bjorn\AppData\Roaming\Mozilla\Firefox\Profiles\5m3bey5u.default\extensions
[2010/11/03 19:09:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bjorn\AppData\Roaming\Mozilla\Firefox\Profiles\5m3bey5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/30 16:21:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bjorn\AppData\Roaming\Mozilla\Firefox\Profiles\5m3bey5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/05 02:23:03 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\Bjorn\AppData\Roaming\Mozilla\Firefox\Profiles\5m3bey5u.default\extensions\ext@sprng.me
[2011/03/15 22:24:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Bjorn\AppData\Roaming\Mozilla\Firefox\Profiles\5m3bey5u.default\extensions\personas@christopher.beard
[2012/03/21 22:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/11 09:58:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2007/03/27 14:40:31 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npdrmv2.dll
[2007/03/27 14:40:09 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\mozilla firefox\plugins\npdsplay.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2005/12/06 00:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/03/27 14:40:22 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/03/21 22:23:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/23 16:27:24 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2012/03/21 22:23:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bjorn\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: RoxioNow Player (Enabled) = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgpehoeakhlffpkgpigbkeagobkaofj\1.9.6.1_0\npRNowPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bjorn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bjorn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: VLC Multimedia Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Prezi = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\
CHR - Extension: Google Docs = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.4_0\
CHR - Extension: Mailto:Yahoo! Mail = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdpppfbclmfkmagnfcpakfgabnghfdmi\1.1_0\
CHR - Extension: Web Developer = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
CHR - Extension: eBay Web App = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.2_0\
CHR - Extension: Facebook = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Mint - Advanced Transaction Search = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolppbnklfonhjpimlcbdfdgmeipfjb\0.2.1_0\
CHR - Extension: Google Calendar = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Add to Google Calendar = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\
CHR - Extension: Pandora = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Springpad = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\
CHR - Extension: Chrome Radio Player = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjdhckebbdoobhniheihpdogeoeelbn\1.1.16_0\
CHR - Extension: Isoball 3 = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\
CHR - Extension: Chrome to Mobile Beta = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\0.2.0_0\
CHR - Extension: Google Theme = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne\1.0.1_0\
CHR - Extension: Craigslist Preview = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbgcbedienblgnfeecolmmcgocefnf\1.0.16_0\
CHR - Extension: AVG Safe Search = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Google Maps = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: Mint = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg\1.5_0\
CHR - Extension: AVG Do Not Track = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: RoxioNow Player Extension = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgpehoeakhlffpkgpigbkeagobkaofj\1.9.6.1_0\
CHR - Extension: Springpad Extension = C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0\

O1 HOSTS File: ([2010/09/17 19:32:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Bjorn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Bjorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bjorn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bighammer.com ([design] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bkp-net.com ([budget] http in Trusted sites)
O15 - HKCU\..Trusted Domains: healthpartners.com ([apps] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://myinfo.healt...svrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://192.168.1.113...UltraMJCamX.cab (UltraMJCamX Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF4499D6-2B51-4868-A1AB-2AA7ACC3A785}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF4499D6-2B51-4868-A1AB-2AA7ACC3A785}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6AB7B7F-23DC-4F7C-81FD-599A62864FD8}: NameServer = 8.8.8.8
O18 - Protocol\Handler\ebahn - No CLSID value found
O18 - Protocol\Handler\ezstor - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\x-ebahn - No CLSID value found
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files\Common Files\EzTools\wowctl2.dll (EzTools Software)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bjorn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bjorn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 20:33:11 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 12:27:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/15 12:27:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/15 12:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/15 11:47:39 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bjorn\Desktop\TDSSKiller.exe
[2012/06/15 11:45:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bjorn\Desktop\OTL.exe
[2012/06/15 01:27:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bjorn\Desktop\HiJackThis.exe
[2012/06/14 22:02:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 22:02:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 22:02:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 22:02:06 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 22:02:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 20:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/14 20:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/14 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/14 01:15:38 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 13:45:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/11 10:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Bjorn\Desktop\*.tmp files -> C:\Users\Bjorn\Desktop\*.tmp -> ]
[1 C:\Users\Bjorn\*.tmp files -> C:\Users\Bjorn\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bjorn\Desktop\TDSSKiller.exe
[2012/06/15 14:23:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{974E757E-9B91-404C-9261-2DE266C99558}.job
[2012/06/15 14:10:03 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012/06/15 14:07:04 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2012/06/15 14:05:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3490636062-2007861528-257309665-1006UA.job
[2012/06/15 13:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 13:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 13:27:10 | 000,124,166 | ---- | M] () -- C:\Users\Bjorn\Desktop\Peterson, Bjorn.tif
[2012/06/15 13:12:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/06/15 12:48:04 | 000,172,386 | ---- | M] () -- C:\Users\Bjorn\AppData\Roaming\nvModes.001
[2012/06/15 12:47:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 12:45:10 | 000,002,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 12:45:09 | 000,002,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 12:44:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/06/15 12:44:28 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\BMXDWW.job
[2012/06/15 12:44:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 12:42:49 | 2145,587,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 12:37:08 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/15 12:21:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/15 12:21:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/15 11:59:07 | 000,470,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 11:45:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bjorn\Desktop\OTL.exe
[2012/06/15 11:19:53 | 100,441,624 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/15 11:13:26 | 000,172,386 | ---- | M] () -- C:\Users\Bjorn\AppData\Roaming\nvModes.dat
[2012/06/15 01:27:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bjorn\Desktop\HiJackThis.exe
[2012/06/14 22:56:57 | 000,644,826 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 22:56:57 | 000,121,862 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 20:09:59 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/14 19:12:27 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3490636062-2007861528-257309665-1006Core.job
[2012/06/13 14:17:31 | 028,224,616 | R--- | M] () -- C:\Users\Public\Documents\Money Backup.mbf
[2012/06/12 22:18:22 | 001,052,634 | ---- | M] () -- C:\Users\Bjorn\Desktop\CenturyLink.pdf
[2012/06/11 21:17:19 | 000,002,043 | ---- | M] () -- C:\Users\Bjorn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 21:17:18 | 000,002,081 | ---- | M] () -- C:\Users\Bjorn\Desktop\Google Chrome.lnk
[2012/06/11 19:35:23 | 000,000,990 | ---- | M] () -- C:\Users\Bjorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/11 17:30:36 | 000,424,510 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/31 21:27:46 | 000,293,376 | ---- | M] () -- C:\Users\Bjorn\Desktop\Base Station Course Mtn Lakes.pps
[2012/05/22 19:21:18 | 000,002,491 | ---- | M] () -- C:\Users\Bjorn\Desktop\Mint.lnk
[2012/05/22 19:21:09 | 000,002,477 | ---- | M] () -- C:\Users\Bjorn\Desktop\Google Calendar.lnk
[2012/05/17 17:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/17 17:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/17 17:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/17 17:31:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/17 17:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/17 17:24:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/17 17:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Bjorn\Desktop\*.tmp files -> C:\Users\Bjorn\Desktop\*.tmp -> ]
[1 C:\Users\Bjorn\*.tmp files -> C:\Users\Bjorn\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 13:27:09 | 000,124,166 | ---- | C] () -- C:\Users\Bjorn\Desktop\Peterson, Bjorn.tif
[2012/06/14 20:09:59 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/12 22:18:22 | 001,052,634 | ---- | C] () -- C:\Users\Bjorn\Desktop\CenturyLink.pdf
[2012/05/31 21:27:45 | 000,293,376 | ---- | C] () -- C:\Users\Bjorn\Desktop\Base Station Course Mtn Lakes.pps
[2012/05/22 19:21:18 | 000,002,491 | ---- | C] () -- C:\Users\Bjorn\Desktop\Mint.lnk
[2012/05/22 19:21:09 | 000,002,477 | ---- | C] () -- C:\Users\Bjorn\Desktop\Google Calendar.lnk
[2012/04/12 12:57:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDFPMON.DLL
[2012/04/12 12:57:04 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDFFXPU.DLL
[2012/04/12 12:56:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldfoem.dll
[2012/04/12 12:56:44 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDFPMRC.DLL
[2012/04/12 12:54:13 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldfinst.dll
[2012/04/12 12:54:12 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\dldfhcp.dll
[2012/04/12 12:54:09 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\dldfinpa.dll
[2012/04/12 12:54:08 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldfiesc.dll
[2012/04/12 12:54:07 | 000,499,712 | ---- | C] () -- C:\Windows\System32\dldfutil.dll
[2012/04/12 12:54:06 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\dldfusb1.dll
[2012/04/12 12:54:05 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\dldfserv.dll
[2012/04/12 12:54:03 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldfprox.dll
[2012/04/12 12:54:02 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldfpmui.dll
[2012/04/12 12:54:00 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\dldflmpm.dll
[2012/04/12 12:53:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldfjswr.dll
[2012/04/12 12:53:57 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldfinsb.dll
[2012/04/12 12:53:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldfinsr.dll
[2012/04/12 12:53:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldfins.dll
[2012/04/12 12:53:54 | 000,320,136 | ---- | C] ( ) -- C:\Windows\System32\dldfih.exe
[2012/04/12 12:53:47 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldfhbn3.dll
[2012/04/12 12:53:46 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldfgrd.dll
[2012/04/12 12:53:41 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldfcub.dll
[2012/04/12 12:53:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldfcur.dll
[2012/04/12 12:53:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldfcu.dll
[2012/04/12 12:53:35 | 000,598,664 | ---- | C] ( ) -- C:\Windows\System32\dldfcoms.exe
[2012/04/12 12:53:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldfcomm.dll
[2012/04/12 12:53:28 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\dldfcomc.dll
[2012/04/12 12:53:25 | 000,365,192 | ---- | C] ( ) -- C:\Windows\System32\dldfcfg.exe
[2012/04/12 12:53:23 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldfcfg.dll
[2012/02/29 16:09:28 | 000,036,864 | ---- | C] () -- C:\Windows\unslive.exe
[2011/07/07 14:30:58 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/10/15 13:18:41 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/15 13:13:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/26 14:33:55 | 000,004,360 | ---- | C] () -- C:\Users\Bjorn\AppData\Roaming\Comma Separated Values (Windows).NOT

========== LOP Check ==========

[2012/04/14 21:27:25 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\948 Series
[2008/08/05 17:33:21 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Ableton
[2008/07/12 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Acon Digital Media
[2011/10/08 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\AVG2012
[2009/11/30 23:09:27 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Azureus
[2010/03/06 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Blender Foundation
[2012/04/18 17:08:26 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Canon
[2008/04/19 01:38:52 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Citrix
[2012/04/13 13:40:09 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2007/03/17 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\devphp
[2009/07/15 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Digidesign
[2012/04/26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Doceri Desktop
[2012/06/15 12:48:47 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Dropbox
[2008/08/02 15:14:03 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\DSound
[2007/12/14 22:35:00 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\eFax Messenger
[2012/05/01 14:17:10 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\FileZilla
[2012/04/15 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\GetRightToGo
[2012/05/16 11:41:36 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\gtk-2.0
[2010/05/14 03:28:15 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\HotSync
[2011/05/13 13:16:21 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\ICAClient
[2009/02/20 15:34:18 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\ImgBurn
[2008/12/04 23:25:28 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\JAlbum
[2011/09/13 18:20:42 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\KeePass
[2009/01/10 15:34:33 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Korg
[2007/03/17 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Leadertech
[2009/06/09 23:29:22 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Line 6
[2007/07/10 19:57:55 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Mobipocket Reader
[2007/03/17 20:23:47 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\n-Track Studio5
[2008/03/04 22:48:37 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\National Instruments
[2006/12/24 19:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\NetMedia Providers
[2007/10/20 12:36:19 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Orbit
[2008/12/21 18:10:33 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\PACE Anti-Piracy
[2011/08/03 23:17:27 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\PDF Writer
[2007/03/17 20:23:47 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\pdf995
[2007/04/12 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Plazmic
[2011/05/15 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\PPTRemote
[2008/10/29 20:25:40 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Propellerhead Software
[2006/12/24 19:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Publish Providers
[2011/06/22 15:10:09 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\SafAlert
[2010/03/04 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\SecondLife
[2009/01/18 17:54:48 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Shutterfly
[2012/06/14 19:20:55 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Spotify
[2008/07/08 00:48:00 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Steinberg
[2008/12/20 13:21:08 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Structure
[2010/03/12 22:34:00 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Subversion
[2007/04/12 20:42:40 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Themebuilder
[2008/12/21 18:15:41 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Trillium Lane
[2008/05/19 23:59:06 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\VonageTalk
[2012/04/15 19:31:34 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/02/23 16:29:07 | 000,000,000 | ---D | M] -- C:\Users\Bjorn\AppData\Roaming\XnView
[2012/06/15 12:44:28 | 000,000,300 | ---- | M] () -- C:\Windows\Tasks\BMXDWW.job
[2006/11/02 08:09:53 | 000,000,484 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/15 14:23:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{974E757E-9B91-404C-9261-2DE266C99558}.job
[2012/06/15 14:10:03 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012/06/15 14:07:04 | 000,000,246 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 06:05:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 06:05:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Bjorn\Documents\My eBooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bjorn\Documents\bitpim:Roxio EMC Stream
@Alternate Data Stream - 1370 bytes -> C:\ProgramData\Microsoft:2dtVLi8emcf65nglHaXgQ4R
@Alternate Data Stream - 1323 bytes -> C:\ProgramData\Microsoft:iPLMp4tE5pbiGwam8U0M
@Alternate Data Stream - 1287 bytes -> C:\Users\Bjorn\AppData\Local\zWMXsGyFU:CAn674tYcgsbVFEltPS2zaRl
@Alternate Data Stream - 1274 bytes -> C:\ProgramData\Microsoft:skxavScy8g33Orsmm65Jn1Hfu1SEQ
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1038CA08
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1224 bytes -> C:\Users\Bjorn\AppData\Local\rwBYzqH6sU1c:opFx5WfcyV9v6vLsSDEES
@Alternate Data Stream - 1214 bytes -> C:\ProgramData\Microsoft:PKJYIeIQOhMPWJYQ1gjwzJ
@Alternate Data Stream - 1169 bytes -> C:\ProgramData\Microsoft:DCCxgW2SIlpt0Wort1hq1AQ
@Alternate Data Stream - 1117 bytes -> C:\ProgramData\DRM:Kzo8JRODibIB9MkTFetTlUEa6

< End of report >

#5 Bjorn P

Bjorn P

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 June 2012 - 01:44 PM

Extras.txt:


OTL Extras logfile created on: 6/15/2012 1:30:39 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Bjorn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.71% Memory free
2.56 Gb Paging File | 1.09 Gb Available in Paging File | 42.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.89 Gb Total Space | 4.46 Gb Free Space | 4.25% Space Free | Partition Type: NTFS

Computer Name: XPSLAPTOP | User Name: Bjorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3490636062-2007861528-257309665-1006]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010A6CA6-E18C-4681-B5B5-F86352C337A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10B5F2FE-E62B-4E49-A669-F764418E8F1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A930103-3D34-4E91-88CF-67B61E2FF1F3}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) |
"{321B6481-C57F-4B97-8D62-36A9A6B6878E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{348FE253-A153-4355-9320-5DD8887BFE7E}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) |
"{3ED10FF2-1806-455F-AA68-314C7C6522A2}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) |
"{3EE66E91-AEC7-48DA-852D-1DA6B9ACE83B}" = lport=8086 | protocol=6 | dir=in | name=doceri |
"{43618B74-66E8-4C1E-88A4-A1D9CFA0941F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4AE377C1-C32D-4913-97A8-D762E6D00A21}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5A303470-2D5D-479C-A14F-2C86857787AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{63C0292B-8FBD-4BCC-BA53-6E18C1F4394B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{641FE7E5-6239-40F3-B75D-A77B56A13BAC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{69CC9A26-29A3-46BB-B7E5-AADCFF8BD953}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A5AB986-D315-45EE-A310-1F61CEBC6008}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7502AD1B-CFE0-460C-815F-EDF478C47420}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B377E5A-D58E-4209-BC32-7CB1ED28B7D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{83D1AF2B-3DC5-47A2-BDB9-907CDDA0DEB0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BA667F0-FCD8-45E5-9C53-845D809306DD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{94EC8234-3E19-4131-B19E-970E274B2C3B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{959F0BE4-2E6F-4292-B8CA-B7C8A2405810}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0216178-F1FD-4C94-8AD1-0DF492DD9026}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6DA379B-C4BC-453B-89CD-A1173EB8EAE1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{B755A9F6-7DED-4392-BBB5-C1832AB87E21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D49A8109-3F9E-4291-866E-84DDF0DAD997}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5DEB4EA-1A71-4F4F-B57C-62FC8576903E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E561A5DA-5085-4A99-A5FF-30CC03CC570D}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) |
"{FCA72772-EA59-40E6-839F-80EA9194A801}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0067413B-E4E0-4F89-AE60-D0A43D43C7FD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{012EE0F5-EC59-4C40-98A8-4FC41C093A2F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{03CA663C-CBE2-4C86-AD07-65FF54C746EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0400B43D-EB4A-4812-8734-F8AEC382433A}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{04182F41-5FD8-4551-BED0-0B95DCBF1CB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{04FFEB8A-DE1F-4C93-BE92-65D5D8AF3E9A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{05070727-ADCE-4798-9AC1-A81197C3C6F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0591B1F0-46BA-41A9-BB50-333C95403CC3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{0827F612-B88E-4887-B828-F97233E74443}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{082DA5A1-E53E-490E-BF0D-87F634FDF348}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{0C21A939-2E2F-45A5-A7F6-23A8C99CAB82}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{0EC1A06D-A38A-4BE1-9EFD-C15E489B73F1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{10A6B099-F6CE-4D1B-AF92-D31DDFE79CC1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{11AE4337-69EA-4BEB-A4BF-CEB8E256ED0A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{14256DE8-ECCC-43A7-A144-C58562396ED9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{1542F20E-499C-47B2-91E2-3AA2D8DC22E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1AF8DE51-32C7-40AB-A825-C07EF7EA33D5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{1E9C5848-39AF-4666-8487-B4E0BC43F709}" = protocol=6 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{1EA8F4A7-DB11-4B29-B6FE-7EB06CEC9EC9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{1F31044F-D4C4-4ACF-B88C-C42B2555EB89}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FA635F1-E640-400A-B195-EFCE74CB31A4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{20895618-BD57-4721-A6E4-5D3E0425E798}" = protocol=6 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{247EEF63-21F1-47FA-89CC-9DF89846AB77}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{269AF47B-182D-4D46-BA0A-4BD0839EC3F6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{2BB0D80F-0E63-4644-8EAA-9BC16357E196}" = protocol=6 | dir=in | app=c:\users\bjorn\appdata\roaming\dropbox\bin\dropbox.exe |
"{2D06531B-A22B-4752-BFD6-904B4D44B2D7}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"{2F12E641-A748-441B-8A5B-5764E79B5770}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{2FDF2308-6556-4976-B9BC-E2B0D2D3281C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3B97A251-D1D0-4334-B6ED-BEE8A8E2620D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{3DC4ED5D-8DD0-47D4-B58A-BC9DD4EAF7D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{4211FF48-25CF-4156-B416-A5E6416AC8D7}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{4284DF6F-CCA5-4EEF-BB5D-E544A2040306}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldftime.exe |
"{48B669E1-3DF4-4AA8-860C-66B4D0FC5F3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B87EA61-FC1D-46E3-B24A-A3553B324D55}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{5038D4BB-A88C-4641-9174-69BBE79DA7BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51CDFA52-6A7B-4E51-B244-83F0A03A2F44}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5780F5AE-D855-422B-ACE5-EA74D6CD311A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{59116CAA-CAC6-41D0-B223-CA2D80356BE9}" = protocol=17 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{5B00F7E9-ECE5-45DA-87D4-85EB79545285}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60B8941C-5B84-4331-91CE-0C17EE44E563}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{639C6870-5FB5-42A3-B980-1A9DDB22AB00}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{68DB9FDD-70A2-4358-8386-A319E08530AF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{6980213B-98EE-4471-BC2E-08A967D349B4}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{6B94A8B6-E880-446B-BA20-71B14BAEA4F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E8FBD07-0556-41FE-B499-6992967E53E8}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{7342A883-B6A0-4E33-9EFB-95C676A5F47C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{7491A2EE-99DC-41D4-8C4E-DAB89C685329}" = protocol=17 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{78B83252-C9AC-4741-8A81-EA1E16242847}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{793A7CDE-6A9C-415C-BC8E-6A225648B3A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AFD9E13-5B6B-44E6-A2B0-5E1E7801608A}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{7D293E17-686F-4D56-85BD-183FC173ECCC}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{7E5F5A5B-BB01-4813-B984-6215F2BFD468}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7F503AF0-30D8-40D0-97DC-FD2EF4055266}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F857206-B6BD-4A0F-8089-AE31EDDFAFCE}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfafcn.exe |
"{829481F5-B8D1-4C79-A7F5-FF809DD19530}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8630A9C3-0C8A-4672-8897-765FED38102F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldftime.exe |
"{8764E42C-7D53-4CD5-AE53-D7AA85D07087}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8A86B6E3-6514-4440-B585-BE561BCBC16B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{905450A9-B2FE-4D1C-B3D6-53CC5588CE97}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{92994E5E-D7C8-462A-97A8-3E712004713D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9454EC2B-D45B-4B95-B2B3-BAA00B384C07}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"{9673AB21-A3F6-4CBD-83BC-E496E9E0FA98}" = protocol=17 | dir=in | app=c:\users\bjorn\appdata\roaming\dropbox\bin\dropbox.exe |
"{97EB225C-8E33-4A46-94C8-88D623929CE1}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{990EA8F8-1E21-4DC5-9A90-4EA673283E0B}" = protocol=6 | dir=out | app=system |
"{9A1DFE6C-8176-482C-A544-D2B53C21388A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{9C089D8A-AC57-4663-8158-135F51235ACC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CABD5BF-3007-482A-AAD5-EA3D8A42745A}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{A33A7865-7A73-4B84-95AF-12BDB9523AB0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"{A41D3412-7CDD-4170-949B-B907209233B3}" = protocol=17 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{A7A9134C-4967-48FB-9D61-1AED28DC9064}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{A915301C-7F06-4C0B-853C-1FFE886A3B14}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{ADE06486-CFEF-4A84-8CBD-8A26F8C3777D}" = protocol=6 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{AEA5680D-E8A5-42C8-AF45-5829A6C8C715}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{B942F39E-EF76-451C-A444-B368BC425E7A}" = protocol=17 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{BFFFFDC5-8DAF-480E-90B6-E4F2C23E7F98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C03F8392-A298-49B1-9E68-49147BA1F1E4}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{C18CA67B-CCD1-4B18-A86F-35B35FC58489}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C902ACB1-D575-40A5-A148-F05237BD9DBC}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{CB3FA20A-E694-47FC-98FF-A1161CA6158E}" = protocol=6 | dir=in | app=c:\program files\doceri desktop\doceri desktop.exe |
"{CC3708F7-CEFC-4DCD-8040-47710EA1C8F1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF3ADD83-41DC-4BDC-BE5B-2E6F7F8734CF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D3E52430-8E18-400C-9BC3-D0E8E30B6AE0}" = protocol=17 | dir=in | app=c:\program files\doceri desktop\doceri desktop.exe |
"{D3EB4BA7-FEFC-48F4-A7E2-5D448EAC1924}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{D7808244-8886-4799-8FF5-699847975523}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DA0C5126-7B57-44BC-A83E-24FF83FA778C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DA7BA3A5-7285-4712-8B17-E0290CBBC87A}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfafcn.exe |
"{E3AAD5AD-312C-4F37-9073-F7B4F96DD481}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E449EAC9-D4E9-4732-A6DC-C1C8F9C074F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E6F3DA6E-8652-4643-8796-B65A3FC834D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EAB275DC-DCA6-4212-A3C0-F905DAB2CACA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDA08C8E-625E-4D5A-99A5-AA2BAC458327}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{EEC1A5AE-2810-42DB-8BB1-DDC013F5CBBB}" = protocol=6 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{F0A937CA-528A-4501-9EBB-F39C9684561B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2881BFA-5413-421A-A95F-7E83477E3D91}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F44FD74E-401B-466E-930B-58F73315CCDA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F641C19E-A1B1-447B-8796-E3F5F1364B11}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{F7385F43-51C1-4FC0-B90D-43DA911037D0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F858D802-B5EC-4528-940D-84F12F6287A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FC86B77C-78FB-49D7-B659-F2D0137CF30B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{030C2AF9-C2C1-440A-9746-C96F3003F91A}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{03B106E7-0F00-4A7C-9BA9-7E8B458C8198}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{3AEBDB1F-796E-4D32-A142-A4F5A48D5250}C:\program files\usmle\2010fredv2step3\ned.exe" = protocol=6 | dir=in | app=c:\program files\usmle\2010fredv2step3\ned.exe |
"TCP Query User{3DE4E165-650E-4265-974C-3F22F38DAA01}C:\users\bjorn\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bjorn\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4A7F51FE-B7CF-4804-AB2D-412FDD7E7601}C:\program files\senstic\i-clickr\i-clickr.exe" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"TCP Query User{72E1E072-9880-40F8-B5C1-0703044C64CF}C:\program files\usmle\2010fredv2step3\fredv2orient.exe" = protocol=6 | dir=in | app=c:\program files\usmle\2010fredv2step3\fredv2orient.exe |
"TCP Query User{7E87DBC2-2C95-4200-A6F7-91C6FFBE7964}C:\program files\research in motion\blackberry smartphone simulators 4.6.1\4.6.1.114 (8900-t-mobileus)\fledge.exe" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry smartphone simulators 4.6.1\4.6.1.114 (8900-t-mobileus)\fledge.exe |
"TCP Query User{8D4302A2-62F4-4A88-9D1C-10F1440CA344}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{9A4E5892-A065-4476-9520-C34D7560E4E0}C:\program files\usmle\2010fredv2step3\ned.exe" = protocol=6 | dir=in | app=c:\program files\usmle\2010fredv2step3\ned.exe |
"TCP Query User{9D243AEE-1AB9-4BD3-B8EF-1642F13125E9}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{A421BC7B-2A21-4CAC-ABB6-2C74E0536FD0}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"TCP Query User{B10F1A5E-7365-4CE4-AEAD-1A7E5ECBAC18}C:\program files\pinnacle\studio 11\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"TCP Query User{C6ACA696-32B7-4F11-BFF6-C53309507963}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{CB976121-C491-4F5F-BCB2-537F9A65E534}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{D1BCE1EF-20DA-4B41-85AC-93A8CB00F240}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{D4599F17-035E-4FB5-AB44-C0B3E2B1B947}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"TCP Query User{D6DEDABF-3C0D-4B32-829D-8932BFB8D2C3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E484B836-B7F3-43A9-BD5B-30CA0289996F}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{EDF48443-7DE4-476A-A169-1C9D53815EB8}C:\program files\research in motion\blackberry smartphone simulators 4.6.1\4.6.1.114 (8900-t-mobileus)\fledge.exe" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry smartphone simulators 4.6.1\4.6.1.114 (8900-t-mobileus)\fledge.exe |
"TCP Query User{F0041A94-FB62-478B-8E2B-D7CC7870CBC2}C:\program files\mseven software\msecure\msecure.exe" = protocol=6 | dir=in | app=c:\program files\mseven software\msecure\msecure.exe |
"TCP Query User{F2B41CA3-7D93-4E64-BCC7-6764C2FF9A25}C:\program files\java\jre6\launch4j-tmp\doceri desktop.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\doceri desktop.exe |
"TCP Query User{FDB9B1F1-9D8B-46EF-91FF-35B0D81415C8}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{00E58CE9-358C-4E87-BD9B-DF53E786B2E7}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"UDP Query User{056599BF-D7E9-4ED3-9174-E96A66AB7EF9}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"UDP Query User{0BA6FCD5-777A-4B2D-B446-4EA8E00F3A10}C:\program files\java\jre6\launch4j-tmp\doceri desktop.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\doceri desktop.exe |
"UDP Query User{23D9F7A2-FFAF-481E-8C1F-4388D62717ED}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{30C2135E-1520-43BD-8A58-C66B797E1B6B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4AD2D486-E20F-4CA9-BBFD-2529E749A5ED}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{66F50D2D-7228-4AE9-9898-A206831E7C86}C:\users\bjorn\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bjorn\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{69A41543-4614-4100-BD96-25C4242926C3}C:\program files\senstic\i-clickr\i-clickr.exe" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"UDP Query User{745489DC-47C6-45AB-8BDA-F59ED8AE9F5B}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{7D29F4CC-8368-4089-8F82-FCC83B2C1738}C:\program files\usmle\2010fredv2step3\fredv2orient.exe" = protocol=17 | dir=in | app=c:\program files\usmle\2010fredv2step3\fredv2orient.exe |
"UDP Query User{810356A8-DE46-4F68-971A-37549F555E62}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{829D0205-97F5-49D7-A05D-1C175801883E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{8910EAE0-407D-4B7B-9013-8D008D4D9176}C:\program files\usmle\2010fredv2step3\ned.exe" = protocol=17 | dir=in | app=c:\program files\usmle\2010fredv2step3\ned.exe |
"UDP Query User{A11AF434-FDAF-41BC-9093-FBF3A3806813}C:\program files\research in motion\blackberry smartphone simulators 4.6.1\4.6.1.114 (8900-t-mobileus)\fledge.exe" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry smartphone simulators 4.6.1\4.6.1.114 (8900-t-mobileus)\fledge.exe |
"UDP Query User{A60DDA06-A5E9-47A9-9404-BA479B1B1B84}C:\program files\mseven software\msecure\msecure.exe" = protocol=17 | dir=in | app=c:\program files\mseven software\msecure\msecure.exe |
"UDP Query User{AFEE4E0F-7985-4185-A7EF-1D05D754D41B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{D2D8F7C2-7417-46F7-89A7-53B1321BBD20}C:\program files\usmle\2010fredv2step3\ned.exe" = protocol=17 | dir=in | app=c:\program files\usmle\2010fredv2step3\ned.exe |
"UDP Query User{D6FA76CA-F5E2-4F9A-85A6-ECF88F203BA1}C:\program files\pinnacle\studio 11\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"UDP Query User{F000D440-8939-48D9-A2F7-5ADD9A685FB5}C:\program files\research in motion\blackberry smartphone simulators 4.6.1\4.6.1.114 (8900-t-mobileus)\fledge.exe" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry smartphone simulators 4.6.1\4.6.1.114 (8900-t-mobileus)\fledge.exe |
"UDP Query User{F360EB35-778C-4BC6-87A9-9E08FBBB6DC1}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{F7BF4889-0E64-48B3-8098-063044A91F14}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{FD1F0028-ACDB-4F03-B84B-774F73326BAF}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B06D09-CF96-4878-A0F4-B6217150BB1B}" = Microsoft Money 2003
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0A1EE987-7B96-406B-8E16-F5322638306E}" = Dragon NaturallySpeaking 10 Client Update for Citrix
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14AA664E-9BFA-44C4-A083-83A2998679BA}" = Digidesign Pro Tools M-Powered 8.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E26327C-5168-43B3-BEC1-4E3AA945C711}" = QuickConnect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216572F2-5179-4912-8FA3-5C7DE10C47AF}_is1" = IPSetup version 2.0.0.0
"{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}" = Fast Track Pro
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{42442CA9-90E6-4011-BB55-7C263F6D5EC1}" = BIAS SoundSoap PE 2.1
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C2CEEBA-A5EB-496E-B24D-C26D93157EB7}" = DSound GT Player Express
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D31824D-64D4-42A3-B83A-CD289402BC2A}" = Python 2.5 py2exe-0.6.9
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74480BA5-D91E-45E5-8DF7-0E5799CE8B48}" = mSecure
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A17B0B6-AD89-4321-99E6-09D9ABFA254D}" = MelodyneEssential 1.8
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 8.0
"{A132B77E-7262-4663-A7CC-552895213CB4}" = mSecure
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BCF75973-29C2-4245-80E3-B3C2B7E7548B}" = AVG 2012
"{BD7C2915-DB28-4D8C-B54C-CC920846C5D3}" = Dolet Light for Finale
"{BE44D80F-62BF-48E2-A3CB-4A8A26B25859}_is1" = Doceri Desktop version 1.2.12.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C6522325-92ED-4312-A45A-04E45896C130}" = WLTB Custom Buttons
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio Ultimate
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0904}" = Microsoft Digital Image Pro 9
"{DCC0803F-1CCB-485B-81F4-921744685CEB}" = Slik Subversion 1.6.9 (x86)
"{DD7C1079-A2CC-48FB-8208-1EE38C8C2FBA}" = BlackBerry v4.2.1 for the 8100 Series Wireless Handheld
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper x32
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"6D07236E1D2F8479C88537ED0B7EB5D15ABBF7D5" = Windows Driver Package - Ross-Tech USB Driver Package (11/16/2007 6.0.2.0)
"7-Zip" = 7-Zip 9.20
"80E5581805E14DD17EDB025EB86D820E06128E18" = Windows Driver Package - PACE Anti-Piracy, Inc. (iLokDrvr) Dongles (6/5/2008 5.8.3.3162)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Android SDK Tools" = Android SDK Tools
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"Antares Microphone Modeler - ZONE" = Antares Microphone Modeler - ZONE
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG" = AVG 2012
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"boa-constructor-py2.6" = Python 2.6 boa-constructor-0.6.1
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Audio Pack" = Creative Audio Pack
"Dell AIO Printer 948" = Dell AIO Printer 948
"Dell Game Console" = Dell Game Console
"DevPHP" = Dev-PHP (remove only)
"doubleTwist" = doubleTwist
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"EffectChainer_is1" = EffectChainer 1.02
"eFile Express 2010" = eFile Express 2010
"EzToolsLib2 6 ActiveX Control Pack_is1" = EzToolsLib2 6 ActiveX Control Pack
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.5.3
"Finale 2003a" = Finale 2003a
"GoldWave v5.19" = GoldWave v5.19
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"ImgBurn" = ImgBurn
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper x32
"JBuster" = JBuster
"Line 6 Edit" = Line 6 Edit (remove only)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Live 7.0.9" = Live 7.0.9
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments B4 II" = Native Instruments B4 II
"numpy-py2.6" = Python 2.6 numpy-1.6.1
"NVIDIA Drivers" = NVIDIA Drivers
"PictureIt_v9" = Microsoft Digital Image Pro 9
"py2exe-py2.6" = Python 2.6 py2exe-0.6.9
"PyAudio-py2.6" = Python 2.6 PyAudio
"PyAudio-py2.7" = Python 2.7 PyAudio
"pymedia-py2.6" = Python 2.6 pymedia-1.3.7.3
"pyserial-py2.6" = Python 2.6 pyserial-2.5
"RealPlayer 6.0" = RealPlayer Basic
"Samsung ML-1740 Series" = Samsung ML-1740 Series
"ScenalyzerLive" = ScenalyzerLive (remove)
"SearchAssist" = SearchAssist
"smARTupdate" = smARTupdate
"SPG MP3 Splitter_is1" = SPG MP3 Splitter 1.0
"Steinberg V-STack V1.2.0.22" = Steinberg V-STack V1.2.0.22
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"URS Classic Console Strip Pro VST RTAS_is1" = URS Classic Console Strip Pro VST RTAS v1.0
"VB:FFX-4 Rack" = VB:FFX-4 Rack
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Vst To Rtas Adapter V2.11" = Vst To Rtas Adapter V2.11
"WConio-py2.6" = Python 2.6 WConio-1.5.1
"WildTangent CDA" = WildTangent Web Driver
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.12.1 (unicode) for Python 2.6
"xampp" = XAMPP 1.7.7
"XnView Shell Extension_is1" = XnView Shell Extension 3.1.0
"XnView_is1" = XnView 1.98.5
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Spotify" = Spotify
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2012 3:14:33 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2012 3:14:33 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 43010

Error - 6/15/2012 3:14:33 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 43010

Error - 6/15/2012 3:14:34 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2012 3:14:34 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 44024

Error - 6/15/2012 3:14:34 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 44024

Error - 6/15/2012 3:14:35 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2012 3:14:35 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 45022

Error - 6/15/2012 3:14:35 AM | Computer Name = XPSLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 45022

Error - 6/15/2012 2:22:10 PM | Computer Name = XPSLaptop | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.48.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1650 Start Time: 01cd4b20c5a48d7a Termination Time: 15

[ System Events ]
Error - 6/15/2012 1:00:57 PM | Computer Name = XPSLaptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SuperMounter VClone

Error - 6/15/2012 1:33:47 PM | Computer Name = XPSLaptop | Source = DCOM | ID = 10010
Description = The server {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4} did not register
with DCOM within the required timeout.

Error - 6/15/2012 1:34:44 PM | Computer Name = XPSLaptop | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shutdown properly after receiving
a preshutdown control.

Error - 6/15/2012 1:39:04 PM | Computer Name = XPSLaptop | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/15/2012 1:42:49 PM | Computer Name = XPSLaptop | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 6/15/2012 1:45:37 PM | Computer Name = XPSLaptop | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 6/15/2012 1:45:37 PM | Computer Name = XPSLaptop | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 6/15/2012 1:45:37 PM | Computer Name = XPSLaptop | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dldfCATSCustConnectService
service to connect.

Error - 6/15/2012 1:45:37 PM | Computer Name = XPSLaptop | Source = Service Control Manager | ID = 7000
Description = The dldfCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/15/2012 1:45:48 PM | Computer Name = XPSLaptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SuperMounter VClone


< End of report >

#6 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 15 June 2012 - 02:26 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :Otl
    FF - prefs.js..browser.search.selectedEngine: "Blekko"
    [2012/02/23 16:27:24 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )









Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.


#7 Bjorn P

Bjorn P

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 June 2012 - 07:44 PM

I ran both, the OTL program worked fine and ComboFix worked fine, then rebooted, then showed a screen stating it was preparing the log file. This did not change for over 3 hours, I had to reboot the computer again. There is no ComboFix log file to attach, sorry. Here is the OTL log file after running the custom fix script you posted above: All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Prefs.js: "Blekko" removed from browser.search.selectedEngine C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Bjorn ->Temp folder emptied: 1003842711 bytes ->Temporary Internet Files folder emptied: 1714174053 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 52515603 bytes ->Google Chrome cache emptied: 141913127 bytes ->Apple Safari cache emptied: 16384 bytes ->Flash cache emptied: 58993 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Elizabeth ->Temp folder emptied: 34993 bytes ->Temporary Internet Files folder emptied: 305386 bytes ->FireFox cache emptied: 3461507 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 294183 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 629382965 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 17399049 bytes Total Files Cleaned = 3,398.00 mb OTL by OldTimer - Version 3.2.48.0 log created on 06152012_163919 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

#8 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 15 June 2012 - 08:07 PM

The Combofix log will be at C:\ComboFix.txt

#9 Bjorn P

Bjorn P

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 June 2012 - 06:52 PM

Nope, no log file there. It looks like the program froze before it could create it. I had to reboot my computer after 4 hours of no progress. Should I run it again?

#10 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 17 June 2012 - 07:04 PM

Run it again, if it freezes again,stop the scan and run it again in safe mode.To get into safe mode instructions are below if you need them. Turn the computer on or Restart the computer Start tapping the F8 key. The Windows Advanced Boot Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe mode option is selected (the top option) Press Enter. The computer then begins to start in Safe mode.

#11 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 20 June 2012 - 01:12 PM

Do you still need help with this?

#12 Bjorn P

Bjorn P

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 June 2012 - 10:34 PM

Yes, ComboFix wont run in safe mode, and it freezes after rebooting in normal mode. Antivirus disabled, made sure I'm running as administrator. Any other thoughts?

#13 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 21 June 2012 - 03:37 AM

Please download Malwarebytes Free from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the log please









Next

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is not checked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/





Also tell me how the computer is running now.

#14 Bjorn P

Bjorn P

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 June 2012 - 06:35 AM

Thanks, the computer is running much better. My browser does not take nearly as much time to load.

Here is the MalwareBytes log:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bjorn :: XPSLAPTOP [administrator]

Protection: Enabled

6/23/2012 10:10:21 PM
mbam-log-2012-06-23 (22-10-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261262
Time elapsed: 15 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

(end)




And the ESET log:

C:\Users\Bjorn\AppData\Local\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan
C:\Users\Bjorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\57ca5a62-1a2ece55 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Bjorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\3d30f927-557550fd multiple threats
C:\Users\Bjorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3a249fb5-77e162e5 multiple threats
C:\Users\Bjorn\Desktop\Phone Apps\OneClickRootCWM3-EB13.zip Android/Exploit.RageCage.A trojan
C:\Users\Bjorn\Desktop\Phone Apps\OneClickRootCWM3-EB13\rageagainstthecage-arm5.bin Android/Exploit.RageCage.A trojan

#15 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 24 June 2012 - 11:17 AM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :files
    C:\Users\Bjorn\AppData\Local\TempImages\UpdateInstaller.exe 
    C:\Users\Bjorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\57ca5a62-1a2ece55 
    C:\Users\Bjorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\3d30f927-557550fd
    C:\Users\Bjorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3a249fb5-77e162e5
    
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )




Similar Topics: blekko.com     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users