Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow and freezing computer [Closed]


  • This topic is locked This topic is locked
41 replies to this topic

#1 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 09 June 2014 - 12:04 PM

So, brief background.  My previous laptop died and I bought an old 2002 Toshiba from a coworker.  It had a lot of adware on it and I cleaned it out but I think it still has problems because it takes it a good 5-10 minutes to boot up completely and freezes constantly.  I've made a HiJackThis log and it's below.  Any help would be greatly appreciated.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:27:05 PM, on 6/9/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trillian\trillian.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.5\ScriptHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...F6-470F53AA4705
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9551E1C1FBAA8F6DD8374036CB9CF102] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\rac\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.picnik.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device -   - C:\Windows\system32\dldfcoms.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Update Mega Browse - Unknown owner - C:\Program Files\Mega Browse\updateMegaBrowse.exe (file missing)
O23 - Service: Util Mega Browse - Unknown owner - C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe (file missing)
O23 - Service: vToolbarUpdater18.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
 
--
End of file - 9061 bytes
 

    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,286 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 June 2014 - 02:48 PM

Hello Sarit and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download one of these to your desktop:



for a 32-bt system download this version.
for 64-bit use this one

.

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 11 June 2014 - 03:01 PM

Okay. I ran the program and here's the report:

 

RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : rac [Admin rights]
Mode : Scan -- Date : 06/11/2014  16:56:54
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"  -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode  -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][CHROME:Addon] Default : AVG Secure Search [ndibdjnfmopecpmkdieinmbadjfpblof] -> FOUND
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK8037GSX ATA Device +++++
--- User ---
[MBR] ef1cf80a887d5867eac45cb539ae2f71
[BSP] 359adfaa6652908a617e4c101297499c : Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 69266 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 144930816 | Size: 5552 MB
User = LL1 ... OK
User = LL2 ... OK


#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,286 posts
  • Interests:LFC, music, more LFC, more music

Posted 11 June 2014 - 03:55 PM

That scan showed up that there is a problem that could run deeper so we need a few different types of scans to find out what is happening.

=================

 

As there are quite a few instructions here, it might be a good idea to print them out and complete them, (in the order given), as and when you can.

=================

 

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan click on the “Registry” tab
  • make sure these entries are checked, then click on Delete:

[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"  -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode  -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"  -> FOUND


Please include the Delete log in your next post.

===================================================

Note: Please run these next scans in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT


     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

Logs to include with next post:

the Delete log
AdwCleaner log
JRT.txt
OTL.txt
Extras.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 12 June 2014 - 05:19 AM

Hello!

 

Took all day but I managed to get all the scans done.  However, there was a slight problem with the AdwCleaner.  I ran the scan and it game up with two items to fix.  They were both Mega Browser.  I selected clean but the program completely froze up.  When I restarted it again, the two items were gone.  I made a report for it anyway and included it here.

 

RKDelete Report

 

RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : rac [Admin rights]
Mode : Remove -- Date : 06/11/2014  20:01:56
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [x] -> REPLACED ("C:\Program Files\Mozilla Firefox\firefox.exe")
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [x] -> REPLACED ("C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command |  : "C:\Users\rac\AppData\Local\xvd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [x] -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][CHROME:Addon] Default : AVG Secure Search [ndibdjnfmopecpmkdieinmbadjfpblof] -> NOT SELECTED
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK8037GSX ATA Device +++++
--- User ---
[MBR] ef1cf80a887d5867eac45cb539ae2f71
[BSP] 359adfaa6652908a617e4c101297499c : Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 69266 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 144930816 | Size: 5552 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================

 

RKreport_SCN_06112014_165654.log - RKreport_SCN_06112014_200111.log
 
 
 
AdwCleaner Report
 

# AdwCleaner v3.212 - Report created 12/06/2014 at 07:11:41
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : rac - TOMOHISA
# Running from : C:\Users\rac\Downloads\adwcleaner_3.212.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files\Mozilla Firefox\.autoreg
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\Users\rac\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\rac\AppData\Local\PackageAware
Folder Found : C:\Users\rac\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\q8bpoqvj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\rac\Documents\Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16555
 
 
-\\ Mozilla Firefox v4.0.1 (en-US)
 
[ File : C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\q8bpoqvj.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.order.1", "Ask.com");
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13143 octets] - [11/06/2014 20:04:19]
AdwCleaner[R1].txt - [12369 octets] - [11/06/2014 20:14:30]
AdwCleaner[R2].txt - [5426 octets] - [12/06/2014 07:11:41]
AdwCleaner[S0].txt - [815 octets] - [11/06/2014 20:06:22]
AdwCleaner[S1].txt - [346 octets] - [11/06/2014 20:17:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [5604 octets] ##########
 
 
 
JRT Report
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by rac on Wed 06/11/2014 at 20:19:58.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imside1egate.application.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpoint manager
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b3e77ad6-f307-4a99-ad2b-34142c4bf243}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\rac\Local Settings\Application Data\opencandy"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\rac\AppData\Roaming\mozilla\firefox\profiles\q8bpoqvj.default\user.js
Successfully deleted: [File] C:\Users\rac\AppData\Roaming\mozilla\firefox\profiles\q8bpoqvj.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\rac\AppData\Roaming\mozilla\firefox\profiles\q8bpoqvj.default\fctb
Successfully deleted the following from C:\Users\rac\AppData\Roaming\mozilla\firefox\profiles\q8bpoqvj.default\prefs.js
 
user_pref("extensions.OurBabyMaker_27.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=YRxdm0386Mus&ptb=C1FBD2B1-E0B0-4039-8513-5BC69921E30B&ind=
user_pref("extensions.OurBabyMaker_27.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRxdm0386Mus&ptb=C1FBD2B1-E0B0-4039-8513-5BC69921E30B&psa=&ind=20
user_pref("extensions.toolbar@ask.com.install-event-fired", true);
user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.DNSCatch", false);
user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.FirstLaunchShown", true);
user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.LastDate", 16);
user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.customNewTab", false);
user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.processAddrBar", false);
user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.tb_lang", "en");
user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.yahooSearch", false);
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/11/2014 at 20:28:00.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
OTL Report
 

OTL logfile created on: 6/12/2014 2:51:59 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\rac\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.38 Mb Total Physical Memory | 536.71 Mb Available Physical Memory | 52.96% Memory free
2.28 Gb Paging File | 1.50 Gb Available in Paging File | 65.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.64 Gb Total Space | 7.11 Gb Free Space | 10.52% Space Free | Partition Type: NTFS
 
Computer Name: TOMOHISA | User Name: rac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/06/11 19:33:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rac\Downloads\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/26 02:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
PRC - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/11 15:29:20 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe -- (vToolbarUpdater18.1.5)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2014/03/11 22:55:29 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/23 22:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/06/26 02:56:08 | 000,098,952 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 02:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\epwxtgux.sys -- (xsewmzvga)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | System | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/05/09 00:21:17 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/01/23 19:31:06 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2013/12/26 01:41:40 | 000,184,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/12/26 01:41:40 | 000,088,632 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/09 17:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 17:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/04 12:35:50 | 000,059,392 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/11/02 03:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 23:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {41396b1b-447e-473b-a34b-bb583136c7fc}
IE - HKLM\..\SearchScopes\{7BCFC7A9-435C-46D7-917E-81F1A6B16947}: "URL" = http://www.google.co...ge={startPage};
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {41396b1b-447e-473b-a34b-bb583136c7fc}
IE - HKU\.DEFAULT\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\.DEFAULT\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...2A-650FADB4C2EF
IE - HKU\.DEFAULT\..\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\.DEFAULT\..\SearchScopes\{7BCFC7A9-435C-46D7-917E-81F1A6B16947}: "URL" = http://www.google.co...ge={startPage};
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {41396b1b-447e-473b-a34b-bb583136c7fc}
IE - HKU\S-1-5-18\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\S-1-5-18\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...2A-650FADB4C2EF
IE - HKU\S-1-5-18\..\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\S-1-5-18\..\SearchScopes\{7BCFC7A9-435C-46D7-917E-81F1A6B16947}: "URL" = http://www.google.co...ge={startPage};
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://search-gala.c...q={searchTerms}
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\SearchScopes\{7BCFC7A9-435C-46D7-917E-81F1A6B16947}: "URL" = http://search-gala.c...q={searchTerms}
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: smartlinks@getsmartlinks.com:1.0.35
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.9.20130409112616
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2014/01/28 04:15:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2036/05/10 18:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/29 15:30:34 | 000,000,000 | ---D | M]
 
[2036/07/12 18:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rac\AppData\Roaming\mozilla\Extensions
[2014/01/24 09:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rac\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/01 17:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rac\AppData\Roaming\mozilla\Firefox\extensions
[2036/05/15 11:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rac\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2014/02/08 19:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rac\AppData\Roaming\mozilla\Firefox\Profiles\q8bpoqvj.default\extensions
[2014/02/08 19:45:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\rac\AppData\Roaming\mozilla\Firefox\Profiles\q8bpoqvj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2036/09/02 20:21:37 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\rac\AppData\Roaming\mozilla\Firefox\Profiles\q8bpoqvj.default\extensions\smartlinks@getsmartlinks.com
[2036/05/10 17:10:51 | 000,009,980 | ---- | M] () -- C:\Users\rac\AppData\Roaming\mozilla\firefox\profiles\q8bpoqvj.default\searchplugins\OurBabyMaker_27.xml
[2014/01/24 09:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2036/05/10 18:05:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2014/05/09 00:21:59 | 000,003,754 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2036/09/02 20:22:31 | 000,000,859 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahoo.xml
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdoinklelehcpndgmcddkkdhibpoglnk\2.2_1\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.37_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfnihbghaikdicpdiciecbbdoegcfhc\3.2.0_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.8.4_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.8.5_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.515.434.6_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\1.0.0.8_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.1_1\
 
O1 HOSTS File: ([2036/05/15 11:15:41 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" File not found
O4 - HKU\.DEFAULT..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 File not found
O4 - HKU\S-1-5-18..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000..\Run: [GoogleChromeAutoLaunch_9551E1C1FBAA8F6DD8374036CB9CF102] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\..Trusted Domains: picnik.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2F9A1A9-AF53-4C0C-97A1-3B90FDBF3E0C}: DhcpNameServer = 208.67.222.222 208.67.220.220 2.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEB31E6C-AD0D-4A3B-A5DB-6267DEAC5809}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT 
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2036/09/11 05:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2036/09/11 04:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2036/09/02 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Local\assembly
[2036/06/09 20:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2036/06/07 22:24:19 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2036/05/16 22:24:50 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Local\Symantec
[2036/05/16 22:19:12 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2036/05/16 22:19:09 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL
[2036/05/16 22:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2036/05/16 22:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2036/05/15 10:19:19 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2036/05/15 10:19:19 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2036/05/15 10:09:46 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Local\Seven Zip
[2036/05/15 09:59:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2036/05/15 09:45:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2036/05/15 09:45:37 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2036/05/15 09:45:36 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2036/05/15 09:45:35 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2036/05/15 09:45:34 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2036/05/15 09:45:33 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2036/05/15 09:45:30 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2036/05/15 09:45:27 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2036/05/15 09:45:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2036/05/10 18:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2036/05/10 16:34:49 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Local\Mozilla
[2036/05/10 16:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2036/05/10 16:26:29 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Roaming\RegistryKeys
[2014/06/11 20:19:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/11 20:05:40 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/11 20:04:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/11 16:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/05/30 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\rac\Desktop\DCIM
[2014/05/29 15:31:16 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
[2014/05/25 01:54:31 | 000,000,000 | ---D | C] -- C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/19 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\rac\Desktop\Junsu Singles 2014
[2014/05/14 09:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/14 09:28:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/14 08:59:29 | 000,000,000 | ---D | C] -- C:\Users\rac\Desktop\New Folder
[2009/08/20 20:32:48 | 000,020,992 | -HS- | C] (Microsoft) -- C:\Users\rac\protect.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2036/10/06 00:38:14 | 000,000,000 | ---- | M] () -- C:\t16g.1
[2036/06/07 23:11:52 | 000,000,632 | RHS- | M] () -- C:\Users\rac\ntuser.pol
[2036/05/16 21:36:34 | 000,009,640 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2036/05/16 21:35:51 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2036/05/16 21:34:13 | 000,319,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2036/05/15 11:15:41 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2036/05/15 10:20:18 | 000,000,215 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2036/05/10 18:30:31 | 000,000,110 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2036/05/10 18:20:08 | 000,010,756 | -HS- | M] () -- C:\Users\rac\AppData\Local\t0m8ctog368483w04675vl7l06dw6i5r6krf
[2036/05/10 18:20:08 | 000,010,756 | -HS- | M] () -- C:\ProgramData\t0m8ctog368483w04675vl7l06dw6i5r6krf
[2036/05/10 18:05:25 | 000,000,881 | ---- | M] () -- C:\Users\rac\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2036/05/10 17:52:17 | 000,000,067 | ---- | M] () -- C:\Windows\swupdate.INI
[2014/06/12 02:55:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/12 02:33:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/12 01:41:28 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/12 01:41:28 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 21:33:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/11 19:34:22 | 000,026,624 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/06/11 07:38:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/10 08:13:01 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/09 15:37:06 | 000,170,001 | ---- | M] () -- C:\Users\rac\Desktop\BppgD0nCEAAUzWQ.jpg
[2014/06/09 04:17:19 | 000,979,995 | ---- | M] () -- C:\Users\rac\Desktop\junsu.jpg
[2014/06/01 02:34:59 | 000,150,016 | ---- | M] () -- C:\Users\rac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/29 15:31:17 | 000,000,865 | ---- | M] () -- C:\Users\rac\Desktop\AIM.lnk
[2014/05/29 15:31:16 | 000,000,867 | ---- | M] () -- C:\Users\rac\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2014/05/27 14:34:07 | 000,191,785 | ---- | M] () -- C:\Users\rac\Desktop\Star-Trek-cast-john-cho-6247343-800-600.jpg
[2014/05/27 14:33:20 | 000,577,790 | ---- | M] () -- C:\Users\rac\Desktop\cho.gif
[2014/05/27 14:07:15 | 000,025,848 | ---- | M] () -- C:\Users\rac\Desktop\startrek-talking-cho-yelchin-tsrimg.jpg
[2014/05/27 13:57:41 | 000,043,131 | ---- | M] () -- C:\Users\rac\Desktop\BopX_UTIEAAAaxp.jpg
[2014/05/27 05:32:24 | 000,937,639 | ---- | M] () -- C:\Users\rac\Desktop\dracula.jpg
[2014/05/25 01:54:31 | 000,002,035 | ---- | M] () -- C:\Users\rac\Application Data\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk
[2014/05/25 01:27:42 | 000,002,003 | ---- | M] () -- C:\Users\rac\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/25 01:08:52 | 000,000,957 | ---- | M] () -- C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/25 00:36:52 | 000,032,768 | ---- | M] () -- C:\Users\rac\SxsTrace.etl
[2014/05/21 18:56:14 | 000,084,624 | ---- | M] () -- C:\Users\rac\Desktop\20140514_180054.jpg
[2014/05/21 10:30:11 | 000,025,326 | ---- | M] () -- C:\Users\rac\Desktop\67588034.png
[2014/05/19 15:45:08 | 000,406,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/18 14:47:15 | 000,050,347 | ---- | M] () -- C:\Users\rac\Desktop\support_staff_app_2010.pdf
[2014/05/16 01:26:18 | 000,028,767 | ---- | M] () -- C:\Users\rac\Desktop\Bnle7R5IQAAnvk4jpg_large.jpg
[2014/05/14 09:04:28 | 126,494,856 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/14 08:31:43 | 000,079,650 | ---- | M] () -- C:\Users\rac\Desktop\05.jpg
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2036/10/06 00:38:14 | 000,000,000 | ---- | C] () -- C:\t16g.1
[2036/09/11 05:01:16 | 000,002,003 | ---- | C] () -- C:\Users\rac\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2036/09/11 04:58:55 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2036/09/11 04:58:54 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2036/06/07 23:11:09 | 000,000,632 | RHS- | C] () -- C:\Users\rac\ntuser.pol
[2036/05/16 21:35:49 | 000,000,432 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2036/05/16 17:27:41 | 000,009,640 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2036/05/10 16:34:37 | 000,000,881 | ---- | C] () -- C:\Users\rac\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2036/05/06 20:33:08 | 000,010,756 | -HS- | C] () -- C:\Users\rac\AppData\Local\t0m8ctog368483w04675vl7l06dw6i5r6krf
[2036/05/06 20:33:08 | 000,010,756 | -HS- | C] () -- C:\ProgramData\t0m8ctog368483w04675vl7l06dw6i5r6krf
[2014/06/11 16:27:17 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/06/09 15:36:07 | 000,170,001 | ---- | C] () -- C:\Users\rac\Desktop\BppgD0nCEAAUzWQ.jpg
[2014/06/09 04:10:16 | 000,979,995 | ---- | C] () -- C:\Users\rac\Desktop\junsu.jpg
[2014/05/29 15:31:17 | 000,000,865 | ---- | C] () -- C:\Users\rac\Desktop\AIM.lnk
[2014/05/29 15:31:16 | 000,000,867 | ---- | C] () -- C:\Users\rac\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2014/05/27 14:34:06 | 000,191,785 | ---- | C] () -- C:\Users\rac\Desktop\Star-Trek-cast-john-cho-6247343-800-600.jpg
[2014/05/27 14:33:16 | 000,577,790 | ---- | C] () -- C:\Users\rac\Desktop\cho.gif
[2014/05/27 14:07:13 | 000,025,848 | ---- | C] () -- C:\Users\rac\Desktop\startrek-talking-cho-yelchin-tsrimg.jpg
[2014/05/27 13:57:31 | 000,043,131 | ---- | C] () -- C:\Users\rac\Desktop\BopX_UTIEAAAaxp.jpg
[2014/05/27 05:30:06 | 000,937,639 | ---- | C] () -- C:\Users\rac\Desktop\dracula.jpg
[2014/05/25 01:54:31 | 000,002,035 | ---- | C] () -- C:\Users\rac\Application Data\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk
[2014/05/25 00:32:17 | 000,032,768 | ---- | C] () -- C:\Users\rac\SxsTrace.etl
[2014/05/24 16:52:34 | 000,000,957 | ---- | C] () -- C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/21 18:55:57 | 000,084,624 | ---- | C] () -- C:\Users\rac\Desktop\20140514_180054.jpg
[2014/05/21 10:30:08 | 000,025,326 | ---- | C] () -- C:\Users\rac\Desktop\67588034.png
[2014/05/18 14:47:09 | 000,050,347 | ---- | C] () -- C:\Users\rac\Desktop\support_staff_app_2010.pdf
[2014/05/16 01:22:59 | 000,028,767 | ---- | C] () -- C:\Users\rac\Desktop\Bnle7R5IQAAnvk4jpg_large.jpg
[2014/05/14 09:04:28 | 126,494,856 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/26 10:59:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDFPMON.DLL
[2014/04/26 10:59:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDFFXPU.DLL
[2014/04/26 10:59:13 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldfoem.dll
[2014/04/26 10:59:13 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDFPMRC.DLL
[2014/04/26 10:50:52 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldfinst.dll
[2014/04/26 10:50:51 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\dldfusb1.dll
[2014/04/26 10:50:51 | 000,499,712 | ---- | C] () -- C:\Windows\System32\dldfutil.dll
[2014/04/26 10:50:51 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\dldfhcp.dll
[2014/04/26 10:50:51 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\dldfinpa.dll
[2014/04/26 10:50:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldfiesc.dll
[2014/04/26 10:50:50 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\dldfserv.dll
[2014/04/26 10:50:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldfprox.dll
[2014/04/26 10:50:49 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldfpmui.dll
[2014/04/26 10:50:49 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\dldflmpm.dll
[2014/04/26 10:50:49 | 000,320,136 | ---- | C] ( ) -- C:\Windows\System32\dldfih.exe
[2014/04/26 10:50:49 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldfinsb.dll
[2014/04/26 10:50:49 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldfins.dll
[2014/04/26 10:50:49 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldfjswr.dll
[2014/04/26 10:50:49 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldfinsr.dll
[2014/04/26 10:50:48 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldfhbn3.dll
[2014/04/26 10:50:47 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldfgrd.dll
[2014/04/26 10:50:47 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldfcub.dll
[2014/04/26 10:50:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldfcur.dll
[2014/04/26 10:50:44 | 000,598,664 | ---- | C] ( ) -- C:\Windows\System32\dldfcoms.exe
[2014/04/26 10:50:44 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldfcomm.dll
[2014/04/26 10:50:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldfcu.dll
[2014/04/26 10:50:41 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\dldfcomc.dll
[2014/04/26 10:50:40 | 000,365,192 | ---- | C] ( ) -- C:\Windows\System32\dldfcfg.exe
[2014/04/26 10:50:39 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldfcfg.dll
[2014/04/14 09:56:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2014/04/08 02:37:39 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2014/03/20 13:13:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/01/30 10:25:27 | 000,000,134 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2014/01/28 04:21:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2014/01/25 16:04:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2014/01/25 16:04:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2014/01/23 19:31:12 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014/01/23 19:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2014/01/23 19:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2014/01/23 19:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2014/01/23 19:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/01/15 22:09:38 | 000,000,250 | ---- | C] () -- C:\Users\rac\AppData\Roaming\wklnhst.dat
[2009/05/27 19:59:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\94627516.ini
[2009/01/27 21:23:58 | 000,001,356 | ---- | C] () -- C:\Users\rac\AppData\Local\d3d9caps.dat
[2008/12/29 09:18:31 | 000,150,016 | ---- | C] () -- C:\Users\rac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2009/01/02 19:36:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/01/02 19:36:21 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/01/02 19:36:21 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/01/02 20:32:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009/01/02 20:32:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/01/02 19:36:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK8037GSX ATA Device
Partitions: 3
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 68.00GB
Starting Offset: 1573912576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 5.00GB
Starting Offset: 74204577792
Hidden sectors: 0
 
 
< End of report >
 
 
Extras Report
 
OTL Extras logfile created on: 6/11/2014 8:28:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\rac\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.38 Mb Total Physical Memory | 366.71 Mb Available Physical Memory | 36.19% Memory free
2.28 Gb Paging File | 1.54 Gb Available in Paging File | 67.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.64 Gb Total Space | 7.94 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
 
Computer Name: TOMOHISA | User Name: rac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E38425-F386-45AC-8E60-0C485AAE46E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{05131886-43D5-4E6A-87D6-38756ADF3E67}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{0AE8DC04-99F4-41A3-B96D-09DBC55924C2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0B424AFA-6DA6-4117-8E75-B395F55A0158}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{13DAF14B-3006-4F64-A5D7-2AF98BABD1E4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{146CD386-CC7D-4B7A-A36F-C1730F8F3056}" = lport=61505 | protocol=17 | dir=in | name=61505udp | 
"{14953A0F-D7D4-4F5E-835A-13CE0C54F007}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2A443877-41F0-4C4E-8EE7-62179E0E4591}" = lport=443 | protocol=6 | dir=in | name=443tcp | 
"{2B3448E1-FC6B-431D-83B4-9F7671B71ABD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F6FBEA3-66C6-4F4E-A183-BEE5C77FEE70}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{3844207E-E0FB-46B2-AD2D-FAFDB58EC746}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F06C04D-953C-43D5-BE81-6F8EFE4C13D3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{3F6C25E0-3172-4E78-B8EC-BFF6DA265321}" = lport=61505 | protocol=6 | dir=in | name=61505tcp | 
"{4168FD12-1CFF-4FE3-91A7-E6FD438ABF8C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{4B196F1B-5956-4C7F-916B-2B6770DB0A46}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{4F914A5A-B571-49BC-BEE4-C79AE65B4B6D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{523E76FD-022D-4EFC-BA4A-B3E260464BEF}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{5275A427-6102-465C-9049-D287356D7EB3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{5613C7DC-00C1-4CC1-862A-3BED2B6FA39D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{60D659BE-9FE7-4FF7-94F1-2F864A0BAA67}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{697FBE03-47B0-40A1-80AC-D1FEF1451C2E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{82B19581-6AEC-4DD5-AD5B-929F2B3EFFAD}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{84CDC8D0-DEC3-41C7-A5DE-CA2D0F9F0DAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8DF6728D-A6E0-45AF-ADD5-32B5AF6F6323}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{99DF26F7-A488-4928-B577-FDC028EEBDA1}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{A6E087D6-3D7F-4B70-A63E-D3264F87122D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B0D91970-778B-434C-ACDB-FD36607BD831}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B122E36D-8E93-4526-9C5F-5D19C9C7682B}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{C82D1596-A765-4EF6-A67F-4F8CE3201161}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9555B92-4E4C-4A65-8EF8-9A93F6E46642}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{CB6CA727-50E7-4714-A394-02790E52F199}" = lport=443 | protocol=17 | dir=in | name=443udp | 
"{CC816914-01F7-4D9E-97B9-07AD230DB573}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC5BEE3A-5537-429B-A06E-BEB01DB3A3E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F1D4316B-E67E-40D9-ABDF-79F5D8CF197F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F46E4EBA-A203-42A7-946F-650935C9F679}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{FB8C6FE5-BB16-456C-8D1B-BC6C501E7792}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FF244EAC-51E3-44D3-B711-285DC094CF72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022C97D6-324C-479E-B54F-DE81F7C71C5B}" = protocol=17 | dir=in | app=c:\users\rac\appdata\roaming\utorrent\utorrent.exe | 
"{086FA78B-502A-4EED-A234-975BCB2F245E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{12A83140-D1BB-4833-B7C3-96D89AC7554E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{140585EB-8DEF-4632-8297-3180C8E5B9DA}" = protocol=6 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"{143755F0-B01A-47DC-B35C-4C76491B3F22}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{161749B4-0F4C-490C-8481-975B18CDC3F9}" = protocol=6 | dir=in | app=c:\users\rac\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1E27DDE1-53B3-4DAF-8253-C4AF38473762}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{25C40D7D-4236-4CBD-A690-81049F266362}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{25D2DA6D-6AD0-4630-8330-5FDDDFC443F3}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{26AD0841-37A7-4B56-A538-BCC49B5894F4}" = protocol=17 | dir=in | app=c:\users\rac\appdata\roaming\dropbox\bin\dropbox.exe | 
"{26D67F03-3561-4FC4-A418-889A8AB79E50}" = protocol=17 | dir=in | app=c:\users\rac\appdata\roaming\utorrent\utorrent.exe | 
"{31B5256E-0969-4945-BC82-D9A83978EFF3}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"{32261921-73CC-4250-BDD9-DFD91BB9335D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{36463A6E-E427-4AF2-8726-D9E1C21E06BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{398DFDC7-4703-437A-85D6-06235C85B394}" = protocol=17 | dir=in | app=c:\users\rac\downloads\microsoft toolkitz[a4]\microsoft toolkitz[a4].exe | 
"{3EF35D0A-F3DB-4F78-8D31-52212C34FAE0}" = protocol=17 | dir=in | app=c:\program files\battle.net\battle.net.exe | 
"{45D1D302-0559-428A-B8BC-0AB7F354CE74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{499A199C-CE59-46B7-8F8C-A298DEB4E358}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{4DDC3263-0612-4242-B70D-9A756B0B664C}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe | 
"{4EABEB8D-6151-49F8-AD3D-EEDED5CEEF39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{52692D54-5159-4CA0-B026-0CA95216A2FD}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | 
"{54446D8B-6265-4FCD-B879-7234820E8CC0}" = protocol=17 | dir=in | app=c:\program files\hearthstone\hearthstone.exe | 
"{56D0BF52-8945-4C9C-8E8A-DD7FE163763F}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe | 
"{5A47E107-DB5F-47A2-B96E-615B919D77F5}" = protocol=6 | dir=in | app=c:\users\rac\appdata\roaming\utorrent\utorrent.exe | 
"{5C3BE5F1-76C6-48DE-9F70-343C56C074EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EECA409-5669-41F8-9E1E-C4B58C259687}" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"{5EF5A1EB-662F-4E6B-AB28-4BC837A70C72}" = protocol=6 | dir=in | app=c:\users\rac\downloads\microsoft toolkitz[a4]\microsoft toolkitz[a4].exe | 
"{633C1499-144C-4D6E-9D04-82DA47C455EF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{6ADA35D6-5085-4310-A5BF-DDFA75BD5638}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{6AF62BC3-ED70-4D06-A74B-68E19C97FFE8}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{714FEA02-C916-4092-BFEE-EEC919168C16}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{71ACADEB-99C5-4040-9E3B-55A8F6E72DFC}" = protocol=6 | dir=in | app=c:\program files\battle.net\battle.net.exe | 
"{751C3020-90A6-4C75-8DE9-CA99C0B071C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FED4778-ADD9-4DFD-9D2F-D9AB4BF0036C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe | 
"{7FFF966C-ECE5-43FE-A724-EA62406051D5}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{80E2D406-9B0E-48F0-BF10-4B655DE0D098}" = protocol=6 | dir=in | app=c:\programdata\e135217\wpe135.exe | 
"{818F094C-741A-4DC4-ADC5-D99ACE5375FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{90198605-D962-4A6D-8155-297EE0D9F925}" = protocol=17 | dir=in | app=c:\users\rac\appdata\roaming\utorrent\utorrent.exe | 
"{933BFB09-4620-4F69-8D3C-4AF48C5B0361}" = protocol=17 | dir=in | app=c:\windows\system32\dldfcoms.exe | 
"{985A1DD1-2864-4D5B-8501-5317A7D3A870}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe | 
"{98B191CC-D926-4222-96C1-0EA42F98BFA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A304BB3-0457-45DA-8C65-E893A7855CDE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{A383DE2B-8691-4982-A1CC-27248D54CC3B}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe | 
"{A7ECB766-017E-452E-B3BF-DEA6DE494FB9}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{AB156069-347A-431E-B7F8-0F99F054F823}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{AE743ACA-1E81-44CA-B58A-B8732FB28E13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B0D97485-4CB2-4D32-A8D7-96C9633204DA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B2022975-6A01-47F8-A120-4C36A1C5F1B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B35579E0-8342-4616-84EE-B1AB37589612}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"{B422BB91-D458-4629-B727-09AD013DEEBC}" = protocol=6 | dir=in | app=c:\windows\system32\dldfcoms.exe | 
"{B68DBB19-BFFD-46C7-94C0-830FBBF551E6}" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"{BCD0CDE6-F6BE-449A-BCC7-BC5E15451243}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | 
"{C33839DA-6FB0-44B2-A6A9-51A87C9E7E9B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{CBA51905-6668-4E2A-BD0E-243FAFE54930}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe | 
"{CD5E1F80-2D86-47B7-9976-9C46E1CF7C94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D7EC71A6-3F17-4EBD-86FB-4D04625AF6A4}" = protocol=6 | dir=out | app=system | 
"{D9F4E375-C379-4FBF-A3E1-6B44C660A586}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9F98F12-7975-48BA-85FB-11C01D7F1FE1}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{DA7DA14D-F89B-412F-9CC0-4E2842942C6B}" = protocol=6 | dir=out | app=system | 
"{DF26E0A4-30AD-4CB9-AA4F-09ED513B9F89}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E609132D-17D8-4D74-A791-154CC16B05ED}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe | 
"{E7A7836C-8DBE-4F45-990B-32473FA797D6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{E969A817-6DA0-4D6B-BA69-4A33B25A892F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe | 
"{F27D5432-FED6-4729-818F-85AA5BE55D9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F2A1EFE4-89C9-4D01-8DFC-83C3CACA9F79}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F4C3FC60-1D0A-46BC-810B-2DFD62E7A145}" = protocol=6 | dir=in | app=c:\users\rac\appdata\roaming\utorrent\utorrent.exe | 
"{F9E2E0FC-B10B-43B3-A9B0-6D1BDDB0301B}" = protocol=6 | dir=in | app=c:\users\rac\appdata\roaming\utorrent\utorrent.exe | 
"{FD56B754-35A3-470E-9EE0-BBD45A0A108D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FE80AE29-EC75-4691-B88C-397F7E6066D6}" = protocol=17 | dir=in | app=c:\programdata\e135217\wpe135.exe | 
"TCP Query User{87315978-24AB-43E6-8528-58F65BDD8FE8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{9D3636D1-6452-4131-8F11-8D8A70FF99EF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{BE660446-786D-47CF-8EF2-A5E663CD22F9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{C323A832-2983-4CCB-BB32-D9355F3D75CC}C:\programdata\e135217\wpe135.exe" = protocol=6 | dir=in | app=c:\programdata\e135217\wpe135.exe | 
"UDP Query User{0B1D9EE8-C97F-4FD7-8EE3-7090D18D929A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{292B30FE-E083-4552-AECC-3F2D7C0D0663}C:\programdata\e135217\wpe135.exe" = protocol=17 | dir=in | app=c:\programdata\e135217\wpe135.exe | 
"UDP Query User{B21309B0-300A-45E9-9E31-5A5C6DA38DEC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{C18E1C6D-EBC3-4C35-9131-E146F462DF50}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B8C0AB-5348-3DA5-8A7D-65FC2CB46FD8}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC74460-AC9B-4E7E-91FF-833C751C092F}" = HP Deskjet 3050A J611 series Product Improvement Study
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Any Video Converter_is1" = Any Video Converter 5.5.6
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Dell AIO Printer 948" = Dell AIO Printer 948
"DomDomSoft Manga Downloader" = DomDomSoft Manga Downloader (remove only)
"FileZilla Client" = FileZilla Client 3.7.4.1
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Trillian" = Trillian
"TSR Watermark Image_is1" = TSR Watermark Image software version 3.1.0.6
"VLC media player" = VLC media player 2.1.3
"Web_4.0.1460.0" = Microsoft Expression Web 4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"DB165FE98538A10E91D51C46B1461C279DDBA833" = PayPal Invoicing Template for Microsoft Excel
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"uTorrent" = µTorrent
"WatermarkSoftware" = Watermark Software
 
< End of report >
 


#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,286 posts
  • Interests:LFC, music, more LFC, more music

Posted 12 June 2014 - 07:14 AM

There are a lot of entries that need to be dealt with but I have noticed a date change to “2036” in quite a lot of the entries so instead of fixing those I’ve found, I’d like you to run some more scans to see what is happening.

Run aswMBR
 

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please include the aswMBR log and checkup.txt with the next post.

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 12 June 2014 - 08:58 AM

Yeah.  When I bought the computer from my coworker, it had the date changed to 2036.  But here are the scans.

 

 

aswMBR Report

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-12 09:32:47
-----------------------------
09:32:47.983    OS Version: Windows 6.0.6002 Service Pack 2
09:32:47.983    Number of processors: 1 586 0x1601
09:32:47.996    ComputerName: TOMOHISA  UserName: rac
09:32:54.352    Initialize success
09:40:52.989    AVAST engine defs: 14061200
09:42:39.432    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:42:39.459    Disk 0 Vendor: TOSHIBA_MK8037GSX DL230M Size: 76319MB BusType: 3
09:42:39.776    Disk 0 MBR read successfully
09:42:39.823    Disk 0 MBR scan
09:42:39.962    Disk 0 Windows VISTA default MBR code
09:42:39.985    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
09:42:40.039    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        69266 MB offset 3074048
09:42:40.116    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         5552 MB offset 144930816
09:42:40.187    Disk 0 scanning sectors +156301312
09:42:40.462    Disk 0 scanning C:\Windows\system32\drivers
09:43:22.772    Service scanning
09:44:44.992    Modules scanning
09:46:02.217    Disk 0 trace - called modules:
09:46:02.718    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ndis.sys athr.sys dxgkrnl.sys igdkmd32.sys ataport.SYS PCIIDEX.SYS partmgr.sys volmgr.sys ecache.sys volsnap.sys Ntfs.sys 
09:46:03.170    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84aa0368]
09:46:03.215    3 CLASSPNP.SYS[864958b3] -> nt!IofCallDriver -> [0x843bf918]
09:46:08.671    AVAST engine scan C:\Windows
09:46:15.550    AVAST engine scan C:\Windows\system32
09:47:00.891    File: C:\Windows\system32\cooper.mine  **INFECTED** Win32:Fraudo [Trj]
10:02:18.551    AVAST engine scan C:\Windows\system32\drivers
10:03:15.721    AVAST engine scan C:\Users\rac
10:06:46.671    File: C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\rac\AppData\Local\Microsoft\Windows\TEMPOR~1\VIRTUA~1\C\Users\rac\protect.dll  **INFECTED** Win32:Malware-gen
10:27:24.226    File: C:\Users\rac\Downloads\FileZilla_3.7.4.1_win32-setup.exe  **INFECTED** Win32:Adware-gen [Adw]
10:32:36.078    File: C:\Users\rac\protect.dll  **INFECTED** Win32:Malware-gen
10:32:52.971    AVAST engine scan C:\ProgramData
10:44:16.401    Scan finished successfully
10:47:06.296    Disk 0 MBR has been saved successfully to "C:\Users\rac\Desktop\MBR.dat"
10:47:06.418    The log file has been saved successfully to "C:\Users\rac\Desktop\aswMBR.txt"
 
checkup Report
 
 Results of screen317's Security Check version 0.99.84  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version out of Date! 
  Adobe Flash Player 12.0.0.77 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (4.0.1) 
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 


#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,286 posts
  • Interests:LFC, music, more LFC, more music

Posted 12 June 2014 - 03:22 PM

Your computer is quite infected and I need more information to see how badly.

 

 

Please run these in the order requested.

Run TDSSKiller

Please download TDSSKiller.zip
 

  • extract it to your desktop
  • double click TDSSKiller.exe
  • press Start Scan
    • only if Malicious objects are found then ensure Cure is selected. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.
    • then click Continue > Reboot now
  • copy and paste the log in your next reply.
    • A copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

======================================================

Download and run ComboFix

Download Combofix from either of the links below, and save it to your desktop.  

Link 1
Link 2

**Note:  It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • when finished, it will produce a report for you.  
  • please post the C:\ComboFix.txt in your next post.

Please also remember to include the TDSSKiller log

Thanks

Satchfan
your_Security_Programs_t96260.html&pid=494216#entry494216"]here [/url]

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • when finished, it will produce a report for you.  
  • please post the C:\ComboFix.txt in your next post.

Please also remember to include the TDSSKiller log

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 12 June 2014 - 05:17 PM

Okay.  I had problems with combofix.  I tried running it three times and each time it totally froze the computer so I couldn't get it to run.  I checked my virus scanner and it says I have mcafee but I had uninstalled that a long time ago.  And I was using windows defender but it says that is off so I don't know what could have affected it.  I'm including the log for the other program though.

 

18:04:48.0006 0x0f8c  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
18:04:54.0831 0x0f8c  ============================================================
18:04:54.0831 0x0f8c  Current date / time: 2014/06/12 18:04:54.0831
18:04:54.0831 0x0f8c  SystemInfo:
18:04:54.0831 0x0f8c  
18:04:54.0831 0x0f8c  OS Version: 6.0.6002 ServicePack: 2.0
18:04:54.0831 0x0f8c  Product type: Workstation
18:04:54.0832 0x0f8c  ComputerName: TOMOHISA
18:04:54.0832 0x0f8c  UserName: rac
18:04:54.0832 0x0f8c  Windows directory: C:\Windows
18:04:54.0832 0x0f8c  System windows directory: C:\Windows
18:04:54.0832 0x0f8c  Processor architecture: Intel x86
18:04:54.0832 0x0f8c  Number of processors: 1
18:04:54.0832 0x0f8c  Page size: 0x1000
18:04:54.0832 0x0f8c  Boot type: Normal boot
18:04:54.0833 0x0f8c  ============================================================
18:04:58.0069 0x0f8c  KLMD registered as C:\Windows\system32\drivers\22978282.sys
18:04:58.0434 0x0f8c  System UUID: {8EBF6B7C-11D6-9F9A-7EEE-E3ADC9CFFCC4}
18:05:00.0129 0x0f8c  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:05:00.0254 0x0f8c  ============================================================
18:05:00.0254 0x0f8c  \Device\Harddisk0\DR0:
18:05:00.0254 0x0f8c  MBR partitions:
18:05:00.0254 0x0f8c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x8749000
18:05:00.0254 0x0f8c  ============================================================
18:05:00.0306 0x0f8c  C: <-> \Device\Harddisk0\DR0\Partition1
18:05:00.0387 0x0f8c  ============================================================
18:05:00.0387 0x0f8c  Initialize success
18:05:00.0387 0x0f8c  ============================================================
18:05:24.0090 0x0b28  ============================================================
18:05:24.0091 0x0b28  Scan started
18:05:24.0091 0x0b28  Mode: Manual; 
18:05:24.0091 0x0b28  ============================================================
18:05:24.0091 0x0b28  KSN ping started
18:05:38.0306 0x0b28  KSN ping finished: true
18:05:44.0385 0x0b28  ================ Scan system memory ========================
18:05:44.0385 0x0b28  System memory - ok
18:05:44.0393 0x0b28  ================ Scan services =============================
18:05:44.0774 0x0b28  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:05:44.0794 0x0b28  ACPI - ok
18:05:45.0018 0x0b28  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:05:45.0026 0x0b28  Adobe LM Service - ok
18:05:45.0154 0x0b28  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:05:45.0162 0x0b28  AdobeARMservice - ok
18:05:45.0332 0x0b28  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:05:45.0352 0x0b28  AdobeFlashPlayerUpdateSvc - ok
18:05:45.0493 0x0b28  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:05:45.0543 0x0b28  adp94xx - ok
18:05:45.0619 0x0b28  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:05:45.0642 0x0b28  adpahci - ok
18:05:45.0704 0x0b28  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:05:45.0715 0x0b28  adpu160m - ok
18:05:45.0814 0x0b28  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:05:45.0839 0x0b28  adpu320 - ok
18:05:46.0019 0x0b28  [ 96A0FF09E226B023DC6ACA253AACEE2E, FCA21BE869329E5479A8FBB0EC6D585C1D7DCC80F36C32928FC4E93D6E409FE3 ] ADVService      C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
18:05:46.0024 0x0b28  ADVService - ok
18:05:46.0103 0x0b28  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:05:46.0106 0x0b28  AeLookupSvc - ok
18:05:46.0261 0x0b28  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
18:05:46.0283 0x0b28  AFD - ok
18:05:46.0438 0x0b28  [ 5D97943C128ED756D1B0A08302C1B1F8, BE7C390B12EB38B0174C55F5459ECA44DC0521277475EF8E6C59E0DE407096EA ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
18:05:46.0511 0x0b28  AgereSoftModem - ok
18:05:46.0651 0x0b28  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:05:46.0656 0x0b28  agp440 - ok
18:05:46.0722 0x0b28  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:05:46.0750 0x0b28  aic78xx - ok
18:05:46.0831 0x0b28  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
18:05:46.0838 0x0b28  ALG - ok
18:05:46.0899 0x0b28  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:05:46.0903 0x0b28  aliide - ok
18:05:46.0961 0x0b28  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:05:46.0967 0x0b28  amdagp - ok
18:05:47.0015 0x0b28  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:05:47.0018 0x0b28  amdide - ok
18:05:47.0068 0x0b28  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:05:47.0073 0x0b28  AmdK7 - ok
18:05:47.0124 0x0b28  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:05:47.0129 0x0b28  AmdK8 - ok
18:05:47.0229 0x0b28  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
18:05:47.0233 0x0b28  Appinfo - ok
18:05:47.0310 0x0b28  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
18:05:47.0317 0x0b28  arc - ok
18:05:47.0415 0x0b28  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:05:47.0427 0x0b28  arcsas - ok
18:05:47.0617 0x0b28  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:05:47.0722 0x0b28  aspnet_state - ok
18:05:47.0827 0x0b28  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:47.0830 0x0b28  AsyncMac - ok
18:05:47.0901 0x0b28  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
18:05:47.0903 0x0b28  atapi - ok
18:05:48.0090 0x0b28  [ 6046A55F79DE9C581B8D5E9C1366CC81, 506AA1AEB9A3B6DF254561594814E94BBF937712529A780D04624EEB0D566AB8 ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:05:48.0125 0x0b28  athr - ok
18:05:48.0241 0x0b28  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:05:48.0265 0x0b28  AudioEndpointBuilder - ok
18:05:48.0317 0x0b28  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:05:48.0336 0x0b28  Audiosrv - ok
18:05:48.0427 0x0b28  [ 4A00A998F421769A47A858FC1C8AE87A, 9FB642CA8C7094B8BFDEB2D806909D7B62E7F1CD0B29B6CDC928A6F046E240C2 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
18:05:48.0432 0x0b28  avgtp - ok
18:05:48.0586 0x0b28  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:05:48.0588 0x0b28  Beep - ok
18:05:48.0853 0x0b28  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
18:05:48.0950 0x0b28  BFE - ok
18:05:49.0269 0x0b28  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
18:05:49.0493 0x0b28  BITS - ok
18:05:49.0536 0x0b28  blbdrive - ok
18:05:49.0637 0x0b28  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:05:49.0667 0x0b28  bowser - ok
18:05:49.0836 0x0b28  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:05:49.0860 0x0b28  BrFiltLo - ok
18:05:49.0913 0x0b28  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:05:49.0916 0x0b28  BrFiltUp - ok
18:05:49.0985 0x0b28  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
18:05:49.0993 0x0b28  Browser - ok
18:05:50.0095 0x0b28  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:05:50.0102 0x0b28  Brserid - ok
18:05:50.0155 0x0b28  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:05:50.0162 0x0b28  BrSerWdm - ok
18:05:50.0240 0x0b28  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:05:50.0274 0x0b28  BrUsbMdm - ok
18:05:50.0327 0x0b28  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:05:50.0349 0x0b28  BrUsbSer - ok
18:05:50.0430 0x0b28  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:05:50.0464 0x0b28  BTHMODEM - ok
18:05:50.0637 0x0b28  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:05:50.0656 0x0b28  cdfs - ok
18:05:50.0837 0x0b28  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:05:50.0863 0x0b28  cdrom - ok
18:05:51.0088 0x0b28  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
18:05:51.0121 0x0b28  CertPropSvc - ok
18:05:51.0274 0x0b28  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:05:51.0310 0x0b28  circlass - ok
18:05:51.0469 0x0b28  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
18:05:51.0578 0x0b28  CLFS - ok
18:05:51.0999 0x0b28  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:52.0235 0x0b28  clr_optimization_v2.0.50727_32 - ok
18:05:52.0442 0x0b28  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:53.0886 0x0b28  clr_optimization_v4.0.30319_32 - ok
18:05:54.0067 0x0b28  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:05:54.0145 0x0b28  CmBatt - ok
18:05:54.0245 0x0b28  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:05:54.0267 0x0b28  cmdide - ok
18:05:54.0405 0x0b28  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:05:54.0445 0x0b28  Compbatt - ok
18:05:54.0519 0x0b28  COMSysApp - ok
18:05:54.0590 0x0b28  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:05:54.0594 0x0b28  crcdisk - ok
18:05:54.0656 0x0b28  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:05:54.0711 0x0b28  Crusoe - ok
18:05:54.0971 0x0b28  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:05:55.0046 0x0b28  CryptSvc - ok
18:05:55.0428 0x0b28  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:05:55.0552 0x0b28  DcomLaunch - ok
18:05:55.0677 0x0b28  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:05:55.0712 0x0b28  DfsC - ok
18:05:56.0154 0x0b28  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
18:05:56.0320 0x0b28  DFSR - ok
18:05:56.0554 0x0b28  [ 6216FD7FD227DE454238A702B218CEC7, 5699FDD253754AE274B8624A41CBE778D74383E95D5167785A48A51AAD67FC70 ] dgderdrv        C:\Windows\system32\drivers\dgderdrv.sys
18:05:56.0558 0x0b28  dgderdrv - ok
18:05:56.0740 0x0b28  [ 50D5624BB26AF7EAE92EF95F3C6E3CE7, 8B55A196C66B0C61C4E72E24A0AF97E4F429FCA8317C5505C0F118C4293E126A ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:05:56.0964 0x0b28  dg_ssudbus - ok
18:05:57.0395 0x0b28  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:05:57.0412 0x0b28  Dhcp - ok
18:05:57.0623 0x0b28  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
18:05:57.0644 0x0b28  disk - ok
18:05:57.0834 0x0b28  [ 37B339FBAC80633CEA47D58A643A7C67, DC490BACF6386DE55B5E06BEBA2AA921FCA142BBB383F2CE4B9BC7B8739A7A99 ] dldfCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
18:05:57.0849 0x0b28  dldfCATSCustConnectService - ok
18:05:57.0914 0x0b28  dldf_device - ok
18:05:57.0995 0x0b28  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:05:58.0043 0x0b28  Dnscache - ok
18:05:58.0259 0x0b28  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
18:05:58.0333 0x0b28  dot3svc - ok
18:05:58.0491 0x0b28  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
18:05:58.0555 0x0b28  DPS - ok
18:05:58.0701 0x0b28  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:05:58.0722 0x0b28  drmkaud - ok
18:05:59.0021 0x0b28  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:05:59.0221 0x0b28  DXGKrnl - ok
18:05:59.0388 0x0b28  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:05:59.0398 0x0b28  E1G60 - ok
18:05:59.0501 0x0b28  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
18:05:59.0509 0x0b28  EapHost - ok
18:05:59.0676 0x0b28  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:05:59.0703 0x0b28  Ecache - ok
18:05:59.0906 0x0b28  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:05:59.0949 0x0b28  elxstor - ok
18:06:00.0101 0x0b28  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:06:00.0148 0x0b28  EMDMgmt - ok
18:06:00.0312 0x0b28  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
18:06:00.0368 0x0b28  EventSystem - ok
18:06:00.0475 0x0b28  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:06:00.0497 0x0b28  exfat - ok
18:06:00.0608 0x0b28  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:06:00.0620 0x0b28  fastfat - ok
18:06:00.0752 0x0b28  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:06:00.0756 0x0b28  fdc - ok
18:06:00.0881 0x0b28  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
18:06:00.0886 0x0b28  fdPHost - ok
18:06:00.0946 0x0b28  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:06:00.0951 0x0b28  FDResPub - ok
18:06:01.0024 0x0b28  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:06:01.0030 0x0b28  FileInfo - ok
18:06:01.0116 0x0b28  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:06:01.0142 0x0b28  Filetrace - ok
18:06:01.0203 0x0b28  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:06:01.0207 0x0b28  flpydisk - ok
18:06:01.0294 0x0b28  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:06:01.0310 0x0b28  FltMgr - ok
18:06:01.0508 0x0b28  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
18:06:01.0575 0x0b28  FontCache - ok
18:06:01.0684 0x0b28  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:06:01.0690 0x0b28  FontCache3.0.0.0 - ok
18:06:01.0751 0x0b28  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:06:01.0755 0x0b28  Fs_Rec - ok
18:06:01.0824 0x0b28  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:06:01.0831 0x0b28  gagp30kx - ok
18:06:01.0899 0x0b28  getPlus® Helper - ok
18:06:02.0012 0x0b28  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
18:06:02.0057 0x0b28  gpsvc - ok
18:06:02.0222 0x0b28  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:06:02.0311 0x0b28  gupdate - ok
18:06:02.0377 0x0b28  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:06:02.0386 0x0b28  gupdatem - ok
18:06:02.0500 0x0b28  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:06:02.0520 0x0b28  HdAudAddService - ok
18:06:02.0654 0x0b28  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:06:02.0701 0x0b28  HDAudBus - ok
18:06:02.0847 0x0b28  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:06:02.0869 0x0b28  HidBth - ok
18:06:02.0918 0x0b28  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:06:02.0922 0x0b28  HidIr - ok
18:06:03.0023 0x0b28  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
18:06:03.0037 0x0b28  hidserv - ok
18:06:03.0111 0x0b28  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:06:03.0114 0x0b28  HidUsb - ok
18:06:03.0187 0x0b28  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:06:03.0223 0x0b28  hkmsvc - ok
18:06:03.0311 0x0b28  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:06:03.0316 0x0b28  HpCISSs - ok
18:06:03.0625 0x0b28  [ 0EEECA26C8D4BDE2A4664DB058A81937, 6F88567A116B1420BE1C9C8888F34D05F51378092C805EF4E489635CF92D416B ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:06:03.0674 0x0b28  HTTP - ok
18:06:03.0784 0x0b28  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:06:03.0791 0x0b28  i2omp - ok
18:06:03.0923 0x0b28  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:06:03.0929 0x0b28  i8042prt - ok
18:06:04.0235 0x0b28  [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:06:04.0468 0x0b28  ialm - ok
18:06:04.0620 0x0b28  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:06:04.0695 0x0b28  iaStorV - ok
18:06:04.0808 0x0b28  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:06:04.0848 0x0b28  IDriverT - ok
18:06:05.0042 0x0b28  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:06:05.0151 0x0b28  idsvc - ok
18:06:05.0449 0x0b28  [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:06:05.0592 0x0b28  igfx - ok
18:06:05.0695 0x0b28  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:06:05.0701 0x0b28  iirsp - ok
18:06:05.0833 0x0b28  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:06:05.0868 0x0b28  IKEEXT - ok
18:06:05.0940 0x0b28  IntcAzAudAddService - ok
18:06:06.0016 0x0b28  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
18:06:06.0020 0x0b28  intelide - ok
18:06:06.0084 0x0b28  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:06:06.0090 0x0b28  intelppm - ok
18:06:06.0170 0x0b28  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:06:06.0180 0x0b28  IPBusEnum - ok
18:06:06.0267 0x0b28  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:06:06.0273 0x0b28  IpFilterDriver - ok
18:06:06.0372 0x0b28  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:06:06.0390 0x0b28  iphlpsvc - ok
18:06:06.0423 0x0b28  IpInIp - ok
18:06:06.0490 0x0b28  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:06:06.0498 0x0b28  IPMIDRV - ok
18:06:06.0579 0x0b28  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:06:06.0603 0x0b28  IPNAT - ok
18:06:06.0668 0x0b28  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:06:06.0671 0x0b28  IRENUM - ok
18:06:06.0723 0x0b28  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:06:06.0729 0x0b28  isapnp - ok
18:06:06.0843 0x0b28  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:06:06.0860 0x0b28  iScsiPrt - ok
18:06:06.0919 0x0b28  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:06:06.0925 0x0b28  iteatapi - ok
18:06:07.0020 0x0b28  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:06:07.0025 0x0b28  iteraid - ok
18:06:07.0100 0x0b28  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:06:07.0105 0x0b28  kbdclass - ok
18:06:07.0222 0x0b28  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:06:07.0226 0x0b28  kbdhid - ok
18:06:07.0308 0x0b28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
18:06:07.0314 0x0b28  KeyIso - ok
18:06:07.0395 0x0b28  [ E8CA038F51F7761BD6E3A3B0B8014263, CC168838CB56776DC728869278A9F3CCEC215D5AFBE9ACD32D09D0971501EAAF ] KR10I           C:\Windows\system32\drivers\kr10i.sys
18:06:07.0429 0x0b28  KR10I - ok
18:06:07.0502 0x0b28  [ 6A4ADB9186DD0E114E623DAF57E42B31, AECE2412890B1716F5E22ECC62EC09AF4DDD66A642D7B7DC892730D472B7FEAF ] KR10N           C:\Windows\system32\drivers\kr10n.sys
18:06:07.0521 0x0b28  KR10N - ok
18:06:07.0625 0x0b28  [ 485E005CD51FF502FB16483EB4B69C17, 8294524C21C18BA5A32B926BD497C67A4ED49FB3654C93D11681C01D30769998 ] KR3NPXP         C:\Windows\system32\drivers\kr3npxp.sys
18:06:07.0663 0x0b28  KR3NPXP - ok
18:06:07.0793 0x0b28  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:06:07.0947 0x0b28  KSecDD - ok
18:06:08.0166 0x0b28  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:06:08.0257 0x0b28  KtmRm - ok
18:06:08.0380 0x0b28  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:06:08.0409 0x0b28  LanmanServer - ok
18:06:08.0587 0x0b28  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:06:08.0655 0x0b28  LanmanWorkstation - ok
18:06:09.0018 0x0b28  [ 559C9B7800FAC92FC515CD0003D7C631, 1A2C2C3C8E1B862224267462EA3A3BE5A02FE3D0626B292A663CB1EBC8A1B2C5 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:06:09.0104 0x0b28  LightScribeService - ok
18:06:09.0278 0x0b28  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:06:09.0312 0x0b28  lltdio - ok
18:06:09.0545 0x0b28  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:06:09.0703 0x0b28  lltdsvc - ok
18:06:09.0838 0x0b28  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:06:09.0890 0x0b28  lmhosts - ok
18:06:10.0162 0x0b28  [ 515FC18CABEE0158A324B08B1C2667CF, E044C731C795EB27E85DDD09F574D7002BC230D6341340078655892CAB3BA2E6 ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
18:06:10.0216 0x0b28  LPCFilter - ok
18:06:10.0334 0x0b28  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:06:10.0429 0x0b28  LSI_FC - ok
18:06:10.0499 0x0b28  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:06:10.0524 0x0b28  LSI_SAS - ok
18:06:10.0579 0x0b28  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:06:10.0586 0x0b28  LSI_SCSI - ok
18:06:10.0673 0x0b28  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:06:10.0701 0x0b28  luafv - ok
18:06:10.0753 0x0b28  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:06:10.0785 0x0b28  megasas - ok
18:06:11.0065 0x0b28  Microsoft SharePoint Workspace Audit Service - ok
18:06:11.0159 0x0b28  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
18:06:11.0190 0x0b28  MMCSS - ok
18:06:11.0294 0x0b28  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
18:06:11.0331 0x0b28  Modem - ok
18:06:11.0418 0x0b28  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:06:11.0456 0x0b28  monitor - ok
18:06:11.0547 0x0b28  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:06:11.0576 0x0b28  mouclass - ok
18:06:11.0656 0x0b28  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:06:11.0685 0x0b28  mouhid - ok
18:06:11.0737 0x0b28  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:06:11.0744 0x0b28  MountMgr - ok
18:06:11.0798 0x0b28  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:06:11.0806 0x0b28  mpio - ok
18:06:11.0906 0x0b28  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:06:11.0913 0x0b28  mpsdrv - ok
18:06:12.0161 0x0b28  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:06:12.0238 0x0b28  MpsSvc - ok
18:06:12.0359 0x0b28  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:06:12.0409 0x0b28  Mraid35x - ok
18:06:12.0499 0x0b28  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:06:12.0623 0x0b28  MRxDAV - ok
18:06:12.0746 0x0b28  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:06:12.0828 0x0b28  mrxsmb - ok
18:06:12.0963 0x0b28  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:06:13.0035 0x0b28  mrxsmb10 - ok
18:06:13.0143 0x0b28  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:06:13.0186 0x0b28  mrxsmb20 - ok
18:06:13.0296 0x0b28  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:06:13.0331 0x0b28  msahci - ok
18:06:13.0405 0x0b28  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:06:13.0414 0x0b28  msdsm - ok
18:06:13.0492 0x0b28  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
18:06:13.0538 0x0b28  MSDTC - ok
18:06:13.0718 0x0b28  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:06:13.0772 0x0b28  Msfs - ok
18:06:13.0858 0x0b28  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:06:13.0890 0x0b28  msisadrv - ok
18:06:14.0003 0x0b28  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:06:14.0045 0x0b28  MSiSCSI - ok
18:06:14.0084 0x0b28  msiserver - ok
18:06:14.0235 0x0b28  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:06:14.0278 0x0b28  MSKSSRV - ok
18:06:14.0447 0x0b28  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:06:14.0485 0x0b28  MSPCLOCK - ok
18:06:14.0589 0x0b28  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:06:14.0629 0x0b28  MSPQM - ok
18:06:14.0719 0x0b28  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:06:14.0733 0x0b28  MsRPC - ok
18:06:14.0816 0x0b28  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:06:14.0821 0x0b28  mssmbios - ok
18:06:14.0917 0x0b28  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:06:14.0920 0x0b28  MSTEE - ok
18:06:14.0997 0x0b28  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:06:15.0003 0x0b28  Mup - ok
18:06:15.0113 0x0b28  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
18:06:15.0147 0x0b28  napagent - ok
18:06:15.0267 0x0b28  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:06:15.0280 0x0b28  NativeWifiP - ok
18:06:15.0397 0x0b28  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:06:15.0442 0x0b28  NDIS - ok
18:06:15.0532 0x0b28  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:06:15.0535 0x0b28  NdisTapi - ok
18:06:15.0605 0x0b28  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:06:15.0609 0x0b28  Ndisuio - ok
18:06:15.0685 0x0b28  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:06:15.0696 0x0b28  NdisWan - ok
18:06:15.0797 0x0b28  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:06:15.0802 0x0b28  NDProxy - ok
18:06:15.0886 0x0b28  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:06:15.0892 0x0b28  NetBIOS - ok
18:06:15.0978 0x0b28  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:06:15.0993 0x0b28  netbt - ok
18:06:16.0064 0x0b28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
18:06:16.0069 0x0b28  Netlogon - ok
18:06:16.0163 0x0b28  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
18:06:16.0194 0x0b28  Netman - ok
18:06:16.0270 0x0b28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:06:16.0397 0x0b28  NetMsmqActivator - ok
18:06:16.0436 0x0b28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:06:16.0450 0x0b28  NetPipeActivator - ok
18:06:16.0560 0x0b28  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
18:06:16.0582 0x0b28  netprofm - ok
18:06:16.0659 0x0b28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:06:16.0669 0x0b28  NetTcpActivator - ok
18:06:16.0735 0x0b28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:06:16.0744 0x0b28  NetTcpPortSharing - ok
18:06:17.0092 0x0b28  [ A15F219208843A5A210C8CB391384453, E333018B7A841F1E1E6E4A56BA05B4A4FDF46866B3697747ADCF4CA0F43D8A1D ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
18:06:17.0291 0x0b28  NETw3v32 - ok
18:06:17.0421 0x0b28  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:06:17.0426 0x0b28  nfrd960 - ok
18:06:17.0509 0x0b28  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:06:17.0527 0x0b28  NlaSvc - ok
18:06:17.0619 0x0b28  NMIndexingService - ok
18:06:17.0702 0x0b28  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:06:17.0707 0x0b28  Npfs - ok
18:06:17.0792 0x0b28  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
18:06:17.0799 0x0b28  nsi - ok
18:06:17.0996 0x0b28  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:06:18.0061 0x0b28  nsiproxy - ok
18:06:18.0256 0x0b28  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:06:18.0359 0x0b28  Ntfs - ok
18:06:18.0484 0x0b28  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:06:18.0489 0x0b28  ntrigdigi - ok
18:06:18.0604 0x0b28  [ CF7E041663119E09D2E118521ADA9300, 0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
18:06:18.0608 0x0b28  NuidFltr - ok
18:06:18.0707 0x0b28  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
18:06:18.0710 0x0b28  Null - ok
18:06:18.0828 0x0b28  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:06:18.0836 0x0b28  nvraid - ok
18:06:18.0885 0x0b28  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:06:18.0890 0x0b28  nvstor - ok
18:06:18.0995 0x0b28  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:06:19.0005 0x0b28  nv_agp - ok
18:06:19.0038 0x0b28  NwlnkFlt - ok
18:06:19.0087 0x0b28  NwlnkFwd - ok
18:06:19.0204 0x0b28  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:06:19.0211 0x0b28  ohci1394 - ok
18:06:19.0379 0x0b28  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:06:19.0392 0x0b28  ose - ok
18:06:19.0900 0x0b28  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:06:25.0284 0x0b28  osppsvc - ok
18:06:26.0256 0x0b28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:06:26.0749 0x0b28  p2pimsvc - ok
18:06:27.0063 0x0b28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:06:27.0104 0x0b28  p2psvc - ok
18:06:27.0572 0x0b28  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
18:06:27.0596 0x0b28  Parport - ok
18:06:28.0043 0x0b28  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:06:28.0151 0x0b28  partmgr - ok
18:06:28.0308 0x0b28  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:06:28.0329 0x0b28  Parvdm - ok
18:06:28.0783 0x0b28  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:06:28.0937 0x0b28  PcaSvc - ok
18:06:29.0227 0x0b28  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
18:06:29.0488 0x0b28  pci - ok
18:06:29.0607 0x0b28  [ 3B1901E401473E03EB8C874271E50C26, 3C7931F419E29FDD0155D8D05D97289430A2852FCB3DBAD1B338FE2241458E72 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:06:29.0632 0x0b28  pciide - ok
18:06:29.0879 0x0b28  [ 3BB2244F343B610C29C98035504C9B75, DA61EC2600199DFA32020D0484E9BBF5E0742E7C8C952370BF6FAF91C914A999 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:06:29.0921 0x0b28  pcmcia - ok
18:06:30.0411 0x0b28  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:06:30.0719 0x0b28  PEAUTH - ok
18:06:31.0091 0x0b28  [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1, F2DD39F6B1489276A913FD62D6C068D79EABADC417D404143E3D2FF8C20CDE01 ] pinger          C:\TOSHIBA\IVP\ISM\pinger.exe
18:06:31.0107 0x0b28  pinger - ok
18:06:31.0704 0x0b28  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
18:06:32.0415 0x0b28  pla - ok
18:06:32.0712 0x0b28  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:06:32.0877 0x0b28  PlugPlay - ok
18:06:33.0270 0x0b28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:06:33.0313 0x0b28  PNRPAutoReg - ok
18:06:33.0553 0x0b28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:06:33.0604 0x0b28  PNRPsvc - ok
18:06:33.0931 0x0b28  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:06:34.0015 0x0b28  PolicyAgent - ok
18:06:34.0230 0x0b28  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:06:34.0261 0x0b28  PptpMiniport - ok
18:06:34.0426 0x0b28  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
18:06:34.0455 0x0b28  Processor - ok
18:06:34.0701 0x0b28  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
18:06:34.0765 0x0b28  ProfSvc - ok
18:06:34.0865 0x0b28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
18:06:34.0892 0x0b28  ProtectedStorage - ok
18:06:35.0025 0x0b28  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:06:35.0060 0x0b28  PSched - ok
18:06:35.0373 0x0b28  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:06:35.0488 0x0b28  ql2300 - ok
18:06:35.0610 0x0b28  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:06:35.0640 0x0b28  ql40xx - ok
18:06:35.0799 0x0b28  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
18:06:35.0874 0x0b28  QWAVE - ok
18:06:35.0967 0x0b28  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:06:35.0972 0x0b28  QWAVEdrv - ok
18:06:36.0108 0x0b28  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:06:36.0134 0x0b28  RasAcd - ok
18:06:36.0253 0x0b28  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
18:06:36.0284 0x0b28  RasAuto - ok
18:06:36.0403 0x0b28  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:06:36.0463 0x0b28  Rasl2tp - ok
18:06:36.0599 0x0b28  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
18:06:36.0731 0x0b28  RasMan - ok
18:06:36.0877 0x0b28  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:06:36.0890 0x0b28  RasPppoe - ok
18:06:37.0005 0x0b28  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:06:37.0034 0x0b28  RasSstp - ok
18:06:37.0203 0x0b28  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:06:37.0221 0x0b28  rdbss - ok
18:06:37.0332 0x0b28  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:06:37.0360 0x0b28  RDPCDD - ok
18:06:37.0512 0x0b28  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:06:37.0575 0x0b28  rdpdr - ok
18:06:37.0640 0x0b28  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:06:37.0643 0x0b28  RDPENCDD - ok
18:06:37.0787 0x0b28  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:06:37.0802 0x0b28  RDPWD - ok
18:06:37.0893 0x0b28  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:06:37.0928 0x0b28  RemoteAccess - ok
18:06:38.0038 0x0b28  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:06:38.0076 0x0b28  RemoteRegistry - ok
18:06:38.0211 0x0b28  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
18:06:38.0217 0x0b28  RpcLocator - ok
18:06:38.0497 0x0b28  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
18:06:38.0556 0x0b28  RpcSs - ok
18:06:38.0658 0x0b28  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:06:38.0665 0x0b28  rspndr - ok
18:06:38.0761 0x0b28  [ 455F7F7974211EA11B81F0F4E528E258, BB66099D66046F85BFFE6618C0970611CEF9BE4C970B1FDFB9F47BE0A7809780 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
18:06:38.0768 0x0b28  RTL8169 - ok
18:06:38.0864 0x0b28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
18:06:38.0869 0x0b28  SamSs - ok
18:06:39.0015 0x0b28  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:06:39.0079 0x0b28  sbp2port - ok
18:06:39.0203 0x0b28  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:06:39.0218 0x0b28  SCardSvr - ok
18:06:39.0533 0x0b28  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
18:06:39.0582 0x0b28  Schedule - ok
18:06:39.0676 0x0b28  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:06:39.0681 0x0b28  SCPolicySvc - ok
18:06:39.0844 0x0b28  [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
18:06:39.0857 0x0b28  sdbus - ok
18:06:39.0953 0x0b28  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:06:39.0968 0x0b28  SDRSVC - ok
18:06:40.0047 0x0b28  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:06:40.0128 0x0b28  secdrv - ok
18:06:40.0216 0x0b28  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
18:06:40.0224 0x0b28  seclogon - ok
18:06:40.0315 0x0b28  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
18:06:40.0324 0x0b28  SENS - ok
18:06:40.0374 0x0b28  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:06:40.0378 0x0b28  Serenum - ok
18:06:40.0439 0x0b28  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
18:06:40.0452 0x0b28  Serial - ok
18:06:40.0558 0x0b28  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:06:40.0562 0x0b28  sermouse - ok
18:06:40.0692 0x0b28  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:06:40.0709 0x0b28  SessionEnv - ok
18:06:40.0768 0x0b28  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
18:06:40.0771 0x0b28  sffdisk - ok
18:06:40.0834 0x0b28  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:06:40.0838 0x0b28  sffp_mmc - ok
18:06:40.0900 0x0b28  [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
18:06:40.0903 0x0b28  sffp_sd - ok
18:06:40.0971 0x0b28  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:06:40.0975 0x0b28  sfloppy - ok
18:06:41.0045 0x0b28  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:06:41.0069 0x0b28  SharedAccess - ok
18:06:41.0174 0x0b28  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:06:41.0201 0x0b28  ShellHWDetection - ok
18:06:41.0268 0x0b28  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:06:41.0275 0x0b28  sisagp - ok
18:06:41.0331 0x0b28  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:06:41.0337 0x0b28  SiSRaid2 - ok
18:06:41.0383 0x0b28  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:06:41.0391 0x0b28  SiSRaid4 - ok
18:06:41.0739 0x0b28  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
18:06:42.0075 0x0b28  slsvc - ok
18:06:42.0239 0x0b28  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:06:42.0251 0x0b28  SLUINotify - ok
18:06:42.0320 0x0b28  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:06:42.0327 0x0b28  Smb - ok
18:06:42.0436 0x0b28  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:06:42.0444 0x0b28  SNMPTRAP - ok
18:06:42.0549 0x0b28  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:06:42.0554 0x0b28  spldr - ok
18:06:42.0670 0x0b28  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
18:06:42.0686 0x0b28  Spooler - ok
18:06:42.0772 0x0b28  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:06:42.0796 0x0b28  srv - ok
18:06:42.0903 0x0b28  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:06:42.0916 0x0b28  srv2 - ok
18:06:42.0970 0x0b28  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:06:42.0980 0x0b28  srvnet - ok
18:06:43.0044 0x0b28  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:06:43.0062 0x0b28  SSDPSRV - ok
18:06:43.0211 0x0b28  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:06:43.0227 0x0b28  SstpSvc - ok
18:06:43.0341 0x0b28  [ 9359AB8BEA059222742345ED63147222, 2C6B70D1168A1FEA342A10A27AF4B8F83601399190D91B22E1000237FC616D87 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:06:43.0357 0x0b28  ssudmdm - ok
18:06:43.0513 0x0b28  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:06:43.0557 0x0b28  StillCam - ok
18:06:43.0672 0x0b28  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
18:06:43.0726 0x0b28  stisvc - ok
18:06:43.0813 0x0b28  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:06:43.0821 0x0b28  swenum - ok
18:06:43.0975 0x0b28  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
18:06:44.0005 0x0b28  swprv - ok
18:06:44.0119 0x0b28  [ 327786C5D6BCF284FAB14C2B5751F514, BD15ED73BEED860711D414E31BE3853D580A5C10B6001F7102FD260397063D81 ] Swupdtmr        c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
18:06:44.0125 0x0b28  Swupdtmr - ok
18:06:44.0223 0x0b28  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:06:44.0228 0x0b28  Symc8xx - ok
18:06:44.0291 0x0b28  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:06:44.0296 0x0b28  Sym_hi - ok
18:06:44.0356 0x0b28  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:06:44.0361 0x0b28  Sym_u3 - ok
18:06:44.0491 0x0b28  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
18:06:44.0553 0x0b28  SysMain - ok
18:06:44.0634 0x0b28  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:06:44.0647 0x0b28  TabletInputService - ok
18:06:44.0728 0x0b28  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:06:44.0752 0x0b28  TapiSrv - ok
18:06:44.0861 0x0b28  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
18:06:44.0893 0x0b28  TBS - ok
18:06:45.0069 0x0b28  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:06:45.0168 0x0b28  Tcpip - ok
18:06:45.0278 0x0b28  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:06:45.0374 0x0b28  Tcpip6 - ok
18:06:45.0467 0x0b28  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:06:45.0472 0x0b28  tcpipreg - ok
18:06:45.0544 0x0b28  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:06:45.0548 0x0b28  TDPIPE - ok
18:06:45.0600 0x0b28  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:06:45.0604 0x0b28  TDTCP - ok
18:06:45.0671 0x0b28  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:06:45.0693 0x0b28  tdx - ok
18:06:45.0776 0x0b28  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:06:45.0782 0x0b28  TermDD - ok
18:06:45.0913 0x0b28  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
18:06:45.0958 0x0b28  TermService - ok
18:06:46.0039 0x0b28  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
18:06:46.0059 0x0b28  Themes - ok
18:06:46.0107 0x0b28  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:06:46.0116 0x0b28  THREADORDER - ok
18:06:46.0206 0x0b28  [ 28B7F973C36D157A7885B1AE42A4A2A9, BB8EEE9D38F1AFFF0E9667C9DBEB6E9C41AA099FACC7CEABAFE38C0612EAB724 ] tifm21          C:\Windows\system32\drivers\tifm21.sys
18:06:46.0245 0x0b28  tifm21 - ok
18:06:46.0294 0x0b28  Tosrfcom - ok
18:06:46.0376 0x0b28  [ 5C4103544612E5011EF46301B93D1AA6, B26BBDE22AB60A7B692A8D6F11F40343146D0D3FD0099E3E0DB8ECCF87ECD2B3 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
18:06:46.0380 0x0b28  tosrfec - ok
18:06:46.0486 0x0b28  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
18:06:46.0499 0x0b28  TrkWks - ok
18:06:46.0598 0x0b28  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:06:46.0603 0x0b28  TrustedInstaller - ok
18:06:46.0681 0x0b28  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:06:46.0685 0x0b28  tssecsrv - ok
18:06:46.0802 0x0b28  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:06:46.0812 0x0b28  tunmp - ok
18:06:46.0863 0x0b28  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:06:46.0867 0x0b28  tunnel - ok
18:06:46.0933 0x0b28  [ 521C5F39829875ADF5466DD94C6282C7, E6E420566C29ABAF4B49E50935B12552FF835A9808930BFDB6F2B77F246F9AFC ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:06:46.0944 0x0b28  TVALZ - ok
18:06:47.0011 0x0b28  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:06:47.0018 0x0b28  uagp35 - ok
18:06:47.0105 0x0b28  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:06:47.0124 0x0b28  udfs - ok
18:06:47.0235 0x0b28  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:06:47.0246 0x0b28  UI0Detect - ok
18:06:47.0354 0x0b28  [ 332D341D92B933600D41953B08360DFB, 213A5C84ABB0D627C05B355084A26A5081645D4EC398FF19EF6BBCB690B10055 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:06:47.0360 0x0b28  UleadBurningHelper - ok
18:06:47.0407 0x0b28  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:06:47.0414 0x0b28  uliagpkx - ok
18:06:47.0485 0x0b28  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:06:47.0505 0x0b28  uliahci - ok
18:06:47.0592 0x0b28  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:06:47.0608 0x0b28  UlSata - ok
18:06:47.0693 0x0b28  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:06:47.0721 0x0b28  ulsata2 - ok
18:06:47.0783 0x0b28  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:06:47.0788 0x0b28  umbus - ok
18:06:47.0890 0x0b28  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
18:06:47.0915 0x0b28  upnphost - ok
18:06:48.0003 0x0b28  USBAAPL - ok
18:06:48.0176 0x0b28  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:06:48.0184 0x0b28  usbaudio - ok
18:06:48.0278 0x0b28  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:06:48.0286 0x0b28  usbccgp - ok
18:06:48.0419 0x0b28  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:06:48.0427 0x0b28  usbcir - ok
18:06:48.0518 0x0b28  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:06:48.0540 0x0b28  usbehci - ok
18:06:48.0623 0x0b28  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:06:48.0640 0x0b28  usbhub - ok
18:06:48.0703 0x0b28  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:06:48.0715 0x0b28  usbohci - ok
18:06:48.0783 0x0b28  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:06:48.0787 0x0b28  usbprint - ok
18:06:48.0890 0x0b28  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:06:48.0895 0x0b28  usbscan - ok
18:06:49.0002 0x0b28  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:06:49.0009 0x0b28  USBSTOR - ok
18:06:49.0070 0x0b28  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:06:49.0088 0x0b28  usbuhci - ok
18:06:49.0244 0x0b28  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:06:49.0257 0x0b28  usbvideo - ok
18:06:49.0332 0x0b28  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
18:06:49.0342 0x0b28  UxSms - ok
18:06:49.0479 0x0b28  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
18:06:49.0531 0x0b28  vds - ok
18:06:49.0656 0x0b28  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:49.0684 0x0b28  vga - ok
18:06:49.0760 0x0b28  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:06:49.0772 0x0b28  VgaSave - ok
18:06:49.0841 0x0b28  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:06:49.0847 0x0b28  viaagp - ok
18:06:49.0950 0x0b28  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:06:49.0955 0x0b28  ViaC7 - ok
18:06:49.0995 0x0b28  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:06:49.0999 0x0b28  viaide - ok
18:06:50.0072 0x0b28  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:06:50.0078 0x0b28  volmgr - ok
18:06:50.0164 0x0b28  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:06:50.0188 0x0b28  volmgrx - ok
18:06:50.0344 0x0b28  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:06:50.0404 0x0b28  volsnap - ok
18:06:50.0501 0x0b28  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:06:50.0534 0x0b28  vsmraid - ok
18:06:50.0711 0x0b28  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
18:06:50.0793 0x0b28  VSS - ok
18:06:50.0866 0x0b28  vToolbarUpdater18.1.5 - ok
18:06:51.0037 0x0b28  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
18:06:51.0065 0x0b28  W32Time - ok
18:06:51.0142 0x0b28  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:06:51.0152 0x0b28  WacomPen - ok
18:06:51.0252 0x0b28  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:06:51.0259 0x0b28  Wanarp - ok
18:06:51.0291 0x0b28  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:06:51.0296 0x0b28  Wanarpv6 - ok
18:06:51.0387 0x0b28  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:06:51.0427 0x0b28  wcncsvc - ok
18:06:51.0538 0x0b28  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:06:51.0551 0x0b28  WcsPlugInService - ok
18:06:51.0612 0x0b28  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
18:06:51.0621 0x0b28  Wd - ok
18:06:51.0750 0x0b28  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:06:51.0821 0x0b28  Wdf01000 - ok
18:06:51.0923 0x0b28  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:06:51.0935 0x0b28  WdiServiceHost - ok
18:06:51.0984 0x0b28  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:06:52.0001 0x0b28  WdiSystemHost - ok
18:06:52.0082 0x0b28  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
18:06:52.0103 0x0b28  WebClient - ok
18:06:52.0190 0x0b28  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:06:52.0362 0x0b28  Wecsvc - ok
18:06:52.0541 0x0b28  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:06:52.0573 0x0b28  wercplsupport - ok
18:06:52.0664 0x0b28  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:06:52.0693 0x0b28  WerSvc - ok
18:06:52.0824 0x0b28  WinHttpAutoProxySvc - ok
18:06:53.0080 0x0b28  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:06:53.0096 0x0b28  Winmgmt - ok
18:06:53.0310 0x0b28  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:06:53.0402 0x0b28  WinRM - ok
18:06:53.0569 0x0b28  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:06:53.0628 0x0b28  Wlansvc - ok
18:06:53.0709 0x0b28  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:06:53.0713 0x0b28  WmiAcpi - ok
18:06:53.0810 0x0b28  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:06:53.0823 0x0b28  wmiApSrv - ok
18:06:54.0040 0x0b28  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:06:54.0105 0x0b28  WMPNetworkSvc - ok
18:06:54.0183 0x0b28  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:06:54.0201 0x0b28  WPCSvc - ok
18:06:54.0294 0x0b28  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:06:54.0307 0x0b28  WPDBusEnum - ok
18:06:54.0410 0x0b28  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:06:54.0426 0x0b28  WpdUsb - ok
18:06:54.0647 0x0b28  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:06:54.0745 0x0b28  WPFFontCache_v0400 - ok
18:06:54.0829 0x0b28  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:06:54.0833 0x0b28  ws2ifsl - ok
18:06:54.0910 0x0b28  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:06:54.0952 0x0b28  wscsvc - ok
18:06:54.0986 0x0b28  WSearch - ok
18:06:55.0295 0x0b28  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:06:55.0461 0x0b28  wuauserv - ok
18:06:55.0598 0x0b28  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:06:55.0642 0x0b28  WudfPf - ok
18:06:55.0724 0x0b28  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:55.0738 0x0b28  WUDFRd - ok
18:06:55.0813 0x0b28  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:06:55.0834 0x0b28  wudfsvc - ok
18:06:55.0980 0x0b28  xsewmzvga - ok
18:06:56.0093 0x0b28  ================ Scan global ===============================
18:06:56.0186 0x0b28  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
18:06:56.0277 0x0b28  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:06:56.0363 0x0b28  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:06:56.0482 0x0b28  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
18:06:56.0508 0x0b28  [ Global ] - ok
18:06:56.0519 0x0b28  ================ Scan MBR ==================================
18:06:56.0541 0x0b28  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
18:06:56.0923 0x0b28  \Device\Harddisk0\DR0 - ok
18:06:56.0940 0x0b28  ================ Scan VBR ==================================
18:06:56.0960 0x0b28  [ CAC1FD8905C83B1BC2D4E9BA617C0A32 ] \Device\Harddisk0\DR0\Partition1
18:06:56.0988 0x0b28  \Device\Harddisk0\DR0\Partition1 - ok
18:06:56.0999 0x0b28  ================ Scan generic autorun ======================
18:06:57.0052 0x0b28  [ 7F7B42B1BA42242116F5B277A063FE2E, BFB7657EE55F97B0ADB16AD8FB8545910301C63832801927B4955148744E6556 ] C:\Windows\system32\igfxtray.exe
18:06:57.0066 0x0b28  IgfxTray - ok
18:06:57.0121 0x0b28  [ 5F529FBB095CBC9F14BB1E97A7A6B547, A69BD52B70AB2564417C9A5C78472EDF457EDBDF5B8BEC3367B765A482C65EC0 ] C:\Windows\system32\hkcmd.exe
18:06:57.0167 0x0b28  HotKeysCmds - ok
18:06:57.0249 0x0b28  [ D8A33AF26E4143F7A892009890BB6F64, 4570A1B45A264D141DC919C94E5D8DD0D0D224D418ADE23385BFD787F095BEBF ] C:\Windows\system32\igfxpers.exe
18:06:57.0261 0x0b28  Persistence - ok
18:06:57.0375 0x0b28  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
18:06:57.0406 0x0b28  BCSSync - ok
18:06:57.0418 0x0b28  vProt - ok
18:06:57.0689 0x0b28  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
18:06:57.0795 0x0b28  Sidebar - ok
18:06:57.0822 0x0b28  WindowsWelcomeCenter - ok
18:06:57.0965 0x0b28  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
18:06:58.0044 0x0b28  Sidebar - ok
18:06:58.0079 0x0b28  WindowsWelcomeCenter - ok
18:06:58.0168 0x0b28  GoogleDriveSync - ok
18:06:58.0248 0x0b28  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
18:06:58.0263 0x0b28  WMPNSCFG - ok
18:06:58.0404 0x0b28  [ 1620FE36666F4BBC2314B7F360FB1965, EAC638C55DCB8C9CAA60040EBD9D08CCCD029E6450A882CF394B3331583390C7 ] C:\Program Files\Google\Chrome\Application\chrome.exe
18:06:58.0479 0x0b28  GoogleChromeAutoLaunch_9551E1C1FBAA8F6DD8374036CB9CF102 - ok
18:06:58.0536 0x0b28  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
18:06:58.0692 0x0b28  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
18:06:58.0787 0x0b28  Sidebar - ok
18:06:58.0816 0x0b28  WindowsWelcomeCenter - ok
18:06:58.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:06:59.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:00.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:01.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:02.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:03.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:04.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:05.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:06.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:07.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:08.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:09.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:10.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:11.0831 0x0b28  Waiting for KSN requests completion. In queue: 175
18:07:15.0046 0x0b28  Win FW state via NFP2: enabled
18:07:17.0782 0x0b28  ============================================================
18:07:17.0783 0x0b28  Scan finished
18:07:17.0783 0x0b28  ============================================================
18:07:17.0822 0x0d4c  Detected object count: 0
18:07:17.0823 0x0d4c  Actual detected object count: 0
18:10:47.0741 0x0494  Deinitialize success


#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,286 posts
  • Interests:LFC, music, more LFC, more music

Posted 13 June 2014 - 01:27 AM

Try running ComboFix in safe mode:

  • restart your computer.
  • when the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with the Windows Advanced Boot Options menu
  • select the option for Safe Mode using the arrow keys
  • then press Enter on your keyboard to boot into Safe Mode.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 June 2014 - 04:04 PM

Ok I put it into safe mode and started running it at 10am this morning. It is 6pm now and it still has not finished. The computer has not frozen as it is still responsive. What would you like me to do?

#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,286 posts
  • Interests:LFC, music, more LFC, more music

Posted 13 June 2014 - 05:08 PM

Let’s try a different scan.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

32-bit
http://www.bleepingc...can-tool/dl/81/
64-bit
http://www.bleepingc...can-tool/dl/82/

If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • double-click to run it. When the tool opens click Yes to disclaimer.
  • press Scan button.
  • it will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • the first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

Satchfan

 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 June 2014 - 06:25 PM

LOL That was a lot faster.

 

FRST Report

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by rac (administrator) on TOMOHISA on 13-06-2014 20:17:02
Running from C:\Users\rac\Desktop
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Dell AIO Printer 948\dldfmon.exe
() C:\Program Files\Dell AIO Printer 948\memcard.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\rac\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cerulean Studios) C:\Program Files\Trillian\trillian.exe
( ) C:\Windows\System32\dldfcoms.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\TOSHIBA\IVP\ISM\pinger.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [dldfmon.exe] => C:\Program Files\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
HKLM\...\Run: [Dell AIO Printer 948 Fax Server] => C:\Program Files\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
HKU\.DEFAULT\...\Run: [autochk] => rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...\Run: [GoogleChromeAutoLaunch_9551E1C1FBAA8F6DD8374036CB9CF102] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\...\MountPoints2: D - D:\autorun.exe
Startup: C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\rac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
SearchScopes: HKLM - DefaultScope {41396b1b-447e-473b-a34b-bb583136c7fc} URL = 
SearchScopes: HKLM - {7BCFC7A9-435C-46D7-917E-81F1A6B16947} URL = http://www.google.co...ge={startPage};
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKCU - {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://search-gala.c...q={searchTerms}
SearchScopes: HKCU - {7BCFC7A9-435C-46D7-917E-81F1A6B16947} URL = http://search-gala.c...q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
 
FireFox:
========
FF ProfilePath: C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\q8bpoqvj.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\q8bpoqvj.default\searchplugins\OurBabyMaker_27.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: BetterLinks - C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\q8bpoqvj.default\Extensions\smartlinks@getsmartlinks.com [2036-09-02]
FF Extension: Yahoo! Toolbar - C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\q8bpoqvj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514
 
========================== Services (Whitelisted) =================
 
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-21] (Adobe Systems) [File not signed]
S4 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
S2 dldfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe [98952 2007-06-26] ()
R2 dldf_device; C:\Windows\system32\dldfcoms.exe [598664 2007-06-26] ( )
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX) [File not signed]
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S3 catchme; C:\Users\rac\AppData\Local\Temp\catchme.sys [31744 2014-06-13] () [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 Tosrfcom; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S2 xsewmzvga; \??\C:\Windows\system32\drivers\epwxtgux.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2039-01-17 00:51 - 2039-01-17 00:51 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2039-01-17 00:40 - 2039-01-17 00:40 - 00000920 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2039-01-17 00:40 - 2039-01-17 00:40 - 00000915 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2039-01-17 00:40 - 2039-01-17 00:40 - 00000886 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2039-01-17 00:40 - 2039-01-17 00:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2039-01-17 00:39 - 2039-01-17 01:01 - 00000680 _____ () C:\Users\Guest\AppData\Local\d3d9caps.dat
2039-01-17 00:39 - 2039-01-17 00:39 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2039-01-17 00:39 - 2039-01-17 00:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Symantec
2039-01-17 00:39 - 2014-05-25 00:59 - 00000000 ____D () C:\Users\Guest
2039-01-17 00:39 - 2014-04-27 02:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Temp
2039-01-17 00:39 - 2009-01-02 20:51 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2039-01-17 00:39 - 2009-01-02 20:51 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2036-10-06 00:38 - 2036-10-06 00:38 - 00000000 ____C () C:\t16g.1
2036-09-11 05:01 - 2014-05-25 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2036-09-11 04:58 - 2014-06-13 19:56 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2036-09-11 04:58 - 2014-06-13 09:33 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2036-09-11 04:56 - 2014-01-24 09:00 - 00000000 ____D () C:\ProgramData\Skype
2036-06-09 20:27 - 2014-04-08 02:37 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2036-06-07 23:11 - 2036-06-07 23:11 - 00000632 __RSH () C:\Users\rac\ntuser.pol
2036-06-07 22:24 - 2014-03-11 22:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2036-05-16 22:24 - 2036-05-16 22:24 - 00000000 ____D () C:\Users\rac\AppData\Local\Symantec
2036-05-16 22:19 - 2010-09-07 16:05 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\capicom.dll
2036-05-16 22:19 - 2007-03-21 20:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\MFC71.DLL
2036-05-16 22:18 - 2014-01-31 19:26 - 00000000 ____D () C:\ProgramData\Symantec
2036-05-16 22:18 - 2014-01-31 19:26 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2036-05-16 21:40 - 2036-05-16 21:40 - 00000353 _____ () C:\Windows\SynInst.log
2036-05-16 21:35 - 2036-05-16 21:35 - 00000432 _____ () C:\Windows\system32\Drivers\kgpfr2.cfg
2036-05-16 17:27 - 2036-05-16 21:36 - 00009640 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A6C.tmp
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A4C.tmp
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A3B.tmp
2036-05-15 10:39 - 2010-01-13 13:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2036-05-15 10:25 - 2010-02-18 09:30 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2036-05-15 10:25 - 2010-02-18 07:28 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2036-05-15 10:25 - 2009-12-08 13:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2036-05-15 10:25 - 2008-01-19 01:55 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS
2036-05-15 10:20 - 2036-05-10 18:30 - 00000110 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2036-05-15 10:19 - 2010-01-21 11:05 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2036-05-15 10:19 - 2009-04-11 02:27 - 00220672 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2036-05-15 10:10 - 2009-09-10 12:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2036-05-15 10:10 - 2009-06-15 10:54 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2036-05-15 10:09 - 2036-05-15 10:09 - 00000000 ____D () C:\Users\rac\AppData\Local\Seven Zip
2036-05-15 09:59 - 2009-10-23 13:10 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2036-05-15 09:45 - 2010-01-25 08:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2036-05-15 09:45 - 2010-01-25 08:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2036-05-15 09:45 - 2010-01-25 08:00 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2036-05-15 09:45 - 2010-01-25 08:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2036-05-15 09:45 - 2010-01-25 07:58 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2036-05-15 09:45 - 2010-01-25 04:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2036-05-15 09:45 - 2010-01-25 04:21 - 00518144 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2036-05-15 09:45 - 2010-01-25 04:21 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2036-05-15 09:45 - 2010-01-25 04:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2036-05-10 18:17 - 2036-05-16 21:37 - 00000000 ____D () C:\ProgramData\STOPzilla!
2036-05-10 16:34 - 2036-05-10 16:34 - 00000000 ____D () C:\Users\rac\AppData\Local\Mozilla
2036-05-10 16:34 - 2014-05-29 15:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2036-05-10 16:26 - 2036-05-10 16:26 - 00000000 ____D () C:\Users\rac\AppData\Roaming\RegistryKeys
2036-05-06 20:33 - 2036-05-10 18:20 - 00010756 ___SH () C:\Users\rac\AppData\Local\t0m8ctog368483w04675vl7l06dw6i5r6krf
2036-05-06 20:33 - 2036-05-10 18:20 - 00010756 ___SH () C:\ProgramData\t0m8ctog368483w04675vl7l06dw6i5r6krf
2014-06-13 20:17 - 2014-06-13 20:19 - 00013711 _____ () C:\Users\rac\Desktop\FRST.txt
2014-06-13 20:16 - 2014-06-13 20:17 - 00000000 ___DC () C:\FRST
2014-06-13 20:14 - 2014-06-13 20:15 - 01073152 _____ (Farbar) C:\Users\rac\Desktop\FRST.exe
2014-06-13 10:24 - 2014-06-13 10:25 - 00000000 __SDC () C:\ComboFix
2014-06-12 18:16 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-12 18:16 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-12 18:16 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-12 18:16 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-12 18:16 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-12 18:16 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-12 18:16 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-12 18:16 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-12 18:13 - 2014-06-12 18:15 - 00000000 ___DC () C:\Qoobox
2014-06-12 18:12 - 2014-06-12 18:12 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 18:00 - 2014-06-12 18:00 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\rac\Desktop\tdsskiller.exe
2014-06-12 17:53 - 2014-06-12 17:53 - 05205897 ____R (Swearware) C:\Users\rac\Desktop\ComboFix.exe
2014-06-12 10:47 - 2014-06-12 10:47 - 00002538 _____ () C:\Users\rac\Desktop\aswMBR.txt
2014-06-12 10:47 - 2014-06-12 10:47 - 00000512 _____ () C:\Users\rac\Desktop\MBR.dat
2014-06-12 09:32 - 2014-06-12 09:32 - 00854378 _____ () C:\Users\rac\Desktop\SecurityCheck.exe
2014-06-12 09:28 - 2014-06-12 09:29 - 04745728 _____ (AVAST Software) C:\Users\rac\Desktop\aswMBR.exe
2014-06-11 20:49 - 2014-06-11 20:49 - 00053458 _____ () C:\Users\rac\Downloads\Extras.Txt
2014-06-11 20:48 - 2014-06-12 03:22 - 00132182 _____ () C:\Users\rac\Downloads\OTL.Txt
2014-06-11 20:28 - 2014-06-11 20:28 - 00010664 _____ () C:\Users\rac\Desktop\JRT.txt
2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 20:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-11 20:04 - 2014-06-12 07:13 - 00000000 ___DC () C:\AdwCleaner
2014-06-11 20:02 - 2014-06-11 20:02 - 00002987 _____ () C:\Users\rac\Desktop\RKreport_DEL_06112014_200156.log
2014-06-11 19:33 - 2014-06-11 19:33 - 01333465 _____ () C:\Users\rac\Downloads\adwcleaner_3.212.exe
2014-06-11 19:33 - 2014-06-11 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\rac\Downloads\OTL.exe
2014-06-11 19:32 - 2014-06-11 19:32 - 01016261 _____ (Thisisu) C:\Users\rac\Downloads\JRT.exe
2014-06-11 19:31 - 2014-06-11 19:31 - 00000171 _____ () C:\Users\rac\Desktop\otl.txt
2014-06-11 16:27 - 2014-06-11 19:34 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-11 16:27 - 2014-06-11 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-11 16:25 - 2014-06-11 16:25 - 04686336 _____ () C:\Users\rac\Downloads\RogueKiller.exe
2014-06-11 08:26 - 2014-05-28 12:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:26 - 2014-05-28 12:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:26 - 2014-05-28 12:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 08:26 - 2014-05-28 12:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:26 - 2014-05-28 12:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:26 - 2014-05-28 12:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 08:26 - 2014-05-28 12:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 08:26 - 2014-05-28 12:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 08:26 - 2014-05-28 12:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 08:26 - 2014-05-28 12:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 08:26 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 08:26 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:26 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 08:26 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 08:25 - 2014-05-28 12:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:25 - 2014-05-28 12:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:25 - 2014-05-28 12:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:25 - 2014-05-28 12:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:25 - 2014-05-28 12:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 08:25 - 2014-05-28 12:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:25 - 2014-05-28 12:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:25 - 2014-05-28 12:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:25 - 2014-05-28 12:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:25 - 2014-05-28 12:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:25 - 2014-05-28 12:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-08 19:08 - 2014-06-08 20:38 - 00001578 _____ () C:\Users\rac\Documents\Music.txt
2014-06-07 00:11 - 2014-06-08 08:20 - 00011929 _____ () C:\Users\rac\Documents\beginnings.txt
2014-05-30 19:37 - 2014-05-30 19:37 - 00000000 ____D () C:\Users\rac\Desktop\DCIM
2014-05-29 15:31 - 2014-05-29 15:31 - 00000865 _____ () C:\Users\rac\Desktop\AIM.lnk
2014-05-29 15:31 - 2014-05-29 15:31 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
2014-05-29 15:28 - 2014-05-29 15:29 - 18818672 _____ (AOL Inc.) C:\Users\rac\Downloads\AIM_Install.exe
2014-05-25 15:41 - 2014-05-25 16:14 - 312811520 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.007
2014-05-25 15:40 - 2014-05-25 16:24 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.006
2014-05-25 15:40 - 2014-05-25 16:24 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.005
2014-05-25 15:38 - 2014-05-25 16:24 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.003
2014-05-25 15:38 - 2014-05-25 16:21 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.004
2014-05-25 15:37 - 2014-05-25 16:20 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.002
2014-05-25 15:34 - 2014-05-25 16:09 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.001
2014-05-25 01:54 - 2014-05-25 01:54 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-25 00:32 - 2014-05-25 00:36 - 00032768 _____ () C:\Users\rac\SxsTrace.etl
2014-05-22 10:07 - 2014-05-22 10:08 - 18586323 _____ () C:\Users\rac\Downloads\140522 지니타임 A Whole New World XIA Junsu 준수 ジュンス in OSAKA.mp4
2014-05-22 09:42 - 2014-05-22 09:42 - 00098116 _____ () C:\Users\rac\Downloads\chrome-youtube-downloader-2.6.5.crx
2014-05-22 09:23 - 2014-05-22 09:23 - 00039082 _____ () C:\Users\rac\Downloads\YouTube_Downloader2.0.1.crx
2014-05-21 09:40 - 2014-05-21 09:46 - 246376178 _____ () C:\Users\rac\Downloads\SPN9.23MP.zip
2014-05-19 23:51 - 2014-05-20 00:16 - 00000000 ____D () C:\Users\rac\Desktop\Junsu Singles 2014
2014-05-14 09:56 - 2014-05-14 09:56 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 09:04 - 2014-05-14 09:05 - 00142928 _____ () C:\Windows\Minidump\Mini051414-01.dmp
2014-05-14 09:04 - 2014-05-14 09:04 - 126494856 _____ () C:\Windows\MEMORY.DMP
2014-05-14 08:59 - 2014-05-14 09:02 - 00000000 ____D () C:\Users\rac\Desktop\New Folder
2014-05-14 06:09 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
 
==================== One Month Modified Files and Folders =======
 
2039-01-17 01:01 - 2039-01-17 00:39 - 00000680 _____ () C:\Users\Guest\AppData\Local\d3d9caps.dat
2039-01-17 00:51 - 2039-01-17 00:51 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2039-01-17 00:40 - 2039-01-17 00:40 - 00000920 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2039-01-17 00:40 - 2039-01-17 00:40 - 00000915 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2039-01-17 00:40 - 2039-01-17 00:40 - 00000886 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2039-01-17 00:40 - 2039-01-17 00:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2039-01-17 00:39 - 2039-01-17 00:39 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2039-01-17 00:39 - 2039-01-17 00:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Symantec
2039-01-16 22:52 - 2009-01-28 20:24 - 00000000 ____D () C:\ProgramData\NOS
2037-05-04 06:05 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2036-10-06 00:38 - 2036-10-06 00:38 - 00000000 ____C () C:\t16g.1
2036-06-07 23:11 - 2036-06-07 23:11 - 00000632 __RSH () C:\Users\rac\ntuser.pol
2036-06-07 23:11 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2036-05-17 10:52 - 2009-09-30 20:30 - 00000000 __SHD () C:\ProgramData\e135217
2036-05-16 22:24 - 2036-05-16 22:24 - 00000000 ____D () C:\Users\rac\AppData\Local\Symantec
2036-05-16 22:12 - 2008-12-29 09:30 - 00000000 ____D () C:\Users\rac\AppData\Local\Yahoo
2036-05-16 22:12 - 2007-05-23 21:13 - 00000000 ____D () C:\ProgramData\YAHOO
2036-05-16 22:08 - 2007-05-23 20:27 - 00000000 ____D () C:\Program Files\Toshiba
2036-05-16 21:45 - 2007-05-23 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2036-05-16 21:42 - 2007-05-23 20:40 - 00000000 ____D () C:\ProgramData\Toshiba
2036-05-16 21:40 - 2036-05-16 21:40 - 00000353 _____ () C:\Windows\SynInst.log
2036-05-16 21:37 - 2036-05-10 18:17 - 00000000 ____D () C:\ProgramData\STOPzilla!
2036-05-16 21:36 - 2036-05-16 17:27 - 00009640 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2036-05-16 21:35 - 2036-05-16 21:35 - 00000432 _____ () C:\Windows\system32\Drivers\kgpfr2.cfg
2036-05-16 21:34 - 2007-05-23 20:32 - 00319984 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2036-05-16 21:34 - 2007-05-23 20:32 - 00000000 ____D () C:\Windows\system32\RTCOM
2036-05-16 21:31 - 2009-01-09 23:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2036-05-16 21:07 - 2007-05-23 21:17 - 00000000 ____D () C:\ProgramData\Napster
2036-05-16 17:26 - 2007-05-23 21:07 - 00000000 ____D () C:\ProgramData\McAfee
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A6C.tmp
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A4C.tmp
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A3B.tmp
2036-05-15 11:52 - 2007-05-23 20:57 - 00000000 ____D () C:\ProgramData\Ulead Systems
2036-05-15 10:44 - 2007-05-23 21:16 - 00000000 ____D () C:\Program Files\DesktopDialer
2036-05-15 10:22 - 2009-06-09 18:43 - 00000000 ____D () C:\Program Files\Common Files\AOL
2036-05-15 10:20 - 2009-07-20 03:08 - 00000215 _____ () C:\Windows\system32\MRT.INI
2036-05-15 10:09 - 2036-05-15 10:09 - 00000000 ____D () C:\Users\rac\AppData\Local\Seven Zip
2036-05-15 10:08 - 2007-05-23 21:00 - 00000000 ____D () C:\Windows\system32\Macromed
2036-05-10 18:30 - 2036-05-15 10:20 - 00000110 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2036-05-10 18:20 - 2036-05-06 20:33 - 00010756 ___SH () C:\Users\rac\AppData\Local\t0m8ctog368483w04675vl7l06dw6i5r6krf
2036-05-10 18:20 - 2036-05-06 20:33 - 00010756 ___SH () C:\ProgramData\t0m8ctog368483w04675vl7l06dw6i5r6krf
2036-05-10 17:52 - 2009-08-20 19:09 - 00000067 _____ () C:\Windows\swupdate.INI
2036-05-10 16:35 - 2009-01-01 17:26 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Mozilla
2036-05-10 16:34 - 2036-05-10 16:34 - 00000000 ____D () C:\Users\rac\AppData\Local\Mozilla
2036-05-10 16:26 - 2036-05-10 16:26 - 00000000 ____D () C:\Users\rac\AppData\Roaming\RegistryKeys
2014-06-13 20:20 - 2008-12-27 14:21 - 00000000 ____D () C:\Users\rac\AppData\Local\Temp
2014-06-13 20:19 - 2014-06-13 20:17 - 00013711 _____ () C:\Users\rac\Desktop\FRST.txt
2014-06-13 20:17 - 2014-06-13 20:16 - 00000000 ___DC () C:\FRST
2014-06-13 20:15 - 2014-06-13 20:14 - 01073152 _____ (Farbar) C:\Users\rac\Desktop\FRST.exe
2014-06-13 20:01 - 2008-12-23 16:47 - 01103837 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 20:00 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 20:00 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 19:59 - 2014-01-25 10:08 - 00000000 ___RD () C:\Users\rac\Dropbox
2014-06-13 19:59 - 2014-01-24 23:25 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Dropbox
2014-06-13 19:59 - 2014-01-24 23:23 - 00000000 ___RD () C:\Users\rac\Google Drive
2014-06-13 19:58 - 2014-01-24 23:31 - 00000000 ____D () C:\Users\rac\AppData\Roaming\DropboxMaster
2014-06-13 19:56 - 2036-09-11 04:58 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 19:56 - 2014-01-30 09:51 - 00000000 ____D () C:\Program Files\Trillian
2014-06-13 19:55 - 2007-05-24 12:49 - 00271362 _____ () C:\Windows\PFRO.log
2014-06-13 19:55 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 10:25 - 2014-06-13 10:24 - 00000000 __SDC () C:\ComboFix
2014-06-13 10:20 - 2006-11-02 08:58 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-13 09:55 - 2014-02-07 19:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 09:33 - 2036-09-11 04:58 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 18:15 - 2014-06-12 18:13 - 00000000 ___DC () C:\Qoobox
2014-06-12 18:12 - 2014-06-12 18:12 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 18:00 - 2014-06-12 18:00 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\rac\Desktop\tdsskiller.exe
2014-06-12 17:53 - 2014-06-12 17:53 - 05205897 ____R (Swearware) C:\Users\rac\Desktop\ComboFix.exe
2014-06-12 10:47 - 2014-06-12 10:47 - 00002538 _____ () C:\Users\rac\Desktop\aswMBR.txt
2014-06-12 10:47 - 2014-06-12 10:47 - 00000512 _____ () C:\Users\rac\Desktop\MBR.dat
2014-06-12 09:32 - 2014-06-12 09:32 - 00854378 _____ () C:\Users\rac\Desktop\SecurityCheck.exe
2014-06-12 09:29 - 2014-06-12 09:28 - 04745728 _____ (AVAST Software) C:\Users\rac\Desktop\aswMBR.exe
2014-06-12 07:13 - 2014-06-11 20:04 - 00000000 ___DC () C:\AdwCleaner
2014-06-12 03:27 - 2008-12-23 17:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 03:25 - 2014-01-24 14:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:22 - 2014-06-11 20:48 - 00132182 _____ () C:\Users\rac\Downloads\OTL.Txt
2014-06-12 03:11 - 2006-11-02 06:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-11 20:49 - 2014-06-11 20:49 - 00053458 _____ () C:\Users\rac\Downloads\Extras.Txt
2014-06-11 20:28 - 2014-06-11 20:28 - 00010664 _____ () C:\Users\rac\Desktop\JRT.txt
2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 20:02 - 2014-06-11 20:02 - 00002987 _____ () C:\Users\rac\Desktop\RKreport_DEL_06112014_200156.log
2014-06-11 19:34 - 2014-06-11 16:27 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-11 19:33 - 2014-06-11 19:33 - 01333465 _____ () C:\Users\rac\Downloads\adwcleaner_3.212.exe
2014-06-11 19:33 - 2014-06-11 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\rac\Downloads\OTL.exe
2014-06-11 19:32 - 2014-06-11 19:32 - 01016261 _____ (Thisisu) C:\Users\rac\Downloads\JRT.exe
2014-06-11 19:31 - 2014-06-11 19:31 - 00000171 _____ () C:\Users\rac\Desktop\otl.txt
2014-06-11 16:27 - 2014-06-11 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-11 16:25 - 2014-06-11 16:25 - 04686336 _____ () C:\Users\rac\Downloads\RogueKiller.exe
2014-06-08 20:38 - 2014-06-08 19:08 - 00001578 _____ () C:\Users\rac\Documents\Music.txt
2014-06-08 08:20 - 2014-06-07 00:11 - 00011929 _____ () C:\Users\rac\Documents\beginnings.txt
2014-06-01 02:34 - 2008-12-29 09:18 - 00150016 _____ () C:\Users\rac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-30 19:37 - 2014-05-30 19:37 - 00000000 ____D () C:\Users\rac\Desktop\DCIM
2014-05-30 19:33 - 2014-01-24 14:57 - 00034300 _____ () C:\Windows\setupact.log
2014-05-29 15:59 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-29 15:31 - 2014-05-29 15:31 - 00000865 _____ () C:\Users\rac\Desktop\AIM.lnk
2014-05-29 15:31 - 2014-05-29 15:31 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
2014-05-29 15:30 - 2036-05-10 16:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-29 15:30 - 2009-09-02 18:33 - 00000000 ____D () C:\Users\rac\AppData\Local\AOL
2014-05-29 15:29 - 2014-05-29 15:28 - 18818672 _____ (AOL Inc.) C:\Users\rac\Downloads\AIM_Install.exe
2014-05-29 03:47 - 2007-05-23 20:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-29 03:35 - 2014-03-20 13:14 - 00000000 ____D () C:\ProgramData\HP
2014-05-29 03:35 - 2014-03-20 13:12 - 00000000 ____D () C:\Users\rac\AppData\Local\HP
2014-05-29 03:35 - 2006-11-02 08:35 - 00000000 ____D () C:\Windows\twain_32
2014-05-28 12:48 - 2014-06-11 08:25 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 12:39 - 2014-06-11 08:25 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 12:38 - 2014-06-11 08:25 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 12:33 - 2014-06-11 08:26 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 12:32 - 2014-06-11 08:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 12:32 - 2014-06-11 08:25 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 12:31 - 2014-06-11 08:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 12:31 - 2014-06-11 08:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 12:30 - 2014-06-11 08:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 12:30 - 2014-06-11 08:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 12:30 - 2014-06-11 08:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 12:30 - 2014-06-11 08:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 12:30 - 2014-06-11 08:25 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 12:30 - 2014-06-11 08:25 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 12:30 - 2014-06-11 08:25 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 12:29 - 2014-06-11 08:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 12:29 - 2014-06-11 08:26 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 12:29 - 2014-06-11 08:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 12:29 - 2014-06-11 08:25 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 12:29 - 2014-06-11 08:25 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 12:28 - 2014-06-11 08:25 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-25 16:24 - 2014-05-25 15:40 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.006
2014-05-25 16:24 - 2014-05-25 15:40 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.005
2014-05-25 16:24 - 2014-05-25 15:38 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.003
2014-05-25 16:21 - 2014-05-25 15:38 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.004
2014-05-25 16:20 - 2014-05-25 15:37 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.002
2014-05-25 16:14 - 2014-05-25 15:41 - 312811520 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.007
2014-05-25 16:09 - 2014-05-25 15:34 - 524288000 _____ () C:\Users\rac\Downloads\[rtc]docu10thani.avi.001
2014-05-25 01:54 - 2014-05-25 01:54 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-25 01:08 - 2014-01-24 23:29 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-25 01:00 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-25 01:00 - 2006-11-02 06:22 - 51642368 _____ () C:\Windows\system32\config\software_previous
2014-05-25 01:00 - 2006-11-02 06:22 - 38273024 _____ () C:\Windows\system32\config\components_previous
2014-05-25 01:00 - 2006-11-02 06:22 - 14680064 _____ () C:\Windows\system32\config\system_previous
2014-05-25 01:00 - 2006-11-02 06:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-05-25 01:00 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-25 01:00 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-25 00:59 - 2039-01-17 00:39 - 00000000 ____D () C:\Users\Guest
2014-05-25 00:59 - 2036-09-11 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-25 00:59 - 2014-02-22 10:00 - 00000000 ____D () C:\Users\rac\AppData\Roaming\vlc
2014-05-25 00:59 - 2014-01-29 22:28 - 00000000 ____D () C:\Users\rac\AppData\Roaming\uTorrent
2014-05-25 00:59 - 2014-01-29 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-25 00:59 - 2008-12-27 14:21 - 00000000 ____D () C:\Users\rac
2014-05-25 00:59 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-25 00:59 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-05-25 00:36 - 2014-05-25 00:32 - 00032768 _____ () C:\Users\rac\SxsTrace.etl
2014-05-24 00:58 - 2014-04-29 16:23 - 00000000 ____D () C:\Users\rac\AppData\Local\Deployment
2014-05-22 10:08 - 2014-05-22 10:07 - 18586323 _____ () C:\Users\rac\Downloads\140522 지니타임 A Whole New World XIA Junsu 준수 ジュンス in OSAKA.mp4
2014-05-22 09:42 - 2014-05-22 09:42 - 00098116 _____ () C:\Users\rac\Downloads\chrome-youtube-downloader-2.6.5.crx
2014-05-22 09:23 - 2014-05-22 09:23 - 00039082 _____ () C:\Users\rac\Downloads\YouTube_Downloader2.0.1.crx
2014-05-21 10:58 - 2014-03-20 17:42 - 00000000 ____D () C:\Users\rac\AppData\Roaming\FileZilla
2014-05-21 09:46 - 2014-05-21 09:40 - 246376178 _____ () C:\Users\rac\Downloads\SPN9.23MP.zip
2014-05-20 00:16 - 2014-05-19 23:51 - 00000000 ____D () C:\Users\rac\Desktop\Junsu Singles 2014
2014-05-20 00:16 - 2008-12-27 14:23 - 00115768 _____ () C:\Users\rac\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-19 15:45 - 2006-11-02 08:44 - 00406536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-19 00:53 - 2014-03-31 10:53 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-05-19 00:39 - 2014-02-12 10:05 - 00000000 ____D () C:\Program Files\Adobe
2014-05-19 00:39 - 2008-12-29 09:24 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Adobe
2014-05-19 00:39 - 2008-12-29 09:24 - 00000000 ____D () C:\Users\rac\AppData\Local\Adobe
2014-05-19 00:34 - 2014-04-10 12:47 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-05-19 00:34 - 2014-04-08 18:55 - 00000000 ____D () C:\ProgramData\Nero
2014-05-19 00:21 - 2014-03-31 11:09 - 00000000 ____D () C:\Program Files\Hearthstone
2014-05-14 09:56 - 2014-05-14 09:56 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 09:05 - 2014-05-14 09:04 - 00142928 _____ () C:\Windows\Minidump\Mini051414-01.dmp
2014-05-14 09:04 - 2014-05-14 09:04 - 126494856 _____ () C:\Windows\MEMORY.DMP
2014-05-14 09:04 - 2009-09-11 16:57 - 00000000 ____D () C:\Windows\Minidump
2014-05-14 09:02 - 2014-05-14 08:59 - 00000000 ____D () C:\Users\rac\Desktop\New Folder
2014-05-14 07:48 - 2014-04-02 14:20 - 00000000 ____D () C:\New Folder
 
Files to move or delete:
====================
C:\Users\rac\protect.dll
 
 
Some content of TEMP:
====================
C:\Users\rac\AppData\Local\Temp\catchme.dll
C:\Users\rac\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzqusrs.dll
C:\Users\rac\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-13 20:01
 
==================== End Of Log ============================
 
 
Addition Report
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02
Ran by rac at 2014-06-13 20:21:24
Running from C:\Users\rac\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AIM for Windows (HKCU\...\AIM) (Version:  - AOL Inc.)
Amazon Unbox Video (HKLM\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (Version: 2.2.0.153 - Amazon.com) Hidden
Any Video Converter 5.5.6 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.5.514 - AVG Technologies)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Dell AIO Printer 948 (HKLM\...\Dell AIO Printer 948) (Version:  - Dell, Inc.)
DomDomSoft Manga Downloader (remove only) (HKLM\...\DomDomSoft Manga Downloader) (Version:  - )
Download Updater (AOL Inc.) (HKLM\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
FileZilla Client 3.7.4.1 (HKLM\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{6CC74460-AC9B-4E7E-91FF-833C751C092F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 4.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0.1 (x86 en-US)) (Version: 4.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NetAssistant (Version: 3.6.5 - Freeze.com) Hidden
PayPal Invoicing Template for Microsoft Excel (HKCU\...\DB165FE98538A10E91D51C46B1461C279DDBA833) (Version: 1.2.2.0 - PayPal, Inc)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.8 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.0.8 - TOSHIBA Corporation) Hidden
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
TSR Watermark Image software version 3.1.0.6 (HKLM\...\TSR Watermark Image_is1) (Version: 3.1.0.6 - TSR Software)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Utility Common Driver (Version: 0.0.50.4C - TOSHIBA) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Watermark Software (HKCU\...\WatermarkSoftware) (Version:  - Watermark Software. All Rights Reserved.)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
09-06-2014 06:14:15 Scheduled Checkpoint
10-06-2014 16:34:23 Scheduled Checkpoint
12-06-2014 02:03:39 Scheduled Checkpoint
12-06-2014 06:54:25 OTL Restore Point - 6/12/2014 2:54:25 AM
12-06-2014 07:02:14 Windows Update
13-06-2014 03:38:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2036-05-15 11:15 - 2036-05-15 11:15 - 00000036 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1EF1980B-E4FD-416C-A886-60B4AD3A097E} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {206CEB6B-F529-45BF-8B56-FFE50173AB32} - System32\Tasks\Microsoft\Windows\RestartManager\{5D062AA5-6413-4060-B13A-3D968862385E} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {72136BD0-9D55-43D7-BEB1-8CD3416BF8DE} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7E1EC109-FB60-4BE4-8798-88179C8BB7D7} - System32\Tasks\AutoRearm => C:\Windows\AutoRearm\AutoRearm.exe [2014-03-27] ()
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {94D3B3DD-4347-4EFB-A0F9-7AD45285E885} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {957C83B1-3F7B-47B8-9527-7C663B3B3D00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {980D13AF-3D0B-48E5-A943-C9BE191F5E33} - System32\Tasks\{2FAB50EC-7421-44CC-9E7E-20E0F9EDCCDD} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {AFB39221-F6E9-4EF5-ABBB-A6590B581499} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-27] ()
Task: {BB304F2F-8A29-438C-8038-2753F3412211} - System32\Tasks\{26CE1E27-AF60-4A8E-9BA4-01588C5D1FDD} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {C43EA906-8D8A-4B62-961C-3D43F96E5FA6} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {C6E46B30-42E9-4A9C-88ED-27848B981FDE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CE4246FA-920C-4F48-AF4A-4214AA7D6E39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2036-09-11] (Google Inc.)
Task: {F5AE6695-87BB-45E4-8A76-12E5B6801364} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2036-09-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-11 15:29 - 2014-02-11 15:29 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-04-26 10:59 - 2009-04-17 10:16 - 00045056 _____ () C:\Windows\System32\DLDFPMON.DLL
2014-04-26 10:59 - 2007-05-04 02:23 - 00049152 _____ () C:\Windows\System32\DLDFOEM.DLL
2014-04-26 10:58 - 2009-04-17 10:15 - 00032768 _____ () C:\Program Files\Dell AIO Printer 948\ipcmt.dll
2014-04-26 11:36 - 2007-05-02 23:38 - 00113664 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldfdrpp.dll
2014-04-26 10:58 - 2009-04-27 14:30 - 00455336 _____ () C:\Program Files\Dell AIO Printer 948\dldfmon.exe
2014-04-26 10:58 - 2007-05-08 14:44 - 00278528 _____ () C:\Program Files\Dell AIO Printer 948\dldfscw.dll
2014-04-26 10:57 - 2007-04-16 09:47 - 00077906 _____ () C:\Program Files\Dell AIO Printer 948\dldfcfg.dll
2014-04-26 10:57 - 2007-05-03 11:39 - 00589824 _____ () C:\Program Files\Dell AIO Printer 948\dldfdatr.dll
2014-04-26 10:57 - 2006-12-28 11:47 - 00073728 _____ () C:\Program Files\Dell AIO Printer 948\dldfcats.dll
2014-04-26 10:58 - 2009-04-27 14:30 - 00410280 _____ () C:\Program Files\Dell AIO Printer 948\memcard.exe
2014-04-26 10:58 - 2007-04-09 09:16 - 00147456 _____ () C:\Program Files\Dell AIO Printer 948\DLDFptp.dll
2014-06-13 19:57 - 2014-06-13 19:57 - 00043008 _____ () c:\users\rac\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzqusrs.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\rac\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00059904 _____ () C:\Program Files\Trillian\zlib1.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00187392 _____ () C:\Program Files\Trillian\libpng15.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00006656 _____ () c:\program files\trillian\languages\en\trillian.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00065536 _____ () C:\Program Files\Trillian\libungif.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00003584 _____ () c:\program files\trillian\languages\en\toolkit.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00006656 _____ () c:\program files\trillian\languages\en\events.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00010752 _____ () c:\program files\trillian\languages\en\buddy.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00007168 _____ () c:\program files\trillian\languages\en\talk.dll
2007-05-23 20:50 - 2007-01-25 20:47 - 00136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2007-05-23 20:50 - 2007-01-25 20:50 - 00063096 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2014-06-12 11:14 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 11:14 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 11:14 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-13 19:56 - 2014-06-13 19:56 - 00098816 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32api.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00110080 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\pywintypes27.dll
2014-06-13 19:56 - 2014-06-13 19:56 - 00364544 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\pythoncom27.dll
2014-06-13 19:56 - 2014-06-13 19:56 - 00045568 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\_socket.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 01159680 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\_ssl.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00320512 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32com.shell.shell.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00713216 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\_hashlib.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 01175040 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\wx._core_.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00805888 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\wx._gdi_.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00811008 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\wx._windows_.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 01062400 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\wx._controls_.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00735232 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\wx._misc_.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00128512 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\_elementtree.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00127488 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\pyexpat.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00557056 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\pysqlite2._sqlite.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00087552 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\_ctypes.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00119808 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32file.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00108544 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32security.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00018432 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32event.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00038912 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32inet.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00070656 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\wx._html2.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00167936 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32gui.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00011264 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32crypt.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00027136 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\_multiprocessing.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00122368 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\wx._wizard.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00010240 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\select.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00024064 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32pipe.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00686080 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\unicodedata.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00025600 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32pdh.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00525640 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\windows._lib_cacheinvalidation.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00035840 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32process.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00017408 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32profile.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00022528 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\win32ts.pyd
2014-06-13 19:56 - 2014-06-13 19:56 - 00078336 _____ () C:\Users\rac\AppData\Local\Temp\_MEI19882\wx._animate.pyd
2014-04-10 07:12 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\rac\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 07:12 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\rac\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
 
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Classes\exefile:  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ADVService => 3
MSCONFIG\startupfolder: C:^Users^rac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_9551E1C1FBAA8F6DD8374036CB9CF102 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18F410ZQ05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2014 10:24:21 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x8007043c).
 
Error: (06/13/2014 10:24:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c.
 
 
Operation:
   Instantiating VSS server
 
Error: (06/13/2014 10:24:21 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started during Safe Mode. 
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c]
 
 
Operation:
   Instantiating VSS server
 
Error: (06/13/2014 10:22:18 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (06/13/2014 07:56:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Tosrfcom
 
Error: (06/13/2014 07:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: vToolbarUpdater18.1.5%%2
 
Error: (06/13/2014 07:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: dldfCATSCustConnectService%%1053
 
Error: (06/13/2014 07:56:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000dldfCATSCustConnectService
 
Error: (06/13/2014 07:55:49 PM) (Source: LSM) (EventID: 1048) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.
 
Error: (06/13/2014 10:25:03 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (06/13/2014 10:24:21 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (06/13/2014 10:23:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (06/13/2014 10:23:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (06/13/2014 10:23:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (06/13/2014 10:24:21 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (06/13/2014 10:24:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c
 
Operation:
   Instantiating VSS server
 
Error: (06/13/2014 10:24:21 AM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x8007043c
 
Operation:
   Instantiating VSS server
 
Error: (06/13/2014 10:22:18 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-29 16:50:42.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:41.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:41.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:41.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:40.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:39.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:39.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:39.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:38.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 16:50:38.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 92%
Total physical RAM: 1013.38 MB
Available physical RAM: 80.53 MB
Total Pagefile: 2285.08 MB
Available Pagefile: 883.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.28 MB
 
==================== Drives ================================
 
Drive c: (Tomohisa) (Fixed) (Total:67.64 GB) (Free:8.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: F04015FA)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=17)
 
==================== End Of Log ============================


#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,286 posts
  • Interests:LFC, music, more LFC, more music

Posted 13 June 2014 - 07:35 PM

It's 2 30am here in the UK so I'll need time to look at this tomorrow.

 

I'll reply as soon as I have had some sleep.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#15 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,286 posts
  • Interests:LFC, music, more LFC, more music

Posted 14 June 2014 - 06:03 AM

StopZilla

First, I would urge you to remove StopZilla and refrain from visiting their website. Read more here.

To uninstall it:

  • click Start, Control Panel, Programs and Features
  • click on StopZilla and then Uninstall
  • repeat this for the other programs listed above.

================================================

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.


SearchScopes: HKLM - DefaultScope {41396b1b-447e-473b-a34b-bb583136c7fc} URL =
SearchScopes: HKLM - {7BCFC7A9-435C-46D7-917E-81F1A6B16947} URL = http://www.google.co...ge={startPage};
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://search-gala.c...q={searchTerms}
SearchScopes: HKCU - {7BCFC7A9-435C-46D7-917E-81F1A6B16947} URL = http://search-gala.c...q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF SearchEngineOrder.1: Ask.com
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: BetterLinks - C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\q8bpoqvj.default\Extensions\smartlinks@getsmartlinks.com [2036-09-02]
S2 xsewmzvga; \??\C:\Windows\system32\drivers\epwxtgux.sys [X]
2036-05-16 21:35 - 2036-05-16 21:35 - 00000432 _____ () C:\Windows\system32\Drivers\kgpfr2.cfg
2036-05-16 17:27 - 2036-05-16 21:36 - 00009640 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A6C.tmp
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A4C.tmp
2036-05-15 12:34 - 2036-05-15 12:34 - 00000000 _____ () C:\Windows\system32\REN9A3B.tmp
2036-05-15 10:20 - 2036-05-10 18:30 - 00000110 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2036-05-06 20:33 - 2036-05-10 18:20 - 00010756 ___SH () C:\Users\rac\AppData\Local\t0m8ctog368483w04675vl7l06dw6i5r6krf
2036-05-06 20:33 - 2036-05-10 18:20 - 00010756 ___SH () C:\ProgramData\t0m8ctog368483w04675vl7l06dw6i5r6krf
C:\Windows\system32\drivers\epwxtgux.sys
C:\Windows\system32\Drivers\kgpfr2.cfg
C:\Windows\system32\Drivers\kgpcpy.cfg
C:\Windows\system32\REN9A6C.tmp
C:\Windows\system32\REN9A4C.tmp
C:\Windows\system32\REN9A3B.tmp
C:\Windows\system32\Drivers\etc\hosts.bak
C:\Users\rac\AppData\Local\t0m8ctog368483w04675vl7l06dw6i5r6krf
C:\ProgramData\t0m8ctog368483w04675vl7l06dw6i5r6krf
C:\Users\rac\protect.dll
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-2030314185-2794812908-1279502003-1000\Software\Classes\exefile:  <===== ATTENTION!

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in to the same folder as FRST
  • run FRST then click Fix just once and wait
  • it will create a log Fixlog.txt; please post it to your reply.

======================

It appears that ComboFix created a log so I’d like you to send that too.

The  ComboFix log is located at C:\qoobox\combofix.txt.

======================

Also, do you know what this is?:

C:\ProgramData\e135217


Logs to include in the next post:

Fixlog.txt
combofix.txt


Thanks

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users