Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Google redirect virus
Goto page 1, 2, 3  Next
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Fri Jul 06, 2012 10:35 am    Post subject: Google redirect virus Reply with quote
Hi,

I'm having trouble getting rid of a Google redirect virus.

Am running Avira as my usual anti-virus and everything was fine. Redirect problems showed up yesterday. Am being taken to Merchant Circle and other sites. Am running Web of Trust as Firefox extension, and I can see that some of the sites are flagged as dangerous.

Ran Malwarebytes, Sophos, spybot, hitman pro and SuperAntiSpyware. All came up clean. Ran CCleaner to clean up files and check for registry errors. There is one unused file extension that CCleaner is identifying. I tell it to delete it, it seems to, but when I re-run the analyzer, it's right back again. Not sure if that's the problem.

Thought I had gotten rid of the redirect virus yesterday (redirects stopped), but this morning they were back again.

Tried restarting router today, but the redirects still keep popping up.

Any and all help appreciated.

My DDS files:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kris at 11:26:27 on 2012-07-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1421 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SacReminderHDDV2N] c:\programdata\officeguardianv2n\reminder\SacReminder.exe
uRun: [LightScribe] rundll32.exe c:\users\kris\appdata\local\lightscribe\ibuzvdbz.dll,CS_lg_sims_find
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6EA0CE12-8DA6-4161-A69E-91DF26BEF9E9} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kris\appdata\roaming\mozilla\firefox\profiles\upmh8ntc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Beee27e82-7d54-45fe-9a13-ceff669f8da3%7D&mid=ecfc3b5ffb1147d0ade9d15650861bcb-b0d4f81a8999f5981f04537c5ec8468fd5234593&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-03%2008%3A42%3A47&sap=ku&q=
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\kris\appdata\roaming\mozilla\firefox\profiles\upmh8ntc.default\extensions\2020player_ikea@2020technologies.com\plugins\NP_2020Player_IKEA.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-17 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-17 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-17 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-17 83392]
R2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\officeguardianv2n\UACProxy.exe [2010-6-27 83792]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\officeguardianv2n\reminder\SacNetAgent.exe [2010-6-27 163664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-6 1153368]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-6-15 548264]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-15 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2012-07-06 14:00:43 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d024c5c-0468-4734-8b52-4b962d45881e}\mpengine.dll
2012-07-06 13:38:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-06 13:38:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-05 22:56:03 -------- d-----w- c:\programdata\HitmanPro
2012-07-05 20:58:06 -------- d-----w- c:\users\kris\appdata\roaming\SUPERAntiSpyware.com
2012-07-05 20:58:06 -------- d-----w- c:\users\kris\appdata\local\Google
2012-07-05 20:57:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-05 20:57:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-05 16:59:32 -------- d-----w- c:\programdata\Sophos
2012-07-05 16:59:17 73728 ----a-r- c:\users\kris\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-05 16:59:17 73728 ----a-r- c:\users\kris\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-05 16:59:17 73728 ----a-r- c:\users\kris\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-07-05 16:59:10 -------- d-----w- c:\program files\Sophos
2012-07-05 00:53:17 -------- d-----w- c:\users\kris\appdata\local\{ACF4812C-4853-4589-B458-99A8FA0624E9}
2012-07-05 00:53:06 -------- d-----w- c:\users\kris\appdata\local\{CD4C07D4-159E-44DB-9F50-B132F4A49DAA}
2012-07-03 13:42:42 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-03 13:42:41 -------- d-----w- c:\program files\AVG Secure Search
2012-07-03 13:37:41 -------- d-----w- c:\programdata\AVG2012
2012-07-03 13:35:41 -------- d-----w- c:\program files\AVG
2012-07-03 13:26:39 -------- d--h--w- c:\programdata\Common Files
2012-07-03 13:26:10 -------- d-----w- c:\programdata\MFAData
2012-07-02 23:20:22 -------- d-----w- c:\users\kris\appdata\local\{F874137D-8D79-476E-AF09-5F43B89466FF}
2012-07-02 23:20:11 -------- d-----w- c:\users\kris\appdata\local\{F9EF9C63-635C-4A01-B4DD-A7AB7B249E35}
2012-07-02 11:29:26 -------- d-----w- c:\program files\iPod
2012-07-02 11:29:24 -------- d-----w- c:\program files\iTunes
2012-07-02 01:54:28 -------- d-----w- c:\users\kris\appdata\local\LightScribe
2012-06-30 12:10:51 -------- d-----w- c:\users\kris\appdata\local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2012-06-25 00:54:23 -------- d-----w- c:\users\kris\appdata\local\{69219794-7E42-42A6-BAE5-C98BD55E2E34}
2012-06-25 00:54:12 -------- d-----w- c:\users\kris\appdata\local\{4C67B1F4-DDFE-49DB-924C-F743F5C841EF}
2012-06-24 12:32:13 -------- d-----w- c:\users\kris\appdata\local\{FD683D30-8849-4E76-91A7-8A930B868CB5}
2012-06-24 12:31:50 -------- d-----w- c:\users\kris\appdata\local\{CA2559BA-0DD7-4444-B61E-2F2AA0FB7E26}
2012-06-22 13:43:51 -------- d-----w- c:\users\kris\appdata\local\{583234A9-2C15-4197-87DF-59CFBA943950}
2012-06-22 13:43:39 -------- d-----w- c:\users\kris\appdata\local\{829801BA-70DF-4024-A79B-9DC6749FDD85}
2012-06-19 10:36:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 10:35:57 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 10:35:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 10:35:45 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 20:23:54 -------- d-----w- c:\users\kris\appdata\local\{21564BF9-AE84-4785-84BC-A119C6E05A1C}
2012-06-18 20:23:43 -------- d-----w- c:\users\kris\appdata\local\{C5E41167-D052-4DD6-8B76-F2FAF081A75F}
2012-06-18 20:23:23 -------- d-----w- c:\users\kris\appdata\local\{117AA354-649E-4AA2-A63E-944BE8A686EF}
2012-06-18 20:23:00 -------- d-----w- c:\users\kris\appdata\local\{AEE63FB6-FBEA-464A-8FB1-9AD9A7EA30F8}
2012-06-18 10:44:12 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-18 10:44:12 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-14 17:14:03 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 17:14:03 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 17:14:03 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 17:13:54 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 17:13:00 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-10 19:35:12 -------- d-----w- c:\users\kris\appdata\local\{26443EA4-3BF6-4FD7-BAB2-EEC3A7C50F00}
2012-06-10 19:34:49 -------- d-----w- c:\users\kris\appdata\local\{64EC836F-22C7-4DB7-A4BD-8E069E352912}
.
==================== Find3M ====================
.
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-08 13:03:08 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 11:27:44.40 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/14/2009 1:00:36 PM
System Uptime: 7/6/2012 11:15:21 AM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 1600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 203.949 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.809 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Amazon Kindle
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Avira Free Antivirus
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
D3DX10
DHTML Editing Component
ESU for Microsoft Vista
GoToMeeting 5.1.0.873
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 31
LabelPrint
LightScribe System Software 1.14.17.1
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (2.0.0.24)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
NetWaiting
Norton Internet Security
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Remote Control USB Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Sophos Virus Removal Tool
Splashtop Streamer
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Turbo Lister 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
7/6/2012 9:59:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.
7/6/2012 11:16:47 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-1Cool from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/6/2012 11:16:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SRTSP SRTSPX
7/6/2012 11:15:51 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/2/2012 6:26:12 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/29/2012 9:10:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
6/29/2012 9:10:52 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Fri Jul 06, 2012 12:24 pm    Post subject: Reply with quote
Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Fri Jul 06, 2012 12:31 pm    Post subject: Reply with quote
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi hlwalkerst

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Vista, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Spybot S&D
Super Anti-Spyware


As they will interfere with what we want to do, you can re-install them later if you wish, but since you also have Malwarebytes' Anti-Malware installed, they're a bit surplus to requirements anyway.

Reboot your computer after uninstalling both programs.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Change parameters

    • Check Detect TDLFS file system
    • Click OK

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Summary of the logs I need from you in your next post:

  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Fri Jul 06, 2012 1:35 pm    Post subject: Reply with quote
edited: Gary, so sorry, but I'm a bit of a rookie computer user. I neglected to run these scans with the Run as Administrator option on, so I've had to re-run them. What I have posted here and in subsequent posts are the results of the scans run as Admin. Thank goodness you are in the UK and didn't waste time looking at the first set of reports I posted.

Hi Gary,

First, thank you for the very quick response.

Here's a recap of what I've done:

1. Removed Spybot and SuperAntiSpyware.
2. Rebooted PC.
3. Backed up personal files.
4. Created system restore point.
5. Dowloaded OTL,
6. Set up OTL parameters as you directed.
7. Ran OTL.
8. Saved OTL.txt and Extras.txt files

OTL file here, will post Extras as separate post

OTL logfile created on: 7/6/2012 6:54:44 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 43.18% Memory free
6.09 Gb Paging File | 4.19 Gb Available in Paging File | 68.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 205.50 Gb Free Space | 71.55% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 16:15:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kris\Downloads\OTL.exe
PRC - [2012/06/18 05:44:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/15 15:44:04 | 000,548,264 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012/06/15 15:44:02 | 002,463,648 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2012/06/15 15:43:54 | 006,526,888 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2012/05/08 08:03:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 08:02:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/08 08:02:58 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 08:02:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/03 18:30:10 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2012/04/03 18:30:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2012/03/15 00:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2010/11/18 09:05:11 | 000,083,792 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
PRC - [2010/11/18 09:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 09:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/21 03:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/18 05:44:12 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 07:24:54 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll
MOD - [2012/06/14 20:55:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 20:54:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 20:54:24 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 20:53:02 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/09 15:28:35 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/09 15:26:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 15:26:49 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/09 15:26:48 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 15:26:48 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/09 15:26:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/09 15:05:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/09 15:04:26 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/09 15:04:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 15:03:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/09 15:03:38 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 15:03:29 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/04/03 18:30:10 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/09/07 03:31:11 | 000,212,992 | R--- | M] () -- C:\ProgramData\OfficeGuardianV2N\Reminder\1530Class.dll
MOD - [2009/07/02 18:35:04 | 000,204,800 | R--- | M] () -- C:\ProgramData\OfficeGuardianV2N\Reminder\SPTIASPI.DLL
MOD - [2009/04/10 23:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 19:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/09/30 18:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 18:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 18:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 18:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 18:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 18:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 18:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 18:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/23 20:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 16:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 16:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 16:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/18 05:44:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 15:44:04 | 000,548,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/05/08 08:03:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 08:02:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/15 00:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/11/18 09:05:11 | 000,083,792 | R--- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe -- (CFUACProxy_officeguardianv2n)
SRV - [2010/11/18 09:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/08 08:03:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 08:03:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/19 15:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A28AFCB-D7B6-4628-8EA2-D66964A22F01}
IE - HKLM\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={907DB7B5-31D2-4141-AEC5-C2F333F8287F}&mid=ecfc3b5ffb1147d0ade9d15650861bcb-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=AVG&pr=pr&d=2012-07-03 08:42:47&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: clickclean@hotcleaner.com:3.6.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.3
FF - prefs.js..extensions.enabledItems: trackmenot@mrl.nyu.edu:0.6.726
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Beee27e82-7d54-45fe-9a13-ceff669f8da3%7D&mid=ecfc3b5ffb1147d0ade9d15650861bcb-b0d4f81a8999f5981f04537c5ec8468fd5234593&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-03%2008%3A42%3A47&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 05:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 07:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/28 07:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 05:44:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 07:23:13 | 000,000,000 | ---D | M]

[2009/02/07 08:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Extensions
[2012/07/04 16:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions
[2010/04/27 16:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/17 12:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/07 16:31:11 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/02/16 21:42:26 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\clickclean@hotcleaner.com
[2012/07/03 07:48:34 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\firefox@ghostery.com
[2012/05/14 08:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/21 12:32:40 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\KRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPMH8NTC.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011/07/15 13:41:17 | 000,067,428 | ---- | M] () (No name found) -- C:\USERS\KRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPMH8NTC.DEFAULT\EXTENSIONS\TRACKMENOT@MRL.NYU.EDU.XPI
[2012/06/18 05:44:13 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/03 18:30:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/03 08:42:40 | 000,003,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/18 05:44:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 05:44:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000..\Run: [LightScribe] C:\Users\Kris\AppData\Local\LightScribe\ibuzvdbz.dll (Winsoft SA)
O4 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O7 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EA0CE12-8DA6-4161-A69E-91DF26BEF9E9}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\##192.168.2.2#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.3#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.4#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.5#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.6#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.7#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.8#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\{d0631a25-81ed-11df-9c9d-001f1662f238}\Shell - "" = AutoRun
O33 - MountPoints2\{d0631a25-81ed-11df-9c9d-001f1662f238}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 15:39:36 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/06 15:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/07/06 08:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/06 08:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/05 17:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/05 15:58:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/05 15:58:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Google
[2012/07/05 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/07/05 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/05 11:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/05 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/05 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/07/04 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{ACF4812C-4853-4589-B458-99A8FA0624E9}
[2012/07/04 19:53:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{CD4C07D4-159E-44DB-9F50-B132F4A49DAA}
[2012/07/03 08:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/03 08:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/03 08:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/03 08:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/03 08:26:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/03 08:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/02 20:01:46 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kris\Desktop\TDSSKiller.exe
[2012/07/02 18:20:22 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{F874137D-8D79-476E-AF09-5F43B89466FF}
[2012/07/02 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{F9EF9C63-635C-4A01-B4DD-A7AB7B249E35}
[2012/07/02 06:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/02 06:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/02 06:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/01 20:54:28 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\LightScribe
[2012/06/30 07:10:51 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
[2012/06/24 19:54:23 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{69219794-7E42-42A6-BAE5-C98BD55E2E34}
[2012/06/24 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{4C67B1F4-DDFE-49DB-924C-F743F5C841EF}
[2012/06/24 07:32:13 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{FD683D30-8849-4E76-91A7-8A930B868CB5}
[2012/06/24 07:31:50 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{CA2559BA-0DD7-4444-B61E-2F2AA0FB7E26}
[2012/06/22 08:43:51 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{583234A9-2C15-4197-87DF-59CFBA943950}
[2012/06/22 08:43:39 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{829801BA-70DF-4024-A79B-9DC6749FDD85}
[2012/06/19 05:36:43 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 05:36:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 05:35:57 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 05:35:57 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 05:35:56 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 05:35:45 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 05:35:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/18 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{21564BF9-AE84-4785-84BC-A119C6E05A1C}
[2012/06/18 15:23:43 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{C5E41167-D052-4DD6-8B76-F2FAF081A75F}
[2012/06/18 15:23:23 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{117AA354-649E-4AA2-A63E-944BE8A686EF}
[2012/06/18 15:23:00 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{AEE63FB6-FBEA-464A-8FB1-9AD9A7EA30F8}
[2012/06/14 12:15:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 12:15:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 12:15:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 12:15:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 12:15:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 12:15:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 12:15:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 12:13:00 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/10 14:35:12 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{26443EA4-3BF6-4FD7-BAB2-EEC3A7C50F00}
[2012/06/10 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{64EC836F-22C7-4DB7-A4BD-8E069E352912}

========== Files - Modified Within 30 Days ==========

[2012/07/06 17:58:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 17:58:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 17:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/07/06 17:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2012/07/06 17:05:56 | 000,002,617 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/07/06 16:38:39 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kris\Desktop\TDSSKiller.exe
[2012/07/06 16:04:57 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/06 16:04:57 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/06 16:02:33 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/07/06 15:58:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 15:58:09 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 15:42:29 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/06 13:28:50 | 000,002,904 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120706_132845.reg
[2012/07/06 11:17:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2012/07/05 11:59:16 | 000,002,036 | ---- | M] () -- C:\Users\Kris\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/03 17:12:22 | 000,009,702 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120703_171218.reg
[2012/07/03 08:16:57 | 000,019,266 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120703_081651.reg
[2012/07/02 20:28:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKris.job
[2012/07/02 06:30:38 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/27 15:46:22 | 000,000,898 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/23 23:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2012/06/14 20:51:16 | 000,398,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/06 13:28:49 | 000,002,904 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120706_132845.reg
[2012/07/05 11:59:16 | 000,002,036 | ---- | C] () -- C:\Users\Kris\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/03 17:12:20 | 000,009,702 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120703_171218.reg
[2012/07/03 08:16:55 | 000,019,266 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120703_081651.reg
[2012/07/02 06:30:38 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/27 15:46:22 | 000,000,898 | ---- | C] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/17 14:14:04 | 000,060,304 | ---- | C] () -- C:\Users\Kris\g2mdlhlpx.exe
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/20 18:08:22 | 000,003,584 | ---- | C] () -- C:\Users\Kris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/03 18:10:39 | 000,013,732 | ---- | C] () -- C:\Users\Kris\AppData\Roaming\wklnhst.dat
[2009/02/07 16:26:17 | 000,007,052 | ---- | C] () -- C:\Users\Kris\AppData\Local\d3d9caps.dat
[2009/01/14 14:37:50 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2010/10/04 08:59:33 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Amazon
[2012/02/06 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Canon
[2009/06/29 09:32:19 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/31 15:34:54 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\IrfanView
[2012/05/17 13:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\JPEGsnoop
[2009/04/02 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Leadertech
[2009/06/03 18:10:41 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Template
[2009/02/07 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Thunderbird
[2012/07/06 17:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2012/06/23 23:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2012/06/05 05:16:59 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2012/07/06 11:17:01 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2012/07/06 17:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/07/06 15:57:18 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:0E08FC17

< End of report >

Last edited by hlwalkerst on Fri Jul 06, 2012 4:03 pm; edited 2 times in total
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Fri Jul 06, 2012 1:36 pm    Post subject: Reply with quote
Here's the Extras log

OTL Extras logfile created on: 7/6/2012 6:54:44 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 43.18% Memory free
6.09 Gb Paging File | 4.19 Gb Available in Paging File | 68.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 205.50 Gb Free Space | 71.55% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EAA51B0-4A91-43BC-82E8-F4A00315B2E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{15C9EB64-B7AF-4483-9AC8-24E53E95AE29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{21C47BEC-7E0B-4483-817B-7E557394A4F2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{331F2420-B7BA-4A86-98D6-C7ADAF32E377}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{338073B0-CA2B-4F60-8CF6-B44AB05EB763}" = rport=137 | protocol=17 | dir=out | app=system |
"{38687772-7376-4FBD-BBAC-A4449BCAF58B}" = rport=139 | protocol=6 | dir=out | app=system |
"{63759515-A37F-4EC1-B4C6-FA659CBBD583}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{715C5D14-981E-43CA-AB28-090B2A20CFF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89399FD5-C21E-4A12-865F-9861B12FCF9A}" = rport=445 | protocol=6 | dir=out | app=system |
"{8B102732-7A14-4BA9-9E8E-1D661C447380}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{904F2790-6004-485C-A4A9-212A1EB9B1B5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9D053A60-D8CC-4061-8947-66E6310E1785}" = lport=53272 | protocol=6 | dir=in | app=c:\programdata\officeguardianv2n\reminder\sacnetagent.exe |
"{A3397F8C-12A2-44C1-BF65-37426E195491}" = lport=445 | protocol=6 | dir=in | app=system |
"{A71421DD-5F08-4993-83FF-EBEF6991AD69}" = lport=53271 | protocol=17 | dir=in | app=c:\programdata\officeguardianv2n\reminder\sacnetagent.exe |
"{A7D618C2-8D6C-45F6-94E8-01AB158D97ED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B6026D14-F08A-40AA-9F94-0D4857F9D415}" = lport=138 | protocol=17 | dir=in | app=system |
"{C30A70F7-5E11-4982-B596-4AECEA747727}" = rport=138 | protocol=17 | dir=out | app=system |
"{D73C68C7-3796-43FC-B7EE-42917DBB58E5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D87B875A-9614-4AF3-9878-DA27DAC69511}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC12504D-8EB7-4800-9982-779D368BF2E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD42E8B5-E42C-4173-B774-4E773E80F2B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F48A2BB2-DFE0-4A48-BF96-FEF7B4DEC391}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEBDA065-C045-4284-8CD7-6BAF27801C7F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13D1F671-78B2-4BDE-9097-79E4B6647116}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1520BD27-3CDC-4E18-95A9-D47D1E2BB3BF}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{183D7B2C-A690-4F4D-8DB6-6F3291EF0DC0}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{1ABEA5D1-5E65-4574-A5FD-1523EA2766B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{223E138E-9053-4593-A1F1-591CAE5C34DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{22F8B472-25DF-4525-ABEE-E192BCB21F30}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FA3B7C3-3B51-46DD-9FF1-6030B000CCB8}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{3053D97C-241E-4AC5-9170-CB3FF8399023}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{35AB767B-20D5-4C0C-9A0C-20E40546D847}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F671407-247B-4767-8A47-E74E54D32D34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6488101D-70EA-4629-8042-C5282E5D84F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{68D27C18-3DD9-4739-B5D7-0BF7EB221D64}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{71C4F68B-E4F6-4156-BB62-A10E189D9FAC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{751E7900-EA28-427D-96FE-72E214735F6C}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{792E8EB3-C559-432B-96C8-F2C3F9EC5E24}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{7C045D99-D91D-4589-9F0F-E894448B226D}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{83766235-776A-44E7-A9D3-8B63EA8C4A18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F626705-DEE9-47E2-891D-187B976620D4}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{9767F50A-4B02-43A6-BD01-17E3E8FF93EE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{99D64473-0FE4-4A64-AE91-34F1CF7BCC1B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F138A31-825E-48E7-9688-A27E45BFF2E4}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{A99A49D8-8FC6-4300-B17E-B954174A8703}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{AAA63CF9-0D7F-4E85-B193-028A6D20EDFA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AC0FF574-B9AB-4DF8-B5F6-73CF8346CD7C}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{B28B38CE-DE14-4016-825B-F911EECECA26}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{BDA2CB9D-AC68-4195-8AD5-905F22E5FD3B}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{C4D95BC3-21B8-4ECB-9CDA-A145F63CC702}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D27BCA82-F8DF-49C7-B81C-BCA606DDCBE5}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{DF5253AB-4DA4-4BDC-9A14-D012FDB52FFD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E92A0518-790E-4186-B7C5-9001623E7EC1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E97E375B-074E-4625-B17F-1153B59806EE}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{EE2196E7-323C-4246-9EB0-72A1D011E796}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{EEE41D73-DD48-400B-BAE2-A0018AEB85CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F606E248-3A46-4A9C-929F-6B8D2ED2204C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F8257C21-D278-406F-BD8D-643805E13962}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"TCP Query User{0382D856-A221-47E9-893F-34BAA456BD49}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E55FA079-78A6-4867-A780-E11819D35C40}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{04D216AB-46C0-4E28-9D35-9C54D2F5F5F3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6EC07611-0D11-499B-9D52-8A9B25EA5599}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"GoToMeeting" = GoToMeeting 5.1.0.873

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2012 7:58:09 AM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0xb9c, application
start time 0x01cd5b6e9b43731e.

Error - 7/6/2012 7:59:06 AM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/6/2012 10:48:06 AM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/6/2012 10:48:36 AM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0x4dc, application
start time 0x01cd5b8666a92fdf.

Error - 7/6/2012 10:59:10 AM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/6/2012 10:59:26 AM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0xbe8, application
start time 0x01cd5b87ee88bc10.

Error - 7/6/2012 12:15:51 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/6/2012 12:19:19 PM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0x107c, application
start time 0x01cd5b9315384bcc.

Error - 7/6/2012 4:59:54 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/6/2012 5:02:24 PM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0x10c8, application
start time 0x01cd5bbaa119fad3.

[ OSession Events ]
Error - 11/6/2010 9:23:16 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 67
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/23/2010 8:41:47 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/30/2011 2:49:23 PM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/2/2011 6:19:22 PM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/16/2011 7:29:31 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3940
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/16/2011 7:29:49 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/6/2012 10:59:44 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/6/2012 10:59:44 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/6/2012 11:00:06 AM | Computer Name = Kris-PC | Source = DCOM | ID = 10016
Description =

Error - 7/6/2012 12:15:51 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/6/2012 12:16:07 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/6/2012 12:16:47 PM | Computer Name = Kris-PC | Source = DCOM | ID = 10016
Description =

Error - 7/6/2012 4:57:12 PM | Computer Name = Kris-PC | Source = DCOM | ID = 10010
Description =

Error - 7/6/2012 4:59:20 PM | Computer Name = Kris-PC | Source = DCOM | ID = 10016
Description =

Error - 7/6/2012 4:59:55 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/6/2012 4:59:55 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Last edited by hlwalkerst on Fri Jul 06, 2012 4:04 pm; edited 2 times in total
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Fri Jul 06, 2012 1:43 pm    Post subject: Reply with quote
And I downloaded and ran TDSSkiller, checking Detect TDLFS file system. Scan ran normally, no threats found. Here's the report. Please note that I ran TDSSkiller twice. The first time, I forgot to Run as Administrator. I re-ran it and it still found no threats. I am posting the results of the second scan:

18:32:09.0716 5568 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:32:10.0079 5568 ============================================================
18:32:10.0079 5568 Current date / time: 2012/07/06 18:32:10.0079
18:32:10.0079 5568 SystemInfo:
18:32:10.0079 5568
18:32:10.0079 5568 OS Version: 6.0.6002 ServicePack: 2.0
18:32:10.0079 5568 Product type: Workstation
18:32:10.0080 5568 ComputerName: KRIS-PC
18:32:10.0080 5568 UserName: Kris
18:32:10.0080 5568 Windows directory: C:\Windows
18:32:10.0080 5568 System windows directory: C:\Windows
18:32:10.0080 5568 Processor architecture: Intel x86
18:32:10.0080 5568 Number of processors: 2
18:32:10.0080 5568 Page size: 0x1000
18:32:10.0080 5568 Boot type: Normal boot
18:32:10.0080 5568 ============================================================
18:32:11.0115 5568 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:32:11.0118 5568 ============================================================
18:32:11.0118 5568 \Device\Harddisk0\DR0:
18:32:11.0118 5568 MBR partitions:
18:32:11.0118 5568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E68FC1
18:32:11.0118 5568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23E69000, BlocksNum 0x15C4000
18:32:11.0118 5568 ============================================================
18:32:11.0128 5568 C: <-> \Device\Harddisk0\DR0\Partition0
18:32:11.0180 5568 D: <-> \Device\Harddisk0\DR0\Partition1
18:32:11.0180 5568 ============================================================
18:32:11.0180 5568 Initialize success
18:32:11.0180 5568 ============================================================
18:32:17.0479 5816 ============================================================
18:32:17.0479 5816 Scan started
18:32:17.0479 5816 Mode: Manual; TDLFS;
18:32:17.0479 5816 ============================================================
18:32:18.0192 5816 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:32:18.0195 5816 ACPI - ok
18:32:18.0276 5816 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:32:18.0280 5816 adp94xx - ok
18:32:18.0337 5816 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:32:18.0340 5816 adpahci - ok
18:32:18.0366 5816 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:32:18.0368 5816 adpu160m - ok
18:32:18.0393 5816 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:32:18.0395 5816 adpu320 - ok
18:32:18.0434 5816 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:32:18.0434 5816 AeLookupSvc - ok
18:32:18.0530 5816 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:32:18.0533 5816 AFD - ok
18:32:18.0561 5816 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:32:18.0562 5816 agp440 - ok
18:32:18.0581 5816 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:32:18.0582 5816 aic78xx - ok
18:32:18.0603 5816 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:32:18.0605 5816 ALG - ok
18:32:18.0622 5816 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
18:32:18.0623 5816 aliide - ok
18:32:18.0650 5816 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:32:18.0651 5816 amdagp - ok
18:32:18.0661 5816 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
18:32:18.0662 5816 amdide - ok
18:32:18.0689 5816 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:32:18.0690 5816 AmdK7 - ok
18:32:18.0716 5816 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:32:18.0717 5816 AmdK8 - ok
18:32:18.0807 5816 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:32:18.0809 5816 AntiVirSchedulerService - ok
18:32:18.0858 5816 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:32:18.0859 5816 AntiVirService - ok
18:32:18.0901 5816 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:32:18.0902 5816 Appinfo - ok
18:32:19.0007 5816 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:32:19.0010 5816 Apple Mobile Device - ok
18:32:19.0116 5816 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:32:19.0118 5816 arc - ok
18:32:19.0144 5816 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:32:19.0145 5816 arcsas - ok
18:32:19.0166 5816 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:32:19.0168 5816 AsyncMac - ok
18:32:19.0179 5816 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:32:19.0180 5816 atapi - ok
18:32:19.0357 5816 athr (8aefd56986964bbae02b790971f2abaf) C:\Windows\system32\DRIVERS\athr.sys
18:32:19.0371 5816 athr - ok
18:32:19.0551 5816 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:32:19.0555 5816 AudioEndpointBuilder - ok
18:32:19.0563 5816 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:32:19.0567 5816 Audiosrv - ok
18:32:19.0644 5816 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:32:19.0646 5816 avgntflt - ok
18:32:19.0671 5816 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:32:19.0672 5816 avipbb - ok
18:32:19.0693 5816 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:32:19.0695 5816 avkmgr - ok
18:32:19.0724 5816 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:32:19.0725 5816 Beep - ok
18:32:19.0797 5816 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:32:19.0800 5816 BFE - ok
18:32:19.0921 5816 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:32:19.0930 5816 BITS - ok
18:32:19.0954 5816 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:32:19.0955 5816 blbdrive - ok
18:32:20.0115 5816 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:32:20.0119 5816 Bonjour Service - ok
18:32:20.0177 5816 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:32:20.0178 5816 bowser - ok
18:32:20.0205 5816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:32:20.0207 5816 BrFiltLo - ok
18:32:20.0221 5816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:32:20.0222 5816 BrFiltUp - ok
18:32:20.0259 5816 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:32:20.0261 5816 Browser - ok
18:32:20.0306 5816 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:32:20.0308 5816 Brserid - ok
18:32:20.0340 5816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:32:20.0342 5816 BrSerWdm - ok
18:32:20.0363 5816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:32:20.0365 5816 BrUsbMdm - ok
18:32:20.0387 5816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:32:20.0388 5816 BrUsbSer - ok
18:32:20.0419 5816 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:32:20.0420 5816 BTHMODEM - ok
18:32:20.0446 5816 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:32:20.0448 5816 cdfs - ok
18:32:20.0477 5816 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:32:20.0479 5816 cdrom - ok
18:32:20.0537 5816 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:32:20.0539 5816 CertPropSvc - ok
18:32:20.0681 5816 CFUACProxy_officeguardianv2n (23f5d8aee57f208e18e4edff16ee0df9) C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
18:32:20.0684 5816 CFUACProxy_officeguardianv2n - ok
18:32:20.0724 5816 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:32:20.0725 5816 circlass - ok
18:32:20.0784 5816 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:32:20.0788 5816 CLFS - ok
18:32:20.0879 5816 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:32:20.0880 5816 clr_optimization_v2.0.50727_32 - ok
18:32:20.0970 5816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:32:20.0972 5816 clr_optimization_v4.0.30319_32 - ok
18:32:20.0996 5816 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:32:20.0998 5816 CmBatt - ok
18:32:21.0007 5816 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
18:32:21.0008 5816 cmdide - ok
18:32:21.0065 5816 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
18:32:21.0067 5816 CnxtHdAudService - ok
18:32:21.0162 5816 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:32:21.0164 5816 Com4QLBEx - ok
18:32:21.0172 5816 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:32:21.0173 5816 Compbatt - ok
18:32:21.0180 5816 COMSysApp - ok
18:32:21.0193 5816 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:32:21.0194 5816 crcdisk - ok
18:32:21.0217 5816 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:32:21.0218 5816 Crusoe - ok
18:32:21.0293 5816 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:32:21.0295 5816 CryptSvc - ok
18:32:21.0395 5816 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:32:21.0406 5816 DcomLaunch - ok
18:32:21.0458 5816 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:32:21.0460 5816 DfsC - ok
18:32:21.0701 5816 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:32:21.0720 5816 DFSR - ok
18:32:21.0880 5816 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:32:21.0883 5816 Dhcp - ok
18:32:21.0930 5816 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:32:21.0931 5816 disk - ok
18:32:22.0001 5816 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:32:22.0004 5816 Dnscache - ok
18:32:22.0051 5816 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:32:22.0053 5816 dot3svc - ok
18:32:22.0093 5816 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:32:22.0095 5816 DPS - ok
18:32:22.0145 5816 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:32:22.0146 5816 drmkaud - ok
18:32:22.0246 5816 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:32:22.0252 5816 DXGKrnl - ok
18:32:22.0287 5816 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:32:22.0288 5816 E1G60 - ok
18:32:22.0312 5816 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:32:22.0313 5816 EapHost - ok
18:32:22.0375 5816 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:32:22.0377 5816 Ecache - ok
18:32:22.0430 5816 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:32:22.0433 5816 ehRecvr - ok
18:32:22.0455 5816 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:32:22.0457 5816 ehSched - ok
18:32:22.0473 5816 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:32:22.0474 5816 ehstart - ok
18:32:22.0534 5816 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:32:22.0538 5816 elxstor - ok
18:32:22.0632 5816 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:32:22.0640 5816 EMDMgmt - ok
18:32:22.0654 5816 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:32:22.0655 5816 ErrDev - ok
18:32:22.0711 5816 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:32:22.0715 5816 EventSystem - ok
18:32:22.0764 5816 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:32:22.0766 5816 exfat - ok
18:32:22.0810 5816 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:32:22.0811 5816 fastfat - ok
18:32:22.0845 5816 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:32:22.0846 5816 fdc - ok
18:32:22.0874 5816 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:32:22.0875 5816 fdPHost - ok
18:32:22.0889 5816 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:32:22.0890 5816 FDResPub - ok
18:32:22.0927 5816 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:32:22.0928 5816 FileInfo - ok
18:32:22.0958 5816 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:32:22.0959 5816 Filetrace - ok
18:32:22.0973 5816 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:32:22.0974 5816 flpydisk - ok
18:32:23.0018 5816 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:32:23.0020 5816 FltMgr - ok
18:32:23.0166 5816 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:32:23.0176 5816 FontCache - ok
18:32:23.0326 5816 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:32:23.0329 5816 FontCache3.0.0.0 - ok
18:32:23.0344 5816 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:32:23.0345 5816 Fs_Rec - ok
18:32:23.0381 5816 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:32:23.0383 5816 gagp30kx - ok
18:32:23.0437 5816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:32:23.0438 5816 GEARAspiWDM - ok
18:32:23.0522 5816 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:32:23.0528 5816 gpsvc - ok
18:32:23.0573 5816 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:32:23.0575 5816 HdAudAddService - ok
18:32:23.0640 5816 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:32:23.0647 5816 HDAudBus - ok
18:32:23.0672 5816 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:32:23.0674 5816 HidBth - ok
18:32:23.0698 5816 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:32:23.0699 5816 HidIr - ok
18:32:23.0727 5816 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:32:23.0729 5816 hidserv - ok
18:32:23.0745 5816 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:32:23.0747 5816 HidUsb - ok
18:32:23.0767 5816 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:32:23.0769 5816 hkmsvc - ok
18:32:23.0842 5816 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
18:32:23.0843 5816 HP Health Check Service - ok
18:32:23.0861 5816 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:32:23.0862 5816 HpCISSs - ok
18:32:23.0879 5816 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:32:23.0880 5816 HpqKbFiltr - ok
18:32:23.0913 5816 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:32:23.0915 5816 hpqwmiex - ok
18:32:24.0116 5816 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:32:24.0152 5816 HSF_DPV - ok
18:32:24.0190 5816 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:32:24.0193 5816 HSXHWAZL - ok
18:32:24.0264 5816 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:32:24.0285 5816 HTTP - ok
18:32:24.0318 5816 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:32:24.0320 5816 i2omp - ok
18:32:24.0373 5816 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:32:24.0375 5816 i8042prt - ok
18:32:24.0422 5816 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:32:24.0426 5816 iaStorV - ok
18:32:24.0490 5816 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:32:24.0492 5816 IDriverT - ok
18:32:24.0669 5816 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:32:24.0683 5816 idsvc - ok
18:32:25.0677 5816 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:32:25.0921 5816 igfx - ok
18:32:26.0077 5816 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:32:26.0079 5816 iirsp - ok
18:32:26.0156 5816 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:32:26.0164 5816 IKEEXT - ok
18:32:26.0218 5816 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
18:32:26.0231 5816 IntcHdmiAddService - ok
18:32:26.0257 5816 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
18:32:26.0258 5816 intelide - ok
18:32:26.0290 5816 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:32:26.0291 5816 intelppm - ok
18:32:26.0337 5816 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:32:26.0339 5816 IPBusEnum - ok
18:32:26.0360 5816 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:32:26.0362 5816 IpFilterDriver - ok
18:32:26.0446 5816 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:32:26.0449 5816 iphlpsvc - ok
18:32:26.0453 5816 IpInIp - ok
18:32:26.0481 5816 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:32:26.0483 5816 IPMIDRV - ok
18:32:26.0514 5816 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:32:26.0516 5816 IPNAT - ok
18:32:26.0665 5816 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
18:32:26.0676 5816 iPod Service - ok
18:32:26.0697 5816 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:32:26.0698 5816 IRENUM - ok
18:32:26.0719 5816 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:32:26.0721 5816 isapnp - ok
18:32:26.0770 5816 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:32:26.0776 5816 iScsiPrt - ok
18:32:26.0789 5816 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:32:26.0790 5816 iteatapi - ok
18:32:26.0800 5816 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:32:26.0802 5816 iteraid - ok
18:32:26.0815 5816 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:32:26.0816 5816 kbdclass - ok
18:32:26.0835 5816 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:32:26.0836 5816 kbdhid - ok
18:32:26.0883 5816 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:32:26.0885 5816 KeyIso - ok
18:32:26.0973 5816 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:32:26.0995 5816 KSecDD - ok
18:32:27.0043 5816 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:32:27.0049 5816 KtmRm - ok
18:32:27.0105 5816 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:32:27.0110 5816 LanmanServer - ok
18:32:27.0149 5816 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:32:27.0153 5816 LanmanWorkstation - ok
18:32:27.0170 5816 Lbd - ok
18:32:27.0254 5816 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:32:27.0256 5816 LightScribeService - ok
18:32:27.0287 5816 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:32:27.0288 5816 lltdio - ok
18:32:27.0341 5816 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:32:27.0347 5816 lltdsvc - ok
18:32:27.0362 5816 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:32:27.0364 5816 lmhosts - ok
18:32:27.0387 5816 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:32:27.0389 5816 LSI_FC - ok
18:32:27.0414 5816 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:32:27.0427 5816 LSI_SAS - ok
18:32:27.0447 5816 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:32:27.0449 5816 LSI_SCSI - ok
18:32:27.0462 5816 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:32:27.0464 5816 luafv - ok
18:32:27.0479 5816 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:32:27.0482 5816 Mcx2Svc - ok
18:32:27.0509 5816 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:32:27.0510 5816 mdmxsdk - ok
18:32:27.0522 5816 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:32:27.0523 5816 megasas - ok
18:32:27.0586 5816 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:32:27.0593 5816 MegaSR - ok
18:32:27.0694 5816 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:32:27.0696 5816 Microsoft Office Groove Audit Service - ok
18:32:27.0729 5816 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:32:27.0732 5816 MMCSS - ok
18:32:27.0746 5816 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:32:27.0748 5816 Modem - ok
18:32:27.0790 5816 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:32:27.0792 5816 monitor - ok
18:32:27.0813 5816 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:32:27.0814 5816 mouclass - ok
18:32:27.0826 5816 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:32:27.0827 5816 mouhid - ok
18:32:27.0849 5816 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:32:27.0851 5816 MountMgr - ok
18:32:27.0929 5816 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:32:27.0931 5816 MozillaMaintenance - ok
18:32:27.0969 5816 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:32:27.0983 5816 mpio - ok
18:32:28.0005 5816 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:32:28.0007 5816 mpsdrv - ok
18:32:28.0078 5816 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:32:28.0085 5816 MpsSvc - ok
18:32:28.0099 5816 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:32:28.0101 5816 Mraid35x - ok
18:32:28.0129 5816 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:32:28.0130 5816 MRxDAV - ok
18:32:28.0184 5816 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:32:28.0185 5816 mrxsmb - ok
18:32:28.0228 5816 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:32:28.0231 5816 mrxsmb10 - ok
18:32:28.0260 5816 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:32:28.0262 5816 mrxsmb20 - ok
18:32:28.0283 5816 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:32:28.0285 5816 msahci - ok
18:32:28.0307 5816 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:32:28.0309 5816 msdsm - ok
18:32:28.0369 5816 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:32:28.0373 5816 MSDTC - ok
18:32:28.0393 5816 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:32:28.0394 5816 Msfs - ok
18:32:28.0418 5816 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:32:28.0419 5816 msisadrv - ok
18:32:28.0456 5816 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:32:28.0458 5816 MSiSCSI - ok
18:32:28.0462 5816 msiserver - ok
18:32:28.0504 5816 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:32:28.0506 5816 MSKSSRV - ok
18:32:28.0528 5816 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:32:28.0529 5816 MSPCLOCK - ok
18:32:28.0550 5816 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:32:28.0550 5816 MSPQM - ok
18:32:28.0590 5816 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:32:28.0598 5816 MsRPC - ok
18:32:28.0619 5816 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:32:28.0620 5816 mssmbios - ok
18:32:28.0643 5816 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:32:28.0643 5816 MSTEE - ok
18:32:28.0661 5816 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:32:28.0662 5816 Mup - ok
18:32:28.0721 5816 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:32:28.0727 5816 napagent - ok
18:32:28.0774 5816 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:32:28.0785 5816 NativeWifiP - ok
18:32:28.0816 5816 NAVENG - ok
18:32:28.0822 5816 NAVEX15 - ok
18:32:28.0902 5816 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:32:28.0916 5816 NDIS - ok
18:32:28.0927 5816 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:32:28.0929 5816 NdisTapi - ok
18:32:28.0940 5816 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:32:28.0942 5816 Ndisuio - ok
18:32:28.0976 5816 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:32:28.0978 5816 NdisWan - ok
18:32:28.0999 5816 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:32:29.0001 5816 NDProxy - ok
18:32:29.0011 5816 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:32:29.0013 5816 NetBIOS - ok
18:32:29.0103 5816 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:32:29.0105 5816 netbt - ok
18:32:29.0151 5816 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:32:29.0153 5816 Netlogon - ok
18:32:29.0194 5816 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:32:29.0200 5816 Netman - ok
18:32:29.0232 5816 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:32:29.0237 5816 netprofm - ok
18:32:29.0303 5816 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:32:29.0305 5816 NetTcpPortSharing - ok
18:32:29.0556 5816 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:32:29.0602 5816 NETw3v32 - ok
18:32:29.0708 5816 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:32:29.0710 5816 nfrd960 - ok
18:32:29.0752 5816 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:32:29.0756 5816 NlaSvc - ok
18:32:29.0797 5816 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:32:29.0799 5816 Npfs - ok
18:32:29.0818 5816 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:32:29.0822 5816 nsi - ok
18:32:29.0848 5816 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:32:29.0850 5816 nsiproxy - ok
18:32:30.0007 5816 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:32:30.0041 5816 Ntfs - ok
18:32:30.0054 5816 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:32:30.0056 5816 ntrigdigi - ok
18:32:30.0063 5816 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:32:30.0064 5816 Null - ok
18:32:30.0091 5816 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:32:30.0092 5816 nvraid - ok
18:32:30.0112 5816 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:32:30.0113 5816 nvstor - ok
18:32:30.0136 5816 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:32:30.0150 5816 nv_agp - ok
18:32:30.0157 5816 NwlnkFlt - ok
18:32:30.0162 5816 NwlnkFwd - ok
18:32:30.0286 5816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:32:30.0293 5816 odserv - ok
18:32:30.0333 5816 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:32:30.0334 5816 ohci1394 - ok
18:32:30.0393 5816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:32:30.0405 5816 ose - ok
18:32:30.0499 5816 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:32:30.0513 5816 p2pimsvc - ok
18:32:30.0523 5816 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:32:30.0533 5816 p2psvc - ok
18:32:30.0557 5816 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:32:30.0558 5816 Parport - ok
18:32:30.0607 5816 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:32:30.0609 5816 partmgr - ok
18:32:30.0625 5816 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:32:30.0627 5816 Parvdm - ok
18:32:30.0663 5816 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:32:30.0665 5816 PcaSvc - ok
18:32:30.0700 5816 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:32:30.0702 5816 pci - ok
18:32:30.0720 5816 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
18:32:30.0721 5816 pciide - ok
18:32:30.0750 5816 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:32:30.0752 5816 pcmcia - ok
18:32:30.0865 5816 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:32:30.0879 5816 PEAUTH - ok
18:32:31.0071 5816 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:32:31.0109 5816 pla - ok
18:32:31.0259 5816 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:32:31.0264 5816 PlugPlay - ok
18:32:31.0353 5816 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:32:31.0360 5816 PNRPAutoReg - ok
18:32:31.0369 5816 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:32:31.0377 5816 PNRPsvc - ok
18:32:31.0443 5816 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:32:31.0449 5816 PolicyAgent - ok
18:32:31.0502 5816 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:32:31.0505 5816 PptpMiniport - ok
18:32:31.0526 5816 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:32:31.0527 5816 Processor - ok
18:32:31.0577 5816 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:32:31.0581 5816 ProfSvc - ok
18:32:31.0630 5816 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:32:31.0633 5816 ProtectedStorage - ok
18:32:31.0652 5816 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:32:31.0658 5816 PSched - ok
18:32:31.0801 5816 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:32:31.0834 5816 ql2300 - ok
18:32:31.0859 5816 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:32:31.0872 5816 ql40xx - ok
18:32:31.0922 5816 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:32:31.0930 5816 QWAVE - ok
18:32:31.0953 5816 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:32:31.0955 5816 QWAVEdrv - ok
18:32:31.0970 5816 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:32:31.0972 5816 RasAcd - ok
18:32:31.0999 5816 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:32:32.0004 5816 RasAuto - ok
18:32:32.0025 5816 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:32:32.0027 5816 Rasl2tp - ok
18:32:32.0086 5816 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:32:32.0093 5816 RasMan - ok
18:32:32.0133 5816 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:32:32.0135 5816 RasPppoe - ok
18:32:32.0154 5816 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:32:32.0169 5816 RasSstp - ok
18:32:32.0215 5816 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:32:32.0232 5816 rdbss - ok
18:32:32.0266 5816 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:32:32.0267 5816 RDPCDD - ok
18:32:32.0339 5816 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:32:32.0352 5816 rdpdr - ok
18:32:32.0360 5816 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:32:32.0364 5816 RDPENCDD - ok
18:32:32.0448 5816 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:32:32.0456 5816 RDPWD - ok
18:32:32.0563 5816 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe
18:32:32.0567 5816 Recovery Service for Windows - ok
18:32:32.0606 5816 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:32:32.0608 5816 RemoteAccess - ok
18:32:32.0652 5816 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:32:32.0655 5816 RemoteRegistry - ok
18:32:32.0730 5816 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe
18:32:32.0733 5816 RichVideo - ok
18:32:32.0764 5816 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:32:32.0766 5816 RpcLocator - ok
18:32:32.0834 5816 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:32:32.0842 5816 RpcSs - ok
18:32:32.0877 5816 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:32:32.0879 5816 rspndr - ok
18:32:32.0941 5816 RTL8169 (912c0a8c7e9b2467cf6dae1b64b72779) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:32:32.0952 5816 RTL8169 - ok
18:32:32.0975 5816 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
18:32:32.0976 5816 RTSTOR - ok
18:32:33.0135 5816 SacNetAgentService_C57C4F854F53 (4e548fc2c427455836b37a7c7d9923db) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
18:32:33.0137 5816 SacNetAgentService_C57C4F854F53 - ok
18:32:33.0187 5816 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:32:33.0189 5816 SamSs - ok
18:32:33.0219 5816 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:32:33.0221 5816 sbp2port - ok
18:32:33.0262 5816 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:32:33.0267 5816 SCardSvr - ok
18:32:33.0380 5816 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:32:33.0395 5816 Schedule - ok
18:32:33.0433 5816 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:32:33.0435 5816 SCPolicySvc - ok
18:32:33.0476 5816 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:32:33.0491 5816 sdbus - ok
18:32:33.0530 5816 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:32:33.0543 5816 SDRSVC - ok
18:32:33.0562 5816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:32:33.0564 5816 secdrv - ok
18:32:33.0580 5816 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:32:33.0584 5816 seclogon - ok
18:32:33.0601 5816 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:32:33.0606 5816 SENS - ok
18:32:33.0631 5816 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:32:33.0633 5816 Serenum - ok
18:32:33.0663 5816 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:32:33.0678 5816 Serial - ok
18:32:33.0702 5816 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:32:33.0703 5816 sermouse - ok
18:32:33.0745 5816 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:32:33.0749 5816 SessionEnv - ok
18:32:33.0772 5816 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:32:33.0773 5816 sffdisk - ok
18:32:33.0795 5816 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:32:33.0797 5816 sffp_mmc - ok
18:32:33.0818 5816 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:32:33.0819 5816 sffp_sd - ok
18:32:33.0832 5816 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:32:33.0834 5816 sfloppy - ok
18:32:33.0882 5816 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:32:33.0886 5816 SharedAccess - ok
18:32:33.0953 5816 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:32:33.0958 5816 ShellHWDetection - ok
18:32:33.0982 5816 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:32:33.0985 5816 sisagp - ok
18:32:34.0008 5816 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:32:34.0009 5816 SiSRaid2 - ok
18:32:34.0025 5816 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:32:34.0031 5816 SiSRaid4 - ok
18:32:34.0439 5816 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:32:34.0520 5816 slsvc - ok
18:32:34.0663 5816 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:32:34.0667 5816 SLUINotify - ok
18:32:34.0694 5816 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:32:34.0695 5816 Smb - ok
18:32:34.0719 5816 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:32:34.0722 5816 SNMPTRAP - ok
18:32:34.0919 5816 SplashtopRemoteService (5fa669007bd7874fbb70199211fff64d) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
18:32:34.0931 5816 SplashtopRemoteService - ok
18:32:34.0965 5816 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:32:34.0966 5816 spldr - ok
18:32:35.0017 5816 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:32:35.0021 5816 Spooler - ok
18:32:35.0028 5816 SRTSP - ok
18:32:35.0040 5816 SRTSPX - ok
18:32:35.0122 5816 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:32:35.0126 5816 srv - ok
18:32:35.0150 5816 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:32:35.0160 5816 srv2 - ok
18:32:35.0182 5816 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:32:35.0183 5816 srvnet - ok
18:32:35.0224 5816 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:32:35.0228 5816 SSDPSRV - ok
18:32:35.0246 5816 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:32:35.0247 5816 ssmdrv - ok
18:32:35.0282 5816 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:32:35.0286 5816 SstpSvc - ok
18:32:35.0455 5816 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
18:32:35.0469 5816 SSUService - ok
18:32:35.0503 5816 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:32:35.0505 5816 StillCam - ok
18:32:35.0572 5816 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:32:35.0581 5816 stisvc - ok
18:32:35.0600 5816 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:32:35.0602 5816 swenum - ok
18:32:35.0668 5816 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:32:35.0676 5816 swprv - ok
18:32:35.0693 5816 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:32:35.0695 5816 Symc8xx - ok
18:32:35.0722 5816 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:32:35.0723 5816 Sym_hi - ok
18:32:35.0738 5816 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:32:35.0740 5816 Sym_u3 - ok
18:32:35.0780 5816 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
18:32:35.0798 5816 SynTP - ok
18:32:35.0867 5816 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:32:35.0880 5816 SysMain - ok
18:32:35.0908 5816 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:32:35.0913 5816 TabletInputService - ok
18:32:35.0969 5816 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:32:35.0984 5816 TapiSrv - ok
18:32:36.0007 5816 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:32:36.0012 5816 TBS - ok
18:32:36.0159 5816 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:32:36.0181 5816 Tcpip - ok
18:32:36.0207 5816 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:32:36.0218 5816 Tcpip6 - ok
18:32:36.0269 5816 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:32:36.0271 5816 tcpipreg - ok
18:32:36.0300 5816 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:32:36.0302 5816 TDPIPE - ok
18:32:36.0334 5816 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:32:36.0335 5816 TDTCP - ok
18:32:36.0380 5816 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:32:36.0383 5816 tdx - ok
18:32:36.0409 5816 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:32:36.0412 5816 TermDD - ok
18:32:36.0477 5816 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:32:36.0487 5816 TermService - ok
18:32:36.0555 5816 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:32:36.0559 5816 Themes - ok
18:32:36.0590 5816 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:32:36.0592 5816 THREADORDER - ok
18:32:36.0618 5816 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:32:36.0621 5816 TrkWks - ok
18:32:36.0648 5816 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:32:36.0650 5816 TrustedInstaller - ok
18:32:36.0679 5816 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:32:36.0681 5816 tssecsrv - ok
18:32:36.0715 5816 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:32:36.0716 5816 tunmp - ok
18:32:36.0769 5816 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:32:36.0770 5816 tunnel - ok
18:32:36.0790 5816 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:32:36.0792 5816 uagp35 - ok
18:32:36.0835 5816 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:32:36.0850 5816 udfs - ok
18:32:36.0877 5816 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:32:36.0881 5816 UI0Detect - ok
18:32:36.0902 5816 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:32:36.0904 5816 uliagpkx - ok
18:32:36.0949 5816 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:32:36.0954 5816 uliahci - ok
18:32:36.0974 5816 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:32:36.0988 5816 UlSata - ok
18:32:37.0021 5816 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:32:37.0034 5816 ulsata2 - ok
18:32:37.0042 5816 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:32:37.0046 5816 umbus - ok
18:32:37.0089 5816 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:32:37.0094 5816 upnphost - ok
18:32:37.0154 5816 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:32:37.0156 5816 USBAAPL - ok
18:32:37.0186 5816 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:32:37.0189 5816 usbccgp - ok
18:32:37.0214 5816 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:32:37.0217 5816 usbcir - ok
18:32:37.0255 5816 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:32:37.0257 5816 usbehci - ok
18:32:37.0294 5816 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:32:37.0298 5816 usbhub - ok
18:32:37.0315 5816 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:32:37.0316 5816 usbohci - ok
18:32:37.0332 5816 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
18:32:37.0333 5816 usbprint - ok
18:32:37.0351 5816 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:32:37.0353 5816 USBSTOR - ok
18:32:37.0373 5816 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:32:37.0375 5816 usbuhci - ok
18:32:37.0401 5816 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:32:37.0413 5816 usbvideo - ok
18:32:37.0451 5816 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:32:37.0454 5816 UxSms - ok
18:32:37.0504 5816 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:32:37.0513 5816 vds - ok
18:32:37.0535 5816 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:32:37.0537 5816 vga - ok
18:32:37.0566 5816 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:32:37.0568 5816 VgaSave - ok
18:32:37.0592 5816 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:32:37.0595 5816 viaagp - ok
18:32:37.0612 5816 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:32:37.0614 5816 ViaC7 - ok
18:32:37.0631 5816 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
18:32:37.0632 5816 viaide - ok
18:32:37.0655 5816 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:32:37.0657 5816 volmgr - ok
18:32:37.0724 5816 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:32:37.0736 5816 volmgrx - ok
18:32:37.0780 5816 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:32:37.0783 5816 volsnap - ok
18:32:37.0808 5816 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:32:37.0820 5816 vsmraid - ok
18:32:37.0962 5816 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:32:37.0986 5816 VSS - ok
18:32:38.0053 5816 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:32:38.0060 5816 W32Time - ok
18:32:38.0115 5816 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:32:38.0116 5816 WacomPen - ok
18:32:38.0141 5816 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:32:38.0144 5816 Wanarp - ok
18:32:38.0149 5816 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:32:38.0151 5816 Wanarpv6 - ok
18:32:38.0217 5816 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:32:38.0227 5816 wcncsvc - ok
18:32:38.0253 5816 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:32:38.0257 5816 WcsPlugInService - ok
18:32:38.0272 5816 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:32:38.0275 5816 Wd - ok
18:32:38.0338 5816 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:32:38.0363 5816 Wdf01000 - ok
18:32:38.0387 5816 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:32:38.0394 5816 WdiServiceHost - ok
18:32:38.0399 5816 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:32:38.0405 5816 WdiSystemHost - ok
18:32:38.0453 5816 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:32:38.0459 5816 WebClient - ok
18:32:38.0518 5816 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:32:38.0524 5816 Wecsvc - ok
18:32:38.0547 5816 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:32:38.0552 5816 wercplsupport - ok
18:32:38.0580 5816 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:32:38.0586 5816 WerSvc - ok
18:32:38.0670 5816 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:32:38.0691 5816 winachsf - ok
18:32:38.0764 5816 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:32:38.0768 5816 WinDefend - ok
18:32:38.0784 5816 WinHttpAutoProxySvc - ok
18:32:38.0861 5816 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:32:38.0863 5816 Winmgmt - ok
18:32:39.0040 5816 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:32:39.0109 5816 WinRM - ok
18:32:39.0187 5816 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:32:39.0198 5816 Wlansvc - ok
18:32:39.0485 5816 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:32:39.0520 5816 wlidsvc - ok
18:32:39.0649 5816 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:32:39.0651 5816 WmiAcpi - ok
18:32:39.0722 5816 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:32:39.0734 5816 wmiApSrv - ok
18:32:39.0864 5816 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:32:39.0880 5816 WMPNetworkSvc - ok
18:32:39.0925 5816 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:32:39.0931 5816 WPCSvc - ok
18:32:39.0972 5816 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:32:39.0977 5816 WPDBusEnum - ok
18:32:40.0068 5816 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:32:40.0070 5816 WpdUsb - ok
18:32:40.0294 5816 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:32:40.0318 5816 WPFFontCache_v0400 - ok
18:32:40.0352 5816 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:32:40.0353 5816 ws2ifsl - ok
18:32:40.0398 5816 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:32:40.0402 5816 wscsvc - ok
18:32:40.0440 5816 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:32:40.0441 5816 WSDPrintDevice - ok
18:32:40.0446 5816 WSearch - ok
18:32:40.0694 5816 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:32:40.0734 5816 wuauserv - ok
18:32:40.0895 5816 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:40.0910 5816 WUDFRd - ok
18:32:40.0945 5816 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:32:40.0950 5816 wudfsvc - ok
18:32:40.0984 5816 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:32:40.0986 5816 XAudio - ok
18:32:41.0041 5816 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
18:32:41.0049 5816 XAudioService - ok
18:32:41.0090 5816 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
18:32:41.0107 5816 yukonwlh - ok
18:32:41.0156 5816 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
18:32:41.0342 5816 \Device\Harddisk0\DR0 - ok
18:32:41.0357 5816 Boot (0x1200) (9dcdaf7f471265c30d24dfcfe84401fc) \Device\Harddisk0\DR0\Partition0
18:32:41.0359 5816 \Device\Harddisk0\DR0\Partition0 - ok
18:32:41.0374 5816 Boot (0x1200) (e7fcdf3bf1b87aa44e13e3db1dee7bea) \Device\Harddisk0\DR0\Partition1
18:32:41.0377 5816 \Device\Harddisk0\DR0\Partition1 - ok
18:32:41.0378 5816 ============================================================
18:32:41.0378 5816 Scan finished
18:32:41.0378 5816 ============================================================
18:32:41.0402 4912 Detected object count: 0
18:32:41.0402 4912 Actual detected object count: 0
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Fri Jul 06, 2012 9:42 pm    Post subject: Reply with quote
Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Java(TM) 6 Update 31


Reboot your computer when finished

We'll install the latest version of Java later.

Next

There are remnants of an old Norton and an old AVG installation on your computer.

Download and run this program for removing AVG .... http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe
Download and run this program for removing Norton .... ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Reboot your computer when finished

Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={907DB7B5-31D2-4141-AEC5-C2F333F8287F}&mid=ecfc3b5ffb1147d0ade9d15650861bcb-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=AVG&pr=pr&d=2012-07-03 08:42:47&v=11.1.0.12&sap=dsp&q={searchTerms}
FF- prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Beee27e82-7d54-45fe-9a13-ceff669f8da3%7D&mid=ecfc3b5ffb1147d0ade9d15650861bcb-b0d4f81a8999f5981f04537c5ec8468fd5234593&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-03%2008%3A42%3A47&sap=ku&q="
[2012/07/03 08:42:40 | 000,003,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O3 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O33 - MountPoints2\##192.168.2.2#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.3#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.4#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.5#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.6#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.7#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\##192.168.2.8#CLICKFREEUSBDRIVE_CD_F\Shell\AutoRun\command - "" = Z:\StartClickFreeBackup.exe
O33 - MountPoints2\{d0631a25-81ed-11df-9c9d-001f1662f238}\Shell - "" = AutoRun
O33 - MountPoints2\{d0631a25-81ed-11df-9c9d-001f1662f238}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe
[2012/07/06 08:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/06 08:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/05 17:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/05 15:58:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/05 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/04 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{ACF4812C-4853-4589-B458-99A8FA0624E9}
[2012/07/04 19:53:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{CD4C07D4-159E-44DB-9F50-B132F4A49DAA}
[2012/07/03 08:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/03 08:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/03 08:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/03 08:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/02 18:20:22 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{F874137D-8D79-476E-AF09-5F43B89466FF}
[2012/07/02 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{F9EF9C63-635C-4A01-B4DD-A7AB7B249E35}
[2012/06/30 07:10:51 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
[2012/06/24 19:54:23 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{69219794-7E42-42A6-BAE5-C98BD55E2E34}
[2012/06/24 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{4C67B1F4-DDFE-49DB-924C-F743F5C841EF}
[2012/06/24 07:32:13 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{FD683D30-8849-4E76-91A7-8A930B868CB5}
[2012/06/24 07:31:50 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{CA2559BA-0DD7-4444-B61E-2F2AA0FB7E26}
[2012/06/22 08:43:51 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{583234A9-2C15-4197-87DF-59CFBA943950}
[2012/06/22 08:43:39 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{829801BA-70DF-4024-A79B-9DC6749FDD85}
[2012/06/18 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{21564BF9-AE84-4785-84BC-A119C6E05A1C}
[2012/06/18 15:23:43 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{C5E41167-D052-4DD6-8B76-F2FAF081A75F}
[2012/06/18 15:23:23 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{117AA354-649E-4AA2-A63E-944BE8A686EF}
[2012/06/18 15:23:00 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{AEE63FB6-FBEA-464A-8FB1-9AD9A7EA30F8}
[2012/06/10 14:35:12 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{26443EA4-3BF6-4FD7-BAB2-EEC3A7C50F00}
[2012/06/10 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\{64EC836F-22C7-4DB7-A4BD-8E069E352912}
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:0E08FC17

:Files
ipconfig /flush dns

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sat Jul 07, 2012 6:32 am    Post subject: Reply with quote
Hi Gary,

I've run into a bit of a problem.

I uninstalled Java and rebooted. Then I ran the removal programs to get rid of the vestiges of AVG and Norton and rebooted again. so far, so good.

I started running OTL and Avira popped up with a window that said it was blocking the HOSTS file. I hit the OK (I think I should have stopped there and contacted you), and now OTL is hung and has a status message at the bottom saying "Resetting HOSTS file. DO NOT INTERRUPT."

I'm pretty sure Avira is blocking it.

I don't want to power down the PC without checking with you first.

Please advise.

Thanks,
Kris
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sat Jul 07, 2012 6:56 am    Post subject: Reply with quote
Yes, just reboot your computer, temporarily disable Avira, then run OTL again using the instructions in my last post.

To disable Avira, just right click on the icon your taskbar (bottom right corner of your screen) and there's usually an option to disable real time protection.

Don't forget to re-enable Avira once OTL has finished.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sat Jul 07, 2012 10:02 am    Post subject: Reply with quote
Here's the log from OTL. Am just getting ready to run ESET. Will post those results shortly:

All processes killed
========== OTL ==========
Error: No service named NAVEX15 was found to stop!
Service\Driver key NAVEX15 not found.
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS not found.
Error: No service named NAVENG was found to stop!
Service\Driver key NAVENG not found.
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS not found.
Error: No service named SRTSPX was found to stop!
Service\Driver key SRTSPX not found.
File C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS not found.
Error: No service named SRTSP was found to stop!
Service\Driver key SRTSP not found.
File C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS not found.
Registry key HKEY_USERS\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "http://isearch.avg.com/search?cid=%7Beee27e82-7d54-45fe-9a13-ceff669f8da3%7D&mid=ecfc3b5ffb1147d0ade9d15650861bcb-b0d4f81a8999f5981f04537c5ec8468fd5234593&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-03%2008%3A42%3A47&sap=ku&q=" removed from keyword.URL
File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
Registry value HKEY_USERS\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.2#CLICKFREEUSBDRIVE_CD_F\ not found.
File Z:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.3#CLICKFREEUSBDRIVE_CD_F\ not found.
File Z:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.4#CLICKFREEUSBDRIVE_CD_F\ not found.
File Z:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.5#CLICKFREEUSBDRIVE_CD_F\ not found.
File Z:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.6#CLICKFREEUSBDRIVE_CD_F\ not found.
File Z:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.7#CLICKFREEUSBDRIVE_CD_F\ not found.
File Z:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.8#CLICKFREEUSBDRIVE_CD_F\ not found.
File Z:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0631a25-81ed-11df-9c9d-001f1662f238}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0631a25-81ed-11df-9c9d-001f1662f238}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0631a25-81ed-11df-9c9d-001f1662f238}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0631a25-81ed-11df-9c9d-001f1662f238}\ not found.
File G:\StartClickFreeBackup.exe not found.
Folder C:\ProgramData\Spybot - Search & Destroy\ not found.
Folder C:\Program Files\Spybot - Search & Destroy\ not found.
Folder C:\ProgramData\HitmanPro\ not found.
Folder C:\Users\Kris\AppData\Roaming\SUPERAntiSpyware.com\ not found.
Folder C:\ProgramData\SUPERAntiSpyware.com\ not found.
Folder C:\Users\Kris\AppData\Local\{ACF4812C-4853-4589-B458-99A8FA0624E9}\ not found.
Folder C:\Users\Kris\AppData\Local\{CD4C07D4-159E-44DB-9F50-B132F4A49DAA}\ not found.
Folder C:\Program Files\Common Files\AVG Secure Search\ not found.
Folder C:\Program Files\AVG Secure Search\ not found.
Folder C:\ProgramData\AVG2012\ not found.
Folder C:\Program Files\AVG\ not found.
Folder C:\Users\Kris\AppData\Local\{F874137D-8D79-476E-AF09-5F43B89466FF}\ not found.
Folder C:\Users\Kris\AppData\Local\{F9EF9C63-635C-4A01-B4DD-A7AB7B249E35}\ not found.
Folder C:\Users\Kris\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}\ not found.
Folder C:\Users\Kris\AppData\Local\{69219794-7E42-42A6-BAE5-C98BD55E2E34}\ not found.
Folder C:\Users\Kris\AppData\Local\{4C67B1F4-DDFE-49DB-924C-F743F5C841EF}\ not found.
Folder C:\Users\Kris\AppData\Local\{FD683D30-8849-4E76-91A7-8A930B868CB5}\ not found.
Folder C:\Users\Kris\AppData\Local\{CA2559BA-0DD7-4444-B61E-2F2AA0FB7E26}\ not found.
Folder C:\Users\Kris\AppData\Local\{583234A9-2C15-4197-87DF-59CFBA943950}\ not found.
Folder C:\Users\Kris\AppData\Local\{829801BA-70DF-4024-A79B-9DC6749FDD85}\ not found.
Folder C:\Users\Kris\AppData\Local\{21564BF9-AE84-4785-84BC-A119C6E05A1C}\ not found.
Folder C:\Users\Kris\AppData\Local\{C5E41167-D052-4DD6-8B76-F2FAF081A75F}\ not found.
Folder C:\Users\Kris\AppData\Local\{117AA354-649E-4AA2-A63E-944BE8A686EF}\ not found.
Folder C:\Users\Kris\AppData\Local\{AEE63FB6-FBEA-464A-8FB1-9AD9A7EA30F8}\ not found.
Folder C:\Users\Kris\AppData\Local\{26443EA4-3BF6-4FD7-BAB2-EEC3A7C50F00}\ not found.
Folder C:\Users\Kris\AppData\Local\{64EC836F-22C7-4DB7-A4BD-8E069E352912}\ not found.
Unable to delete ADS C:\ProgramData\Temp:0E08FC17 .
========== FILES ==========
Invalid Switch: flush dns
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kris
->Temp folder emptied: 64630 bytes
->Temporary Internet Files folder emptied: 188603 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7766798 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07072012_124443

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sat Jul 07, 2012 10:29 am    Post subject: Reply with quote
Sorry I made a typo in my last script, we need to run part of it again ...


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Files
ipconfig /flushdns /c


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sat Jul 07, 2012 10:36 am    Post subject: Reply with quote
Just wanted to update status.

I decided to let ESET continue running unless you indicated you want it cancelled. ESET has been running for an hour and says it is 46 percent complete. It has identified one threat, what it refers to as a variant of Win32/Install Core.D application.

end of update

Original post:

ESET is currently running. It's been going about 25 minutes and is 23 percent complete.

Should I let it finish running and then run OLT, or should I stop ESET, run OLT with your additional code, and then re-run ESET?

Thanks,
Kris
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sat Jul 07, 2012 11:39 am    Post subject: Reply with quote
Let E-Set finish first, it usually takes quite a while, sometimes several hours.

The OTL fix can be run afterwards.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sat Jul 07, 2012 12:03 pm    Post subject: Reply with quote
OK, so ESET finished. Here is the log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7b42179829848542ab68f2def73043e1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-07 07:49:22
# local_time=2012-07-07 02:49:22 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 22714705 22714705 0 0
# compatibility_mode=5892 16776573 100 100 0 178292230 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=186869
# found=1
# cleaned=0
# scan_time=5860
C:\Users\Kris\Downloads\cnet2_HitmanPro36_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I


Will run OTL with your corrected code.
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sat Jul 07, 2012 12:06 pm    Post subject: Reply with quote
OTL has completed and I have enabled Avira.

Here's the OTL report:

========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kris\Downloads\cmd.bat deleted successfully.
C:\Users\Kris\Downloads\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.53.1 log created on 07072012_150509


I have not rebooted after this run of OTL (it has not asked for a reboot).
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sat Jul 07, 2012 1:13 pm    Post subject: Reply with quote

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Files
C:\Users\Kris\Downloads\cnet2_HitmanPro36_exe.exe


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Are your Google searches still being re-directed ?
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sat Jul 07, 2012 1:33 pm    Post subject: Reply with quote
========== FILES ==========
C:\Users\Kris\Downloads\cnet2_HitmanPro36_exe.exe moved successfully.

OTL by OldTimer - Version 3.2.53.1 log created on 07072012_163243

Still getting Google redirects.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sat Jul 07, 2012 9:44 pm    Post subject: Reply with quote
Sorry I'm late getting back to you, we had a storm last night and I lost connection for a couple of hours, it was past midnight before things got back to normal.

OK, can you tell me what browser you're using when you get re-directed, and whether you have any other computers connected to the same router.

Next

Temporarily disable Avira, then .....


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Files
ipconfig /flushdns /c

:Commands
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Next

Let’s try to Reset your Router to its default configuration.

  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know your router's default password, you can look it up. HERE
  • You will need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.


Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This should help to stop your router from being hijacked again.

Do not re-enable Avira yet, but see if your Google searches are still being re-directed.

Now re-enable Avira and see if you're being re-directed. If you weren't when Avira was disabled, and you are once it's re-enabled, please let me know.


Next

If you're still being re-directed with Avira disabled, then I want you to run a new scan with OTL, using the instructions below ....


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents


  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next


  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it



  • Click the SCAN button to start the scan.



  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.


Summary of the logs I need from you in your next post:

  • Let me know what browser you're using, and whether you have any other computers attached to the same router.
  • New OTL.txt
  • New Extras.txt
  • aswMBR log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 12:32 am    Post subject: Reply with quote
Good morning,

I have several other computers running wirelessly from the same router: One additional PC, and iPad and an iPod touch.

I use Firefox as my browser.

By the way, I noticed this morning that some of my Firefox options were reset. Previously, I had custom options set to clear out cache, history and cookies when I close Firefox. I noticed this morning that they had been reset and it wasn't clearing those things out. Is it possible that one of the programs I ran at your direction reset some of those options back to Firefox defaults? Or could it be part of the virus? Just wanted to mention it in case it is significant. I've reset the options to what I used to have as far as clearing things out when I close Firefox.

My router is not set to its default password. I purchased it several years ago and set a new password at the time I installed it. Basically, it hasn't had its original password since the day I installed it.

Do you still want me to execute the router reset?

Off to run OTL.

Cheers,
Kris

Last edited by hlwalkerst on Sun Jul 08, 2012 1:31 am; edited 1 time in total
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 12:41 am    Post subject: Reply with quote
It's 3:40 a.m. here and my brain is not quite in gear.

I forgot to disable Avira, so OTL hung. I disabled Avira, it looked like OTL was still hung, so I closed it.

It produced this log:

Files\Folders moved on Reboot...
C:\Windows\System32\drivers\etc\Hosts moved successfully.

PendingFileRenameOperations files...
File C:\Windows\System32\drivers\etc\Hosts not found!

Registry entries deleted on Reboot...

Did it finish doing what it was supposed to, or did I mess something up?

Also, I should note that all along, redirects were not happening consistently. sometimes I will go for a number of Google queries and no redirects happen. Then suddenly they start happening.

So far today, no redirects have occurred. Again, not sure if this is significant information to you.

Thanks so much for sticking with me on this. I truly appreciate your efforts.

Last edited by hlwalkerst on Sun Jul 08, 2012 1:03 am; edited 1 time in total
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 12:51 am    Post subject: Reply with quote
For today, I go for periods of time where redirects do not occur, then they start occurring again. I'm back to no redirects.

Am not executing anything else until we connect.

I was googling around about the redirect virus and found this information on eHow:

Quote:
Check the LAN settings for Mozilla Firefox browser. Select "Tools" from the menu bar and then select "Options." Click on the "Advanced" tab button. Then click on the "Network" button. Go to "Settings" and check to make certain that the "No Proxy" radio button is enabled. Click the "OK" button and close the Web browser.


I checked the Firefox setting and mine is set to "Use System Proxies" rather than "No Proxy". I made no changes to this parameter and don't know if this information is significant.
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 1:55 am    Post subject: Reply with quote
My husband booted up his PC and was working on it for a while.

It got a Windows system error message that said "There is an IP address conflict with another system on the network". He works from home all the time (his is a work PC) and has never seen this message before.

Again, offering info that may/may not be relevant to the problem.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sun Jul 08, 2012 2:38 am    Post subject: Reply with quote
In reply to whether Firefox settings were reset, yes it's likely when we emptied out your temp files and folders earlier, that OTL set your settings back to default.

Can't see why you'd have a proxy set in FF.


Please download MiniToolBox to your Desktop.


  • Double click MiniToolBox.exe to launch the program.
  • Checkmark the following checkboxes:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration

  • Click Go to start the scan.
  • When finished a log Result.txt will open.
  • Please post it in your next reply.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 2:48 am    Post subject: Reply with quote
Results of MTB:

MiniToolBox by Farbar Version: 25-06-2012
Ran by Kris (administrator) on 08-07-2012 at 05:46:33
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek RTL8102/8103 Family PCI-E FE NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.2.2 metric=1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kris-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-24-2B-03-48-3E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::94ec:3400:f71:5309%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 08, 2012 3:10:45 AM
Lease Expires . . . . . . . . . . : Wednesday, August 14, 2148 12:14:58 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234890283
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-FF-EF-A5-00-24-2B-03-48-3E
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102/8103 Family PCI-E FE NIC
Physical Address. . . . . . . . . : 00-1F-16-62-F2-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{6EA0CE12-8DA6-4161-A69E-91DF26BEF9E9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:24cb:3e1:3f57:fdfd(Preferred)
Link-local IPv6 Address . . . . . : fe80::24cb:3e1:3f57:fdfd%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: F5d8233-4v3
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:4009:802::1003
74.125.225.34
74.125.225.35
74.125.225.36
74.125.225.37
74.125.225.38
74.125.225.39
74.125.225.40
74.125.225.41
74.125.225.46
74.125.225.32
74.125.225.33



Pinging google.com [74.125.225.32] with 32 bytes of data:

Reply from 74.125.225.32: bytes=32 time=60ms TTL=50

Reply from 74.125.225.32: bytes=32 time=61ms TTL=50



Ping statistics for 74.125.225.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 61ms, Average = 60ms

Server: F5d8233-4v3
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=79ms TTL=49

Reply from 209.191.122.70: bytes=32 time=79ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 79ms, Average = 79ms

Server: F5d8233-4v3
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 24 2b 03 48 3e ...... Atheros AR5009 802.11a/g/n WiFi Adapter
10 ...00 1f 16 62 f2 38 ...... Realtek RTL8102/8103 Family PCI-E FE NIC
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{6EA0CE12-8DA6-4161-A69E-91DF26BEF9E9}
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 isatap.Belkin
15 ...00 00 00 00 00 00 00 e0 isatap.{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.2.2 26
169.254.255.255 255.255.255.255 On-link 192.168.2.2 281
192.168.2.0 255.255.255.0 On-link 192.168.2.2 281
192.168.2.2 255.255.255.255 On-link 192.168.2.2 281
192.168.2.255 255.255.255.255 On-link 192.168.2.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.2.2 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 18 ::/0 On-link
1 306 ::1/128 On-link
13 18 2001::/32 On-link
13 266 2001:0:4137:9e76:24cb:3e1:3f57:fdfd/128
On-link
11 281 fe80::/64 On-link
13 266 fe80::/64 On-link
13 266 fe80::24cb:3e1:3f57:fdfd/128
On-link
11 281 fe80::94ec:3400:f71:5309/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**** End of log ****
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sun Jul 08, 2012 4:51 am    Post subject: Reply with quote
Temporarily disable Avira ...

Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Commands
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Next

Reset your Router to its default configuration.

  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know your router's default password, you can look it up. HERE
  • You will need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.


Let me know if you're still being re-directed

Sorry if it seems I'm persisting with this, but it's not clear at the moment that everything has been set back to default, so it's still possible you may have a hosts or dns hijack.

Once we've established whether that is the case or not, we can move onto other things if necessary.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 5:05 am    Post subject: Reply with quote
Results of OLT

========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.53.1 log created on 07082012_080329
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 5:38 am    Post subject: Reply with quote
Am currently still getting redirects intermittently. I can see a series of separate entries in my history when the redirect occurs. Lists things like 31.193.0.178. Is that called an IP address?

My router model is F5D8233

Before I reset the Belkin N router to factory defaults, I just wanted to walk through what I'll need to do. It's been years since I installed the router originally, and I don't remember what the steps were.

After I do the paper clip reset thing, I'm basically re-doing what I did when I originally took the router out of its box and installed it, right? I have the original install disk for the router, which I believe walks me through the installation. May I use that to re-set things up? Or should I follow the instructions on their site: http://en-us-support.belkin.com/app/answers/detail/a_id/7016

When I installed the router 5 years ago, I changed the administrator password (I think that's what it's called) from the default. If I go to the Windows Network and Sharing Center and double click on the router device in the network map, I get a tab that pops up in Firefox that lets me access all of the router parameters once I've entered my admin password. That password is one that I set up, and not the default password that came with the router. The default admin password is the one I'm trying to locate, right? From the link you provided, it looks like the default username and password are both blank.

Security settings on the router currently show WPA-Personal (PSK). Any computer connecting to my router needs the password that I set up 5 years ago when I installed the router. As I understand it, I'll need to set up those parameters again once I connect.

Should Avira be enabled or disabled?

I'm such a rookie!

Thanks again.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sun Jul 08, 2012 6:41 am    Post subject: Reply with quote
OK, the IP address you gave me ... 31.193.0.178 ... is for ...

Quote:
31.193.0.178

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '31.193.0.176 - 31.193.0.183'

inetnum: 31.193.0.176 - 31.193.0.183
netname: NS-UK-031193000176
descr: 30008999.pqc7032ukms.pservers.info
remarks: Dedicated Server
country: GB
admin-c: LA3599-RIPE
tech-c: VS5994-RIPE
status: ASSIGNED PA
source: RIPE # Filtered
mnt-irt: IRT-BURSTNET
mnt-by: mnt-burst-au
mnt-by: mnt-burst-mu

role: LIR Admin
org: ORG-BL102-RIPE
address: BurstNET Limited, Unit 31, Greenheys, Pencroft Way, Manchester Science Park, Manchester, United Kingdom, M15 6JJ
phone: +1 570 343 2200
fax-no: +1 570 343 9505
admin-c: BRA40-RIPE
admin-c: BED8-RIPE
tech-c: BRA40-RIPE
tech-c: BED8-RIPE
nic-hdl: LA3599-RIPE
mnt-by: BurstNET
source: RIPE # Filtered

person: Vadym Sheyin
address: Universitetskaya 2a, Donetck, Donetkiy, 83001, Ua
phone: +1 570 343 2200
fax-no: +1 570 343 9533
nic-hdl: VS5994-RIPE
source: RIPE # Filtered
mnt-by: mnt-burst-au
mnt-by: mnt-burst-mu


% This query was served by the RIPE Database Query Service version 1.15 (WHOIS1)


Which looks very much like a dns hijack (Ukraine is a common destination for DNS hijacks).

Before we go any further, can I just ask you to check a couple of things for me ....


  • Click Start > Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings
  • Right click on your connection and select Properties
  • Under the Network tab, click on Internet Protocol Version 4 (TCP/IPv4) to highlight it.
  • Click Properties

    • Ensure that Obtain an IP address automatically is selected
    • Ensure that Obtain DNS server address automatically is selected
    • Click OK

  • Under the Network tab, click on Internet Protocol Version 6 (TCP/IPv6) to highlight it.
  • Click Properties

    • Ensure that Obtain an IP address automatically is selected
    • Ensure that Obtain DNS server address automatically is selected
    • Click OK

  • Click Close
  • Exit any open windows


If you did NOT have to change any settings ..... it's most probable that your computer is not the problem, and it's your router that has been hijacked.

If you can get into your router set up page, as it seems you can, you should just need to set your DNS settings to those supplied by your ISP (internet service provider), and hopefully that will resolve the problem.

I'm not familiar with your particular router/modem, so I suspect your best course of action is to contact your ISP, tell them you believe the dns settings on your router have been hijacked, and ask them to talk you through setting them to the ones they usually supply.

You can almost certainly use the router set up disk to reset your router, but again I'm not familiar with your router, so I can't confirm that for certain, and I wouldn't want to leave you with a situation that's worse than it currently is, so my first call would be to contact your ISP and see if they can walk you through things first.

It should not be necessary for Avira to be disabled when you do any of this.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 8:17 am    Post subject: Reply with quote
Hi Gary,

I talked to ATT, which is my ISP. Their first line tech support had me check a number of things (including the last things you told me to check) and from what I told them, they said they all sounded OK. That rep was heading in the direction of DNS Changer being the problem, and wanted me to run McAfee Stinger, which I did not. Wanted to confer with you first. He had me check through dsn-ok and I came up clean for DNS Changer, so I don't understand why he wanted me to run Stinger.

I ended up getting transferred to a higher level of tech support. I have an ATT modem, but my router is a third party product, so support for the router would be handled by the ATT ConnecTech Home, which is a service I would be paying for (which I don't have a problem doing that). They said they can check everything out remotely, reset the router and fix the whatever other problems are there. I don't know if the service is any good; the cost is $15 a month for a one year subscription which covers 4 devices including wireless printers and tablets.

When I had the higher level tech on the line, I asked about the Firefox setting that was using the system proxy settings rather than "No proxy". She didn't see a need for me to be using any proxies, so I did set that option to "No Proxy". Still getting redirects.

I have not reset the router at this point.

I feel very comfortable working with you, but if you think I should be going with a paid service, please tell me. In 15 years of using PCs at home, this is the first time I've had any kind of problem. Never any hardware or software issues, so I'm a little out of my element right now.

Do you have any sense if I'm at risk for other problems, such as someone swiping my password info for financial sites? I pay bills online.

What are your thoughts as to next steps? Should I reset the router now also? Or should I dump the whole problem in ATT's lap and pay them to fix it?



Thanks,
Kris
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sun Jul 08, 2012 8:35 am    Post subject: Reply with quote
I do not think it's likely that you'll need to pay anyone to fix this, I think it's just going to be a matter of resetting the router, however I can't give any guarantees.

Before resetting your router though, try going online using Internet Explorer, and see if you get re-directed when using that rather than Firefox.

Let me know if you're still being re-directed, if you are then it just confirms the router as being the most likely source of your problems, if not then the router is not the problem and it's something I've missed on Firefox.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 8:53 am    Post subject: Reply with quote
I'm actually kind of having fun with this. I'm a systems person from IBM 370/MVS days, so I can follow what's going on to some extent but don't have a current toolset with which to problem solve! (I'm retired from IT for many years).

Anyway, back to business..

That was a great idea about IE....I never use it, but when I opened it it said it couldn't restore the tabs from a previous session. I checked "do not restore tabs".

Then the following came up:

A program on your computer has corrupted your default search provider setting for Internet Explorer.

Internet Explorer has reset this setting to your original search provider, Bing.

Internet Explorer will now open search settings, where you can change this setting...

I killed it with Task Manager. Wasn't sure if some of the options were reset by things I've been running, or if it was the malware trying to install something there.

Now I remember what happened on Friday, which was a window that popped up claiming to be from Internet Explorer, saying it had found a virus and should it fix it. I clicked the "x" to close, and I'm guessing that's what kicked this all off. Probably should have killed that with TM also.

My hubby and I are going to lunch and I will reboot the router when I get home. Maybe two hours from now. Will let you know results. I figure if I can't get the router running again for some reason, I can just plug my computer directly into my modem and I should be good to go. I would lose my wireless access, but that's just a minor inconvenience!
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sun Jul 08, 2012 10:28 am    Post subject: Reply with quote
OK, I'll wait to see how you get on with your router.

I'm going to be out for the rest of the night, so it will be tomorrow morning my time (GMT) before I get to see your next post.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Sun Jul 08, 2012 2:12 pm    Post subject: Reply with quote
OK.

I disconnected the router and connected my computer directly to the modem.

I found the manual for my router online.

The router was plugged in to a power outlet, but there were no connections to the modem or my computer. I restored to router factory defaults by using the paper clip in the back of the router. The lights flashed as the manual described and it appeared to restore to factory settings., I unplugged the router and then followed the instructions for connecting everything back together.

I have never done a firmware update and did not do one today. Just wanted to mention.

I ran the Setup Assistant software from Belkin. I used the default password, which worked, which indicated to me that I had successfully done the restore to factory defaults.

I followed the setup assistant and completed the setup: Enabled wireless security and created a different password than the one I had before, named the network a different name than before, and changed the admin password to a different password than I had before. All went fine.

I connected the computer via the wireless connection and disconnected the physical ethernet connection to the router and went to Google to try some searches.

About three searches in, I got a redirect.

I disconnected the router and did a direct modem to computer connection, did a couple of searches and got another redirect.

When I try to use IE, I get the message I described earlier regarding the search engine being modified. I just close it with Task Manager and have gone no further testing with an alternate browser, since I'm getting redirects with no router involved, I'm thinking the problem is in my computer. Unless it can get passed back and forth!

I can get the redirects to occur pretty consistently with search strings like "best malware" or "best anti-virus" or "jewelry" or "gold" or "McAfee". I tried entering searches for several financial institutions with which I do *not* do business with; no redirect.

The redirect is still happening from the IP address I posted earlier, but another couple of IP address also appear in my search history immediately after the redirect. 173.214.255.72 and 184.164.142.83.

I also tried running Firefox in Safe Mode, which disables my addons. I read somewhere that someone had a bad add-on. I still got redirects, and after enabled the addons, I still continue to get redirects.

Currently do not have router connected.

I'll save the history and cookies (I normally delete it upon exit) and will wait for your next post. The malware is leaving some footprints. When I hover over the Name or Location, I can see a string of characters with data embedded. And after I got two redirects I saw cookies from the following two sites set on my computer: admarketplace.net and bridge2admarketplace.net. They indicated they were good until the end of the session, so I think when I close Firefox they will go away.

Also found this in the Mozilla forums. Describes my problem to a "t". http://support.mozilla.org/en-US/questions/790252


Kris

P.S. By the way, I was in Yorkshire in the mid-1980's. I was one of those crazy Americans who was smitten with the James Herriot books, and I just had to visit. It was as wonderful as I imagined it would be. I still dream of having tea and fabulous sweet stuff at Betty's. Is it still in business??
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Sun Jul 08, 2012 9:46 pm    Post subject: Reply with quote
Yes, Betty's is still going strong.

OK, seems I missed something on your computer then.

So I need you to run some further scans for me.

First

Please run a new OTL scan, using the instructions below, which will allow me to see a few things I didn't look at before.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents


  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next


  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it



  • Click the SCAN button to start the scan.



  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.


Summary of the logs I need from you in your next post:

  • Latest OTL.txt
  • Latest Extras.txt
  • aswMBR log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Mon Jul 09, 2012 1:23 am    Post subject: Reply with quote
OTL results:

OTL logfile created on: 7/9/2012 3:59:46 AM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 55.70% Memory free
6.06 Gb Paging File | 4.65 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 201.78 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 16:15:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kris\Downloads\OTL.exe
PRC - [2012/06/18 05:44:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/15 15:44:04 | 000,548,264 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012/06/15 15:44:02 | 002,463,648 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2012/06/15 15:43:54 | 006,526,888 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2012/05/08 08:03:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 08:02:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/08 08:02:58 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 08:02:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/03/15 00:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2010/11/18 09:05:11 | 000,083,792 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
PRC - [2010/11/18 09:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 09:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/21 03:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/18 05:44:12 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 20:55:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 20:54:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 20:54:24 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 20:53:02 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/09 15:28:35 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/09 15:26:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 15:26:49 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/09 15:26:48 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 15:26:48 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/09 15:26:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/09 15:05:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/09 15:04:26 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/09 15:04:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 15:03:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/09 15:03:38 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 15:03:29 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/04/10 23:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 19:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/09/30 18:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 18:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 18:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 18:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 18:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 18:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 18:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 18:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/23 20:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 16:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 16:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 16:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/18 05:44:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 15:44:04 | 000,548,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/05/08 08:03:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 08:02:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/15 00:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/11/18 09:05:11 | 000,083,792 | R--- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe -- (CFUACProxy_officeguardianv2n)
SRV - [2010/11/18 09:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/08 08:03:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 08:03:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/19 15:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A28AFCB-D7B6-4628-8EA2-D66964A22F01}
IE - HKLM\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 05:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 07:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/28 07:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 05:44:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 07:23:13 | 000,000,000 | ---D | M]

[2009/02/07 08:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Extensions
[2012/07/04 16:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions
[2010/04/27 16:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/17 12:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/07 16:31:11 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/02/16 21:42:26 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\clickclean@hotcleaner.com
[2012/07/03 07:48:34 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\firefox@ghostery.com
[2012/05/14 08:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/21 12:32:40 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\KRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPMH8NTC.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011/07/15 13:41:17 | 000,067,428 | ---- | M] () (No name found) -- C:\USERS\KRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPMH8NTC.DEFAULT\EXTENSIONS\TRACKMENOT@MRL.NYU.EDU.XPI
[2012/06/18 05:44:13 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/03 18:30:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/18 05:44:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 05:44:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/08 08:03:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000..\Run: [LightScribe] C:\Users\Kris\AppData\Local\LightScribe\ibuzvdbz.dll (Winsoft SA)
O4 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O7 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EA0CE12-8DA6-4161-A69E-91DF26BEF9E9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro36 - Reg Error: Value error.
SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 09:00:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/06 15:39:36 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/06 15:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/07/05 15:58:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Google
[2012/07/05 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/07/05 11:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/05 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/05 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/07/03 08:26:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/03 08:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/02 20:01:46 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kris\Desktop\TDSSKiller.exe
[2012/07/02 06:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/02 06:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/02 06:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/01 20:54:28 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\LightScribe
[2012/06/19 05:36:43 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 05:36:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 05:35:57 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 05:35:57 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 05:35:56 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 05:35:45 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 05:35:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 12:15:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 12:15:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 12:15:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 12:15:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 12:15:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 12:15:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 12:15:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 12:13:00 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/07/09 03:59:27 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/09 03:59:27 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/09 03:54:22 | 000,002,617 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/07/09 03:54:17 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/07/09 03:53:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 03:53:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 03:53:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/09 03:53:45 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/08 17:16:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2012/07/08 16:11:20 | 014,181,242 | ---- | M] () -- C:\Users\Kris\Documents\belkin router manual.pdf
[2012/07/08 11:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2012/07/08 08:03:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/07/08 05:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2012/07/06 17:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/07/06 16:38:39 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kris\Desktop\TDSSKiller.exe
[2012/07/06 15:42:29 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/06 13:28:50 | 000,002,904 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120706_132845.reg
[2012/07/05 11:59:16 | 000,002,036 | ---- | M] () -- C:\Users\Kris\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/03 17:12:22 | 000,009,702 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120703_171218.reg
[2012/07/03 08:16:57 | 000,019,266 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120703_081651.reg
[2012/07/02 20:28:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKris.job
[2012/07/02 06:30:38 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/27 15:46:22 | 000,000,898 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/23 23:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2012/06/14 20:51:16 | 000,398,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/08 16:11:20 | 014,181,242 | ---- | C] () -- C:\Users\Kris\Documents\belkin router manual.pdf
[2012/07/06 13:28:49 | 000,002,904 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120706_132845.reg
[2012/07/05 11:59:16 | 000,002,036 | ---- | C] () -- C:\Users\Kris\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/03 17:12:20 | 000,009,702 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120703_171218.reg
[2012/07/03 08:16:55 | 000,019,266 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120703_081651.reg
[2012/07/02 06:30:38 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/27 15:46:22 | 000,000,898 | ---- | C] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/17 14:14:04 | 000,060,304 | ---- | C] () -- C:\Users\Kris\g2mdlhlpx.exe
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/20 18:08:22 | 000,003,584 | ---- | C] () -- C:\Users\Kris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/03 18:10:39 | 000,013,732 | ---- | C] () -- C:\Users\Kris\AppData\Roaming\wklnhst.dat
[2009/02/07 16:26:17 | 000,007,052 | ---- | C] () -- C:\Users\Kris\AppData\Local\d3d9caps.dat
[2009/01/14 14:37:50 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2010/10/04 08:59:33 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Amazon
[2012/02/06 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Canon
[2009/06/29 09:32:19 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/31 15:34:54 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\IrfanView
[2012/05/17 13:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\JPEGsnoop
[2009/04/02 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Leadertech
[2009/06/03 18:10:41 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Template
[2009/02/07 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Thunderbird
[2012/07/08 17:16:59 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2012/06/23 23:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2012/07/08 05:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2012/07/08 11:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2012/07/06 17:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/07/08 21:39:02 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/03/04 10:42:19 | 000,298,364 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/07/09 03:53:45 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/08 12:39:14 | 000,000,528 | ---- | M] () -- C:\InstallHelper.log
[2012/07/09 03:53:43 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
[2010/07/27 18:20:35 | 000,000,184 | ---- | M] () -- C:\setup.log
[2012/07/06 09:21:49 | 000,233,978 | ---- | M] () -- C:\TDSSKiller.2.7.44.0_06.07.2012_09.19.30_log.txt
[2012/07/06 18:03:46 | 000,116,412 | ---- | M] () -- C:\TDSSKiller.2.7.44.0_06.07.2012_16.39.32_log.txt
[2012/07/06 18:40:11 | 000,116,412 | ---- | M] () -- C:\TDSSKiller.2.7.44.0_06.07.2012_18.32.09_log.txt

< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/23 05:05:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008/10/23 05:05:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008/10/23 05:05:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008/10/23 05:05:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %windir%\system32\tasks\*.* >
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 1)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 2)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 3)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 4)
[2010/03/03 16:39:17 | 000,003,236 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Weekly)
[2012/07/09 03:57:10 | 000,003,562 | ---- | M] () -- C:\Windows\system32\tasks\HP Health Check
[2012/07/02 20:28:02 | 000,003,170 | ---- | M] () -- C:\Windows\system32\tasks\HPCeeScheduleForKris
[2011/02/01 16:32:57 | 000,003,188 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-3444987807-3986069032-107293006-1000
[2011/02/01 16:32:56 | 000,003,324 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3444987807-3986069032-107293006-1000
[2009/08/14 13:41:04 | 000,003,062 | ---- | M] () -- C:\Windows\system32\tasks\{9C89CB98-3BCD-4960-8421-30F9BEFE0131}

< %windir%\system32\tasks\*.* /64 >
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 1)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 2)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 3)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 4)
[2010/03/03 16:39:17 | 000,003,236 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Weekly)
[2012/07/09 03:57:10 | 000,003,562 | ---- | M] () -- C:\Windows\system32\tasks\HP Health Check
[2012/07/02 20:28:02 | 000,003,170 | ---- | M] () -- C:\Windows\system32\tasks\HPCeeScheduleForKris
[2011/02/01 16:32:57 | 000,003,188 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-3444987807-3986069032-107293006-1000
[2011/02/01 16:32:56 | 000,003,324 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3444987807-3986069032-107293006-1000
[2009/08/14 13:41:04 | 000,003,062 | ---- | M] () -- C:\Windows\system32\tasks\{9C89CB98-3BCD-4960-8421-30F9BEFE0131}

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/05/08 08:03:08 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\system32\drivers\avgntflt.sys
[2012/05/08 08:03:08 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\system32\drivers\avipbb.sys
[2012/05/01 09:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

< %PROGRAMFILES%\*. >
[2008/10/23 05:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/01/02 18:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/04 08:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2011/07/31 09:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/27 18:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2011/10/17 15:33:17 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2008/10/23 05:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2011/10/12 20:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/02/11 16:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/02/11 16:30:42 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2012/03/04 17:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/01/14 14:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2011/11/17 14:15:09 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/07/07 09:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/01/14 14:10:03 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/01/14 14:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/02/08 12:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\eBay
[2012/07/05 17:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/01/14 14:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/10/23 04:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard Company
[2011/04/27 16:14:53 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/10/01 21:04:41 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/01/14 14:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/06/14 20:42:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/07/02 06:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/07/02 06:30:36 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/10/30 07:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/08/23 11:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/02/11 07:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/10/20 07:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/09 14:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/02/27 20:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/26 07:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/26 07:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/12/16 08:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/23 12:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 06:38:25 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/06/18 05:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/06/19 05:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2010/03/17 08:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/07/26 07:39:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/10/23 05:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/02/07 17:10:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/01/14 14:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2009/01/14 14:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/02/07 01:56:32 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2012/05/28 07:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/02/01 16:32:58 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/01/14 14:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/06/17 12:45:18 | 000,000,000 | ---D | M] -- C:\Program Files\SMINST
[2012/07/05 11:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2011/10/01 21:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Splashtop
[2011/01/21 16:40:30 | 000,000,000 | ---D | M] -- C:\Program Files\Squeezebox
[2012/07/06 15:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\stinger
[2009/01/14 14:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/06/27 12:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/06/27 12:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/06/27 12:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/09 08:45:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/06/03 16:20:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/04/12 08:33:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 08:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/06/27 12:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/10/28 17:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/06/27 12:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-29 16:40:29

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >

< End of report >
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Mon Jul 09, 2012 1:24 am    Post subject: Reply with quote
OTL results:

OTL logfile created on: 7/9/2012 3:59:46 AM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 55.70% Memory free
6.06 Gb Paging File | 4.65 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 201.78 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 16:15:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kris\Downloads\OTL.exe
PRC - [2012/06/18 05:44:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/15 15:44:04 | 000,548,264 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012/06/15 15:44:02 | 002,463,648 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2012/06/15 15:43:54 | 006,526,888 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2012/05/08 08:03:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 08:02:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/08 08:02:58 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 08:02:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/03/15 00:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2010/11/18 09:05:11 | 000,083,792 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
PRC - [2010/11/18 09:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 09:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/21 03:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/18 05:44:12 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 20:55:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 20:54:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 20:54:24 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 20:53:02 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/09 15:28:35 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/09 15:26:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 15:26:49 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/09 15:26:48 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 15:26:48 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/09 15:26:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/09 15:05:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/09 15:04:26 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/09 15:04:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 15:03:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/09 15:03:38 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 15:03:29 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/04/10 23:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 19:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/09/30 18:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 18:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 18:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 18:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 18:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 18:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 18:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 18:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/23 20:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 16:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 16:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 16:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/18 05:44:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 15:44:04 | 000,548,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/05/08 08:03:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 08:02:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/15 00:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/11/18 09:05:11 | 000,083,792 | R--- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe -- (CFUACProxy_officeguardianv2n)
SRV - [2010/11/18 09:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/08 08:03:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 08:03:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/19 15:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A28AFCB-D7B6-4628-8EA2-D66964A22F01}
IE - HKLM\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 05:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 07:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/28 07:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 05:44:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 07:23:13 | 000,000,000 | ---D | M]

[2009/02/07 08:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Extensions
[2012/07/04 16:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions
[2010/04/27 16:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/17 12:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/06/07 16:31:11 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/02/16 21:42:26 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\clickclean@hotcleaner.com
[2012/07/03 07:48:34 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\upmh8ntc.default\extensions\firefox@ghostery.com
[2012/05/14 08:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/21 12:32:40 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\KRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPMH8NTC.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011/07/15 13:41:17 | 000,067,428 | ---- | M] () (No name found) -- C:\USERS\KRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPMH8NTC.DEFAULT\EXTENSIONS\TRACKMENOT@MRL.NYU.EDU.XPI
[2012/06/18 05:44:13 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/03 18:30:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/18 05:44:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 05:44:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/08 08:03:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000..\Run: [LightScribe] C:\Users\Kris\AppData\Local\LightScribe\ibuzvdbz.dll (Winsoft SA)
O4 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O7 - HKU\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EA0CE12-8DA6-4161-A69E-91DF26BEF9E9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro36 - Reg Error: Value error.
SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 09:00:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/06 15:39:36 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/06 15:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/07/05 15:58:06 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Google
[2012/07/05 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/07/05 11:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/05 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/05 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/07/03 08:26:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/03 08:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/02 20:01:46 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kris\Desktop\TDSSKiller.exe
[2012/07/02 06:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/02 06:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/02 06:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/01 20:54:28 | 000,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\LightScribe
[2012/06/19 05:36:43 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 05:36:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 05:35:57 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 05:35:57 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 05:35:56 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 05:35:45 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 05:35:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 12:15:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 12:15:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 12:15:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 12:15:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 12:15:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 12:15:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 12:15:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 12:13:00 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/07/09 03:59:27 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/09 03:59:27 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/09 03:54:22 | 000,002,617 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/07/09 03:54:17 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/07/09 03:53:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 03:53:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 03:53:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/09 03:53:45 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/08 17:16:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2012/07/08 16:11:20 | 014,181,242 | ---- | M] () -- C:\Users\Kris\Documents\belkin router manual.pdf
[2012/07/08 11:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2012/07/08 08:03:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/07/08 05:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2012/07/06 17:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/07/06 16:38:39 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kris\Desktop\TDSSKiller.exe
[2012/07/06 15:42:29 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/06 13:28:50 | 000,002,904 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120706_132845.reg
[2012/07/05 11:59:16 | 000,002,036 | ---- | M] () -- C:\Users\Kris\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/03 17:12:22 | 000,009,702 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120703_171218.reg
[2012/07/03 08:16:57 | 000,019,266 | ---- | M] () -- C:\Users\Kris\Documents\cc_20120703_081651.reg
[2012/07/02 20:28:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKris.job
[2012/07/02 06:30:38 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/27 15:46:22 | 000,000,898 | ---- | M] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/23 23:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2012/06/14 20:51:16 | 000,398,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/08 16:11:20 | 014,181,242 | ---- | C] () -- C:\Users\Kris\Documents\belkin router manual.pdf
[2012/07/06 13:28:49 | 000,002,904 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120706_132845.reg
[2012/07/05 11:59:16 | 000,002,036 | ---- | C] () -- C:\Users\Kris\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/03 17:12:20 | 000,009,702 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120703_171218.reg
[2012/07/03 08:16:55 | 000,019,266 | ---- | C] () -- C:\Users\Kris\Documents\cc_20120703_081651.reg
[2012/07/02 06:30:38 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/27 15:46:22 | 000,000,898 | ---- | C] () -- C:\Users\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/17 14:14:04 | 000,060,304 | ---- | C] () -- C:\Users\Kris\g2mdlhlpx.exe
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/20 18:08:22 | 000,003,584 | ---- | C] () -- C:\Users\Kris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/03 18:10:39 | 000,013,732 | ---- | C] () -- C:\Users\Kris\AppData\Roaming\wklnhst.dat
[2009/02/07 16:26:17 | 000,007,052 | ---- | C] () -- C:\Users\Kris\AppData\Local\d3d9caps.dat
[2009/01/14 14:37:50 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2010/10/04 08:59:33 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Amazon
[2012/02/06 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Canon
[2009/06/29 09:32:19 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/31 15:34:54 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\IrfanView
[2012/05/17 13:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\JPEGsnoop
[2009/04/02 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Leadertech
[2009/06/03 18:10:41 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Template
[2009/02/07 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Thunderbird
[2012/07/08 17:16:59 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2012/06/23 23:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2012/07/08 05:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2012/07/08 11:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2012/07/06 17:17:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/07/08 21:39:02 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/03/04 10:42:19 | 000,298,364 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/07/09 03:53:45 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/08 12:39:14 | 000,000,528 | ---- | M] () -- C:\InstallHelper.log
[2012/07/09 03:53:43 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
[2010/07/27 18:20:35 | 000,000,184 | ---- | M] () -- C:\setup.log
[2012/07/06 09:21:49 | 000,233,978 | ---- | M] () -- C:\TDSSKiller.2.7.44.0_06.07.2012_09.19.30_log.txt
[2012/07/06 18:03:46 | 000,116,412 | ---- | M] () -- C:\TDSSKiller.2.7.44.0_06.07.2012_16.39.32_log.txt
[2012/07/06 18:40:11 | 000,116,412 | ---- | M] () -- C:\TDSSKiller.2.7.44.0_06.07.2012_18.32.09_log.txt

< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/23 05:05:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008/10/23 05:05:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008/10/23 05:05:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008/10/23 05:05:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %windir%\system32\tasks\*.* >
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 1)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 2)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 3)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 4)
[2010/03/03 16:39:17 | 000,003,236 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Weekly)
[2012/07/09 03:57:10 | 000,003,562 | ---- | M] () -- C:\Windows\system32\tasks\HP Health Check
[2012/07/02 20:28:02 | 000,003,170 | ---- | M] () -- C:\Windows\system32\tasks\HPCeeScheduleForKris
[2011/02/01 16:32:57 | 000,003,188 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-3444987807-3986069032-107293006-1000
[2011/02/01 16:32:56 | 000,003,324 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3444987807-3986069032-107293006-1000
[2009/08/14 13:41:04 | 000,003,062 | ---- | M] () -- C:\Windows\system32\tasks\{9C89CB98-3BCD-4960-8421-30F9BEFE0131}

< %windir%\system32\tasks\*.* /64 >
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 1)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 2)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 3)
[2010/03/03 16:39:17 | 000,003,050 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Daily 4)
[2010/03/03 16:39:17 | 000,003,236 | ---- | M] () -- C:\Windows\system32\tasks\Ad-Aware Update (Weekly)
[2012/07/09 03:57:10 | 000,003,562 | ---- | M] () -- C:\Windows\system32\tasks\HP Health Check
[2012/07/02 20:28:02 | 000,003,170 | ---- | M] () -- C:\Windows\system32\tasks\HPCeeScheduleForKris
[2011/02/01 16:32:57 | 000,003,188 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-3444987807-3986069032-107293006-1000
[2011/02/01 16:32:56 | 000,003,324 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3444987807-3986069032-107293006-1000
[2009/08/14 13:41:04 | 000,003,062 | ---- | M] () -- C:\Windows\system32\tasks\{9C89CB98-3BCD-4960-8421-30F9BEFE0131}

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/05/08 08:03:08 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\system32\drivers\avgntflt.sys
[2012/05/08 08:03:08 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\system32\drivers\avipbb.sys
[2012/05/01 09:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

< %PROGRAMFILES%\*. >
[2008/10/23 05:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/01/02 18:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/04 08:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2011/07/31 09:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/27 18:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2011/10/17 15:33:17 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2008/10/23 05:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2011/10/12 20:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/02/11 16:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/02/11 16:30:42 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2012/03/04 17:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/01/14 14:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2011/11/17 14:15:09 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/07/07 09:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/01/14 14:10:03 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/01/14 14:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/02/08 12:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\eBay
[2012/07/05 17:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/01/14 14:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/10/23 04:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard Company
[2011/04/27 16:14:53 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/10/01 21:04:41 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/01/14 14:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/06/14 20:42:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/07/02 06:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/07/02 06:30:36 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/10/30 07:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/08/23 11:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/02/11 07:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/10/20 07:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/09 14:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/02/27 20:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/26 07:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/26 07:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/12/16 08:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/23 12:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 06:38:25 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/06/18 05:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/06/19 05:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2010/03/17 08:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/07/26 07:39:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/10/23 05:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/02/07 17:10:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/01/14 14:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2009/01/14 14:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/02/07 01:56:32 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2012/05/28 07:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/02/01 16:32:58 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/01/14 14:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/06/17 12:45:18 | 000,000,000 | ---D | M] -- C:\Program Files\SMINST
[2012/07/05 11:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2011/10/01 21:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Splashtop
[2011/01/21 16:40:30 | 000,000,000 | ---D | M] -- C:\Program Files\Squeezebox
[2012/07/06 15:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\stinger
[2009/01/14 14:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/06/27 12:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/06/27 12:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/06/27 12:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/09 08:45:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/06/03 16:20:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/04/12 08:33:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 08:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/06/27 12:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/10/28 17:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/06/27 12:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-29 16:40:29

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >

< End of report >
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Mon Jul 09, 2012 1:26 am    Post subject: Reply with quote
OTL Extras:

OTL Extras logfile created on: 7/9/2012 3:59:46 AM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 55.70% Memory free
6.06 Gb Paging File | 4.65 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 201.78 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EAA51B0-4A91-43BC-82E8-F4A00315B2E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{15C9EB64-B7AF-4483-9AC8-24E53E95AE29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{21C47BEC-7E0B-4483-817B-7E557394A4F2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{331F2420-B7BA-4A86-98D6-C7ADAF32E377}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{338073B0-CA2B-4F60-8CF6-B44AB05EB763}" = rport=137 | protocol=17 | dir=out | app=system |
"{38687772-7376-4FBD-BBAC-A4449BCAF58B}" = rport=139 | protocol=6 | dir=out | app=system |
"{63759515-A37F-4EC1-B4C6-FA659CBBD583}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{715C5D14-981E-43CA-AB28-090B2A20CFF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89399FD5-C21E-4A12-865F-9861B12FCF9A}" = rport=445 | protocol=6 | dir=out | app=system |
"{8B102732-7A14-4BA9-9E8E-1D661C447380}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{904F2790-6004-485C-A4A9-212A1EB9B1B5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9D053A60-D8CC-4061-8947-66E6310E1785}" = lport=53272 | protocol=6 | dir=in | app=c:\programdata\officeguardianv2n\reminder\sacnetagent.exe |
"{A3397F8C-12A2-44C1-BF65-37426E195491}" = lport=445 | protocol=6 | dir=in | app=system |
"{A71421DD-5F08-4993-83FF-EBEF6991AD69}" = lport=53271 | protocol=17 | dir=in | app=c:\programdata\officeguardianv2n\reminder\sacnetagent.exe |
"{A7D618C2-8D6C-45F6-94E8-01AB158D97ED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B6026D14-F08A-40AA-9F94-0D4857F9D415}" = lport=138 | protocol=17 | dir=in | app=system |
"{C30A70F7-5E11-4982-B596-4AECEA747727}" = rport=138 | protocol=17 | dir=out | app=system |
"{D73C68C7-3796-43FC-B7EE-42917DBB58E5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D87B875A-9614-4AF3-9878-DA27DAC69511}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC12504D-8EB7-4800-9982-779D368BF2E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD42E8B5-E42C-4173-B774-4E773E80F2B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F48A2BB2-DFE0-4A48-BF96-FEF7B4DEC391}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEBDA065-C045-4284-8CD7-6BAF27801C7F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0497C98E-F599-4C62-9419-886CF44C73B4}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{094D0D18-24AE-4A0C-98C9-20790A3BC9DC}" = protocol=6 | dir=in | app=c:\users\kris\appdata\local\temp\7zs2d37.tmp\symnrt.exe |
"{119E25D1-234E-4338-8FC4-51FE68A57C8C}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{13D1F671-78B2-4BDE-9097-79E4B6647116}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1ABEA5D1-5E65-4574-A5FD-1523EA2766B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{223E138E-9053-4593-A1F1-591CAE5C34DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{22F8B472-25DF-4525-ABEE-E192BCB21F30}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27F2452E-5162-4A8F-8E80-E0FDF41C0513}" = protocol=6 | dir=in | app=c:\users\kris\appdata\local\temp\7zsad6d.tmp\symnrt.exe |
"{2B85A242-EC5D-447E-8218-B08D19959F52}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{3053D97C-241E-4AC5-9170-CB3FF8399023}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{35AB767B-20D5-4C0C-9A0C-20E40546D847}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F671407-247B-4767-8A47-E74E54D32D34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6488101D-70EA-4629-8042-C5282E5D84F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{68D27C18-3DD9-4739-B5D7-0BF7EB221D64}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{71C4F68B-E4F6-4156-BB62-A10E189D9FAC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7530154B-9978-4774-BF08-1BD81D3B91F0}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{7AD1C5C3-CEC7-41C8-86D3-751E39148E65}" = protocol=17 | dir=in | app=c:\users\kris\appdata\local\temp\7zsad6d.tmp\symnrt.exe |
"{83766235-776A-44E7-A9D3-8B63EA8C4A18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F626705-DEE9-47E2-891D-187B976620D4}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{8FC4E0E6-8BDC-48D8-9C35-C3CDB5F5DD26}" = protocol=17 | dir=in | app=c:\users\kris\appdata\local\temp\7zs2d37.tmp\symnrt.exe |
"{9767F50A-4B02-43A6-BD01-17E3E8FF93EE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{99D64473-0FE4-4A64-AE91-34F1CF7BCC1B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F4FE23E-68F2-462C-A431-D32BCE8D5C0E}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{AAA63CF9-0D7F-4E85-B193-028A6D20EDFA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AC0FF574-B9AB-4DF8-B5F6-73CF8346CD7C}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{B28B38CE-DE14-4016-825B-F911EECECA26}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C43DBDF7-23BB-4708-8B90-F3381C95DD37}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{C4D95BC3-21B8-4ECB-9CDA-A145F63CC702}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DF5253AB-4DA4-4BDC-9A14-D012FDB52FFD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E92A0518-790E-4186-B7C5-9001623E7EC1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{EE2196E7-323C-4246-9EB0-72A1D011E796}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{EEE41D73-DD48-400B-BAE2-A0018AEB85CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F606E248-3A46-4A9C-929F-6B8D2ED2204C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0382D856-A221-47E9-893F-34BAA456BD49}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E55FA079-78A6-4867-A780-E11819D35C40}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{04D216AB-46C0-4E28-9D35-9C54D2F5F5F3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6EC07611-0D11-499B-9D52-8A9B25EA5599}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3444987807-3986069032-107293006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"GoToMeeting" = GoToMeeting 5.1.0.873

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2012 1:35:50 PM | Computer Name = Kris-PC | Source = ESENT | ID = 490
Description = Windows (2316) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 7/8/2012 1:35:50 PM | Computer Name = Kris-PC | Source = ESENT | ID = 439
Description = Windows (2316) Windows: Unable to write a shadowed header for file
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error - 7/8/2012 4:56:28 PM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0xb2c, application
start time 0x01cd5d4c244e0960.

Error - 7/8/2012 4:56:45 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/8/2012 9:24:32 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/8/2012 9:24:38 PM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0xfe8, application
start time 0x01cd5d719a16b550.

Error - 7/8/2012 9:27:30 PM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0xee0, application
start time 0x01cd5d7200691ada.

Error - 7/8/2012 9:27:45 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/9/2012 4:54:16 AM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16446, time stamp
0x4fb57c8f, faulting module IEFRAME.dll, version 9.0.8112.16446, time stamp 0x4fb57fbb,
exception code 0xc0000005, fault offset 0x000fd1e1, process id 0xe3c, application
start time 0x01cd5db06958ee0e.

Error - 7/9/2012 4:54:34 AM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 11/6/2010 9:23:16 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 67
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/23/2010 8:41:47 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/30/2011 2:49:23 PM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/2/2011 6:19:22 PM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/16/2011 7:29:31 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3940
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/16/2011 7:29:49 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/8/2012 5:56:19 PM | Computer Name = Kris-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001F1662F238 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 7/8/2012 9:24:08 PM | Computer Name = Kris-PC | Source = DCOM | ID = 10016
Description =

Error - 7/8/2012 9:24:33 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/8/2012 9:24:33 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/8/2012 9:27:45 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/8/2012 9:27:45 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/8/2012 9:28:09 PM | Computer Name = Kris-PC | Source = DCOM | ID = 10016
Description =

Error - 7/9/2012 4:54:34 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/9/2012 4:54:34 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/9/2012 4:54:56 AM | Computer Name = Kris-PC | Source = DCOM | ID = 10016
Description =


< End of report >
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Mon Jul 09, 2012 1:31 am    Post subject: Reply with quote
aswMBR is asking if I want to download the latest version of the Avast virus definitions.

Should I answer Yes or No?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
PostPosted: Mon Jul 09, 2012 3:28 am    Post subject: Reply with quote
Sorry, I should have told you about that, answer NO, I'd forgotten they'd added Avast to the tool.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
hlwalkerst
Junior Member


Joined: 06 Jul 2012
Last Visit: 11 Jul 2012
Posts: 47
PostPosted: Mon Jul 09, 2012 4:32 am    Post subject: Reply with quote
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-09 04:29:17
-----------------------------
04:29:17.717 OS Version: Windows 6.0.6002 Service Pack 2
04:29:17.717 Number of processors: 2 586 0x170A
04:29:17.717 ComputerName: KRIS-PC UserName: Kris
04:29:20.744 Initialize success
07:20:07.097 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:20:07.103 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
07:20:07.129 Disk 0 MBR read successfully
07:20:07.133 Disk 0 MBR scan
07:20:07.138 Disk 0 unknown MBR code
07:20:07.143 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
07:20:07.177 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
07:20:07.184 Disk 0 scanning sectors +625135616
07:20:07.243 Disk 0 scanning C:\Windows\system32\drivers
07:20:13.417 Service scanning
07:20:26.178 Modules scanning
07:20:32.577 Disk 0 trace - called modules:
07:20:32.655 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
07:20:32.662 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f2d400]
07:20:33.018 3 CLASSPNP.SYS[805d58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85718030]
07:20:33.028 Scan finished successfully
07:21:12.535 Disk 0 MBR has been saved successfully to "C:\Users\Kris\Downloads\MBR.dat"
07:21:12.545 The log file has been saved successfully to "C:\Users\Kris\Downloads\aswMBR.txt"
07:22:58.948 Disk 0 MBR has been saved successfully to "C:\Users\Kris\Desktop\MBR.dat"
07:22:58.958 The log file has been saved successfully to "C:\Users\Kris\Desktop\aswMBR.txt"
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group