Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please take a look at my logs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please take a look at my logs

Unread postby souxie55 » November 17th, 2012, 1:15 am

Hello,

I had a virus which Microsoft Security Essentials removed, but I think I could still be infected. My computer takes at least 5 minutes to boot up and sometimes it doesn't at all. I tried doing a start up repair and that did not help. I also tried a couple of things I found here like running ESET, but it didn't detect anything. Any help you can provide would be greatly appreciated.

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by ZenFly at 21:54:15 on 2012-11-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2817 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\nlsInterface.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.coupons.com/
mStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
uProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\Google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar1.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar1.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... gA3AE0AOQA"&"inst=NwA3AC0AMwA5ADAANQAwADIAOQA3ADAALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQANAAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA0AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.872
StartupFolder: C:\Users\ZenFly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{03613130-5511-45D5-958D-134619A707E4} : DHCPNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{5FB15E34-D53B-4753-9683-8E65E545FFB4} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{8745BDB8-A57B-4B6C-BFC5-8115FF6B82FD} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ZenFly\AppData\Roaming\Mozilla\Firefox\Profiles\w5nvm45v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ZenFly\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\ZenFly\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-07-07 22:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-08-26 19:40; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-2-9 24576]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.EXE [2012-5-2 72192]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-6-30 24652]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-1-13 294400]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-5-12 62424]
R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-6-11 51800]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-3-6 15360]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-7-24 392192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-23 89920]
S4 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-15 14:53:47 66395536 ----a-w- C:\Windows\System32\mrt.exe
2012-10-15 19:21:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-15 19:21:32 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-10-15 19:21:32 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-10-15 19:21:32 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-10-15 19:21:31 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-15 19:21:31 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-12 14:53:34 2769920 ----a-w- C:\Windows\System32\win32k.sys
2012-10-08 19:42:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 19:42:32 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
============= FINISH: 21:56:09.57 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2009 5:34:33 PM
System Uptime: 11/16/2012 9:50:52 PM (0 hours ago)
.
Motherboard: Gateway | | IMV
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | U2E1 | 2266/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 89.425 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
64 Bit HP CIO Components Installer
Acrobat.com
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Web Premium
Adobe Creative Suite 5.5 Design Premium
Adobe CS6 Design and Web Premium
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Photoshop Lightroom 4 64-bit
Adobe Reader X (10.1.4)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Widget Browser
Adobe® Content Viewer
AdobeColorCommonSetRGB
AIM 7
Akamai NetSession Interface
Apple Software Update
Bonjour
Brother MFL-Pro Suite
BufferChm
C309g-m
Camera Assistant Software for Gateway
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Corel Painter 12
Corel Painter 12 - IPM
CyberLink LabelPrint
CyberLink Power2Go
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Destinations
DeviceDiscovery
DVD Decrypter (Remove Only)
ERUNT 1.1j
ffdshow [rev 2202] [2008-10-10]
FileZilla Client 3.5.3
FlipShare
Free DVD Creator version 2.0
Gateway Recovery Management
Google Chrome
Google Toolbar for Internet Explorer
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photo Creations
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
IconHandler 64 bit
Intel® Matrix Storage Manager
iSEEK AnswerWorks English Runtime
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 3
JavaFX 2.1.0
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MotoHelper MergeModules
Move Media Player
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFonts Order M2849332
Netflix in Windows Media Center
Network64
Notepad++
NVIDIA Drivers
NVIDIA PhysX v8.10.13
O2Micro Flash Memory Card Reader Driver (x64)
Opera 12.10
Painter 12 - Content
Painter 12 - Core
Painter 12 - Corex64
Painter 12 - EN
Painter 12 - Setup Files
PdaNet for Android 3.25
PDF Settings CS5
PDF Settings CS6
PhotoTools 2.5
Picasa 3
PowerDVD
PS_AIO_06_C309g-m_SW_Min
QuickTime
Recuva
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SnagIt 5
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Synaptics Pointing Device Driver
SyncBack
System Requirements Lab
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Viewpoint Media Player
Visual C++ 8.0 Runtime Setup Package (x64)
WebEx Support Manager for Internet Explorer
WebReg
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WModem Driver Installer
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
souxie55
Active Member
 
Posts: 9
Joined: November 17th, 2012, 1:07 am
Advertisement
Register to Remove

Re: Please take a look at my logs

Unread postby MWR 3 day Mod » November 23rd, 2012, 6:52 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Please take a look at my logs

Unread postby Cypher » November 25th, 2012, 2:23 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please take a look at my logs

Unread postby Cypher » November 25th, 2012, 2:32 pm

Hi and welcome to Malware Removal Forum, sorry for the delay in getting to your topic.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Java 7 Update 7
Java(TM) 6 Update 3

Next.

Download and install Java 7 Update 9 from Here

Next.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • JRT.txt.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please take a look at my logs

Unread postby souxie55 » November 26th, 2012, 6:55 pm

Thanks Cypher. Here are the logs from OTL. I'll post the JRT one separately.

OTL logfile created on: 11/26/2012 2:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ZenFly\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 48.55% Memory free
8.18 Gb Paging File | 6.22 Gb Available in Paging File | 76.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 79.00 Gb Free Space | 27.59% Space Free | Partition Type: NTFS

Computer Name: ZENFLY-PC | User Name: ZenFly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/26 14:44:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ZenFly\Desktop\OTL.exe
PRC - [2012/10/27 16:24:05 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/20 07:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 16:23:50 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2010/11/01 18:35:30 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.exe -- (nlscc)
SRV:64bit: - [2008/07/16 15:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 15:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2012/10/27 16:24:04 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 12:42:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pneteth.sys -- (pneteth)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/21 20:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/04/07 20:46:18 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/11/29 07:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/07/24 11:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/06/26 17:24:20 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/11 18:29:30 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/06/02 00:50:04 | 000,264,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/05/12 21:48:38 | 000,062,424 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/25 16:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/25 16:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/25 16:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 19:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/17 20:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/18 15:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/09/10 20:19:24 | 000,103,992 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/06/18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/07/16 14:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/sli ... 706&query={searchTerms}&invocationType=tb50trie7
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/sli ... 706&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\..\SearchScopes\{37C468F4-61CA-4DD4-9AB9-4AD510487C38}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKCU\..\SearchScopes\{A2E2BA11-1F23-435F-8920-EA5237828FEF}: "URL" = http://rover.ebay.com/rover/1/711-43047 ... 4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{B52BDBA1-280A-407E-9ACD-DED58B73C5A3}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{FD92BEF7-647A-4DE7-BF4A-B02D798FB9B6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.6.0.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\ZenFly\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ZenFly\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ZenFly\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 19:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/21 14:39:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/11 22:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/11 22:37:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\ZenFly\AppData\Roaming\Move Networks [2009/10/02 21:14:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 19:40:56 | 000,000,000 | ---D | M]

[2012/01/16 15:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZenFly\AppData\Roaming\Mozilla\Extensions
[2012/11/16 14:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZenFly\AppData\Roaming\Mozilla\Firefox\Profiles\w5nvm45v.default\extensions
[2010/06/24 17:32:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ZenFly\AppData\Roaming\Mozilla\Firefox\Profiles\w5nvm45v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/11/16 14:32:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\ZenFly\AppData\Roaming\Mozilla\Firefox\Profiles\w5nvm45v.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/06/30 14:35:33 | 000,004,207 | ---- | M] () -- C:\Users\ZenFly\AppData\Roaming\Mozilla\Firefox\Profiles\w5nvm45v.default\searchplugins\aim-search.xml
[2012/10/27 16:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 16:23:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 16:24:05 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2012/08/30 08:54:07 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/16 14:52:58 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/10/13 15:45:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... 06&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ZenFly\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ZenFly\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ZenFly\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ZenFly\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ZenFly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\ZenFly\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ZenFly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\ZenFly\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\ZenFly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Skype Click to Call = C:\Users\ZenFly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Poppit = C:\Users\ZenFly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/11/07 11:48:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03613130-5511-45D5-958D-134619A707E4}: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FB15E34-D53B-4753-9683-8E65E545FFB4}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8745BDB8-A57B-4B6C-BFC5-8115FF6B82FD}: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ZenFly\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ZenFly\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/26 14:44:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ZenFly\Desktop\OTL.exe
[2012/11/26 14:37:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/11/26 14:37:17 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/25 13:58:08 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\123MSDCF
[2012/11/15 08:03:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/14 11:17:50 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\acneclearall
[2012/11/14 10:53:00 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Documents\acneclearall
[2012/11/14 10:48:14 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\122MSDCF
[2012/11/11 08:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/11/11 08:52:31 | 003,702,552 | ---- | C] (Piriform Ltd) -- C:\Users\ZenFly\Desktop\dfsetup211.exe
[2012/11/07 20:17:18 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\121MSDCF
[2012/11/07 12:09:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/07 12:04:53 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\backups
[2012/11/07 11:52:26 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\AppData\Local\temp
[2012/11/07 11:19:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\ZenFly\Desktop\TFC.exe
[2012/11/07 10:40:39 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\ZenFly\Desktop\dds.com
[2012/11/06 11:20:02 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\120MSDCF
[2012/10/31 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\halloween2012
[2012/10/29 16:12:04 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\me
[2012/10/28 22:00:48 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\angel
[2012/10/28 15:38:21 | 000,000,000 | ---D | C] -- C:\Users\ZenFly\Desktop\cats
[2012/10/27 16:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/11/26 14:44:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ZenFly\Desktop\OTL.exe
[2012/11/26 14:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/26 14:36:20 | 000,909,379 | ---- | M] () -- C:\Users\ZenFly\Desktop\JRT.exe
[2012/11/26 14:36:10 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/26 14:17:15 | 000,954,162 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/11/26 14:17:15 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-858280618-3379134262-736390932-1000UA.job
[2012/11/26 14:17:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/26 12:04:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 12:04:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 08:54:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-858280618-3379134262-736390932-1000Core.job
[2012/11/26 08:04:28 | 000,954,162 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/11/26 08:04:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012/11/25 14:21:04 | 000,214,828 | ---- | M] () -- C:\Users\ZenFly\Desktop\stepstool4.jpg
[2012/11/25 14:17:51 | 000,310,559 | ---- | M] () -- C:\Users\ZenFly\Desktop\stepstool3.jpg
[2012/11/25 14:16:16 | 000,257,542 | ---- | M] () -- C:\Users\ZenFly\Desktop\stepstool2.jpg
[2012/11/25 14:15:47 | 000,308,238 | ---- | M] () -- C:\Users\ZenFly\Desktop\stepstool1.jpg
[2012/11/25 14:01:43 | 000,954,736 | ---- | M] () -- C:\Users\ZenFly\Desktop\girltocopy.psd
[2012/11/16 09:17:34 | 000,001,089 | ---- | M] () -- C:\Users\ZenFly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/11/15 08:47:45 | 005,352,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/15 08:16:35 | 000,651,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/15 08:16:34 | 000,784,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/15 08:16:34 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/14 19:46:36 | 000,203,282 | ---- | M] () -- C:\Users\ZenFly\Desktop\girl.jpg
[2012/11/14 19:45:58 | 000,184,775 | ---- | M] () -- C:\Users\ZenFly\Desktop\bigpimple.jpg
[2012/11/14 19:45:34 | 000,074,746 | ---- | M] () -- C:\Users\ZenFly\Desktop\girlbackacne.jpg
[2012/11/14 19:45:16 | 000,165,511 | ---- | M] () -- C:\Users\ZenFly\Desktop\boyacne.jpg
[2012/11/14 16:34:33 | 000,001,456 | ---- | M] () -- C:\Users\ZenFly\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/11/14 16:26:11 | 000,099,324 | ---- | M] () -- C:\Users\ZenFly\Desktop\logoforaclearall.psd
[2012/11/13 11:15:25 | 000,092,672 | ---- | M] () -- C:\Users\ZenFly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/13 10:47:31 | 000,755,278 | ---- | M] () -- C:\Users\ZenFly\Desktop\Letters of recommedation11132012_00000.pdf
[2012/11/11 08:54:21 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/11/11 08:52:55 | 003,702,552 | ---- | M] (Piriform Ltd) -- C:\Users\ZenFly\Desktop\dfsetup211.exe
[2012/11/08 22:21:45 | 000,002,011 | ---- | M] () -- C:\Users\ZenFly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/07 11:48:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/07 11:19:34 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\ZenFly\Desktop\TFC.exe
[2012/11/07 10:40:57 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\ZenFly\Desktop\dds.com
[2012/11/06 20:54:46 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 11:52:54 | 000,000,132 | ---- | M] () -- C:\Users\ZenFly\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/10/30 11:27:24 | 000,000,732 | ---- | M] () -- C:\Users\ZenFly\AppData\Local\d3d9caps64.dat

========== Files Created - No Company Name ==========

[2012/11/26 14:36:17 | 000,909,379 | ---- | C] () -- C:\Users\ZenFly\Desktop\JRT.exe
[2012/11/25 14:21:03 | 000,214,828 | ---- | C] () -- C:\Users\ZenFly\Desktop\stepstool4.jpg
[2012/11/25 14:17:49 | 000,310,559 | ---- | C] () -- C:\Users\ZenFly\Desktop\stepstool3.jpg
[2012/11/25 14:16:15 | 000,257,542 | ---- | C] () -- C:\Users\ZenFly\Desktop\stepstool2.jpg
[2012/11/25 14:15:44 | 000,308,238 | ---- | C] () -- C:\Users\ZenFly\Desktop\stepstool1.jpg
[2012/11/25 14:01:41 | 000,954,736 | ---- | C] () -- C:\Users\ZenFly\Desktop\girltocopy.psd
[2012/11/14 19:46:34 | 000,203,282 | ---- | C] () -- C:\Users\ZenFly\Desktop\girl.jpg
[2012/11/14 19:45:56 | 000,184,775 | ---- | C] () -- C:\Users\ZenFly\Desktop\bigpimple.jpg
[2012/11/14 19:45:32 | 000,074,746 | ---- | C] () -- C:\Users\ZenFly\Desktop\girlbackacne.jpg
[2012/11/14 19:45:14 | 000,165,511 | ---- | C] () -- C:\Users\ZenFly\Desktop\boyacne.jpg
[2012/11/14 16:26:10 | 000,099,324 | ---- | C] () -- C:\Users\ZenFly\Desktop\logoforaclearall.psd
[2012/11/13 10:47:30 | 000,755,278 | ---- | C] () -- C:\Users\ZenFly\Desktop\Letters of recommedation11132012_00000.pdf
[2012/11/11 08:54:21 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/11/06 20:54:46 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 18:45:50 | 000,000,132 | ---- | C] () -- C:\Users\ZenFly\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/08/02 08:29:26 | 000,000,374 | ---- | C] () -- C:\Users\ZenFly\Documents - Shortcut.lnk
[2012/07/12 21:43:46 | 000,001,456 | ---- | C] () -- C:\Users\ZenFly\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/06/11 20:23:32 | 000,000,132 | ---- | C] () -- C:\Users\ZenFly\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/05/16 09:50:02 | 000,001,276 | ---- | C] () -- C:\Users\ZenFly\AppData\Roaming\wklnhst.dat
[2012/05/15 19:28:21 | 000,000,132 | ---- | C] () -- C:\Users\ZenFly\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/04/27 11:44:25 | 000,001,456 | ---- | C] () -- C:\Users\ZenFly\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/03/22 22:47:04 | 000,234,722 | ---- | C] () -- C:\Users\ZenFly\dmxEditorPicasaGallery130.mxp
[2012/03/22 22:39:06 | 000,314,792 | ---- | C] () -- C:\Users\ZenFly\dmxEditorYouTubizer130.mxp
[2011/10/11 14:11:49 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/06 19:05:57 | 000,000,140 | ---- | C] () -- C:\Users\ZenFly\.hemsFavorites.dat
[2011/09/18 09:04:54 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/18 09:04:54 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7340.DAT
[2011/09/18 09:03:12 | 000,000,218 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/09/18 09:03:12 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/09/18 08:57:01 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/09/18 08:56:36 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/09/18 08:56:36 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/09/18 08:56:34 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/07/24 17:56:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/24 10:00:19 | 000,136,496 | ---- | C] () -- C:\Users\ZenFly\Vocabulary kindergarten.pdf
[2009/12/22 17:54:00 | 000,001,356 | ---- | C] () -- C:\Users\ZenFly\AppData\Local\d3d9caps.dat
[2009/04/05 10:33:06 | 000,000,732 | ---- | C] () -- C:\Users\ZenFly\AppData\Local\d3d9caps64.dat
[2009/03/27 18:38:34 | 000,092,672 | ---- | C] () -- C:\Users\ZenFly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/08 15:35:38 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/03/08 14:56:09 | 000,954,162 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/09 20:56:33 | 000,954,162 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2009/06/30 14:33:59 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\acccore
[2012/06/06 15:39:54 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/27 09:57:27 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/05/14 19:52:22 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/25 18:20:59 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2009/04/05 08:20:18 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\EPSON
[2012/08/02 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\FileZilla
[2011/10/11 09:36:45 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\Flip Video
[2009/03/08 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\Leadertech
[2011/07/21 22:58:21 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\Notepad++
[2012/05/02 15:22:46 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\onOne Software
[2009/05/24 22:46:00 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\Opera
[2012/04/27 14:26:50 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/05/16 09:50:07 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\Template
[2011/10/06 09:12:11 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\Visan
[2011/11/03 13:53:25 | 000,000,000 | ---D | M] -- C:\Users\ZenFly\AppData\Roaming\webex

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 11/26/2012 2:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ZenFly\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 48.55% Memory free
8.18 Gb Paging File | 6.22 Gb Available in Paging File | 76.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 79.00 Gb Free Space | 27.59% Space Free | Partition Type: NTFS

Computer Name: ZENFLY-PC | User Name: ZenFly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E7 1F 85 83 2E 24 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0750A964-4886-42D2-94B6-DD9D64A8E47B}" = lport=139 | protocol=6 | dir=in | app=system |
"{0B3D3843-4E8E-4D58-AF17-87987921282E}" = rport=137 | protocol=17 | dir=out | app=system |
"{13D74AEE-0F3E-4765-870E-7B1B7BCF12FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2609B8E6-A07E-4C8F-BBDC-7148577F3961}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{2F29543A-E916-4AD8-A20A-28088B3A0939}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3038FE6A-011E-4DB1-8A8A-4D0D57C7F1EA}" = rport=139 | protocol=6 | dir=out | app=system |
"{35CCDBDE-18A7-4F45-B70A-AD61528D807C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{4168256B-EA46-4240-AAAA-D23EADA1833C}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{4171AEBD-1495-46DD-ADBD-6E0124235A77}" = lport=137 | protocol=17 | dir=in | app=system |
"{43804DCA-88CE-4213-A763-D5B8A4FF7F93}" = lport=138 | protocol=17 | dir=in | app=system |
"{455CA0C9-B6A9-48F5-91B8-DE21A7AB02E6}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{61CEEA96-32B3-4854-B1EF-F58AF5F469A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A937EEF-B233-46AC-8F8E-91F7C240A5D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{850E6B5E-251D-4F6B-B789-079B18B1806A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{ACC67DE3-1849-4040-9CD6-5C0BB8F81866}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF1C92F3-89B7-46D5-9860-3E373622ACA8}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C07D62B8-79FF-4FB7-B826-31090406EB35}" = lport=445 | protocol=6 | dir=in | app=system |
"{C33EAF58-265F-44E1-9B74-6FEB70680547}" = rport=138 | protocol=17 | dir=out | app=system |
"{D4902BFA-40DF-43F8-A8C6-80200562AF2E}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{DB3C2D0D-A8E0-4592-ADA9-2D9D56EF7B62}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{E3C0477D-1AD3-4530-B44F-3A997725BAA1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{E7E1E5AC-69BE-4CF7-8B4A-78665768C3F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F903B3F5-5CD3-4076-BE73-1EA3B7E92592}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{FDF44985-5983-4DA0-BB8A-24230097E284}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0181A7D8-3F66-4A17-B1E1-8109091429E5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0445651E-6C95-4456-94DE-B58468F7E48A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{13C32D6C-B580-4581-8FE0-0A11CFBC30B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1576CDE5-18AB-4FB9-8D1B-43F9C9A45B1F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1E0CBA0D-F894-4F6B-AF62-62F3C22FF8D2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{30966CFA-440B-4A26-9EF1-F9D17C8251D4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{33CC7F2D-B84D-428D-8D0D-EA5EC13817CF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{33E43149-AF2C-4D56-B285-90C6D05FE72D}" = dir=in | app=d:\setup\hpznui40.exe |
"{38091286-51E7-4BBA-9BF3-4357675CEE30}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{448E5D93-D62D-4203-9D06-1B57EF084A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{48EEE774-BAA5-4C80-B2CE-7EFCF7694763}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{55AA34C3-3AFB-4ECD-B49D-FCFAE35DEDD7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{58EC97DC-C58B-4629-82CF-85C4278F43DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{6CD63183-6143-48B0-8F54-B14B18818458}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{7120B00A-7B2F-439F-8D37-AED28A03B53D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{77289128-F793-465E-954D-A541DA5B1318}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7F469252-5BCF-4079-9E35-6DC37101FB1A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7FAED414-2E08-48B7-AD08-532F5FE820E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{81683334-59DD-490A-80E4-4174DD3A7549}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{8C4847B3-BF58-4720-A3EB-20235EB927A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{8DED9847-F7CA-41F2-8B2E-EAAD52FCFACA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{95A7901E-73D8-46DF-B69D-F4C2BD6D2CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99224DC6-47F8-4F82-889A-345B6BE52B04}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99A46CA2-1F98-4E63-AF4F-3E1B1979A567}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C19D73E-C90B-46C9-8FC8-8002F4D5A840}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D425B6C-645E-4808-B083-0EB8B380C1AF}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9D7698B1-358D-4947-9BE9-B55F9F804757}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{A4284ED6-19BD-41F4-BBD6-567B8298F941}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{A86C7BCF-D3C5-4EB0-BFDC-6EFFBAF83C3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{A9E7867C-DCE3-4F0F-BC46-23C599CC80A7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{AACE6B53-D849-49D3-A74B-10D4C7DA43FF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{AAF1B749-4CD2-4596-9EC2-23B67A985F08}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{B0E9A767-3F02-48F4-B7AE-FF46E93EE772}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B69AECBD-D80E-4501-A1A9-F0416C4A49EB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |
"{B7F34BD2-12C0-482B-9328-C5903208CCA4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{BA89BFF5-C40B-4089-B264-B51DB327B4F1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BCA30FA5-2ED2-4EC1-B8DF-CFF12D1B8488}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BD7A4023-C17A-4CA5-B05F-A4C8E754C151}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{BEA9E541-899A-4ABF-BB24-ECCAF6A42B09}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{C1F6E69B-B13B-4F7C-839B-54BC8432989E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8BEA6BD-AFDF-468B-9C6E-A12F12AD2098}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{CA4E5CFA-BB95-414D-87E5-81707FE58494}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D9F9D5EF-CEAB-403F-8006-C3B7AE19BB3F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{DE95CFB8-0413-4B45-ABA5-404F63719296}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{DEA89032-91F5-4A88-9F8F-01013B0AE4BB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E20B4A31-6926-452B-9A19-71BA7C34EE46}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{EAF258D4-F031-4B7F-96B1-F4E1309FD234}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F061ABC0-DE5C-4115-8CAA-1630F4B2C406}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F42A4C33-F62E-4DF7-961F-30D6409B394A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F64F6081-6A64-4F1B-9018-98191ED6AD7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{F6C2D67D-E0F3-4A93-9A10-2A0F380ACC9C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F7B5FBF6-CC43-4BA8-89B2-D8CAC1FC30BF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{06CD1F7A-5B31-42E4-9377-4B2C69A91880}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{0BE59D7F-CBB8-4134-9171-CF28FB759C65}C:\users\zenfly\downloads\eclipse-rcp-ganymede-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\zenfly\downloads\eclipse-rcp-ganymede-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{2D4230A0-7C70-4F72-B74A-5EC251B66FAA}C:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"TCP Query User{3FBB1249-F6BF-4D1B-B39B-284523DEC70B}C:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"TCP Query User{40CC1C32-AF0D-4EB9-98A7-787D3D9C93A7}C:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe |
"TCP Query User{5D2CFD6C-B4C8-4D3B-9212-EB26243F5FD3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{7E285096-3774-40A2-83A6-421863A980EE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{9B9AA487-4456-4BA3-B5D5-5C01731FEF6D}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{B5255756-F8F3-4748-A8DA-DA48A857C57C}C:\program files (x86)\relmtech\unified remote\unifiedremoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relmtech\unified remote\unifiedremoteserver.exe |
"TCP Query User{C6F4D253-6BAA-4F5D-A57E-F205B12F55AA}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{CC03B82E-FB57-4A81-9994-7B1036D2812A}C:\users\zenfly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\zenfly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{CEFC8B5E-428D-4D0F-8C4D-A17FA9A5AB97}C:\users\zenfly\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\zenfly\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E5319DA4-46FF-4ADC-9400-3602C183CC7C}C:\users\zenfly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\zenfly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{ED365328-BC78-422D-8490-40E1217DDCBF}C:\users\zenfly\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\zenfly\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FD6DAA08-2CEC-45A4-8F25-96B6AA34B5F9}C:\program files (x86)\relmtech\unified remote\unifiedremoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relmtech\unified remote\unifiedremoteserver.exe |
"UDP Query User{314F2CD8-68E4-4DC4-916F-3DB47528226F}C:\users\zenfly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\zenfly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{4C5F0DC3-5DDC-462A-B9DE-736EE4D1757E}C:\users\zenfly\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\zenfly\appdata\local\akamai\netsession_win.exe |
"UDP Query User{654B51D9-B1EE-4A8F-9E7F-E4648A9139D2}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{824D1D79-54BA-403B-8D9C-3AC3342D8F0A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{9B041E31-C297-4152-AE91-B3BCFD83508D}C:\users\zenfly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\zenfly\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{AFECC5D7-26C7-4BF5-B3F9-14B42BACD947}C:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"UDP Query User{B07CFECB-C9C7-4EB9-BA2D-ED59AFD9127F}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{C96BA939-F8D8-43DA-BAB4-5421938A0A7D}C:\users\zenfly\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\zenfly\appdata\local\akamai\netsession_win.exe |
"UDP Query User{CE83EC31-9321-4579-9896-DB0BA1F2D239}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{D53C335C-CCF0-40A7-AB0F-3A83DF7C7B55}C:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe |
"UDP Query User{D7646BCF-6520-404A-B932-E109AB7926C8}C:\program files (x86)\relmtech\unified remote\unifiedremoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relmtech\unified remote\unifiedremoteserver.exe |
"UDP Query User{DEDCB79E-3C4B-4322-B496-15F9E426FB01}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{EDE0680B-1259-40E1-8474-A7186BDE915D}C:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"UDP Query User{F0800BCF-4267-41E2-9D69-A18DEA379088}C:\users\zenfly\downloads\eclipse-rcp-ganymede-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\zenfly\downloads\eclipse-rcp-ganymede-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{F4680925-8165-4C78-B219-DFB2EBCB1EDC}C:\program files (x86)\relmtech\unified remote\unifiedremoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relmtech\unified remote\unifiedremoteserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Corel Painter 12
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Painter 12 - Setup Files
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{42CD49CD-4B05-4A2D-8FD1-E37CC9315FA5}" = Painter 12 - Core
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FD7D415-F562-4767-913F-26E7F463DF8B}" = Painter 12 - Corex64
"{669A82E0-43E2-4645-8A2E-1A3DE78F8312}" = Adobe Photoshop Lightroom 4 64-bit
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77013803-5BA9-4C8A-BFC4-99AE7151C4B7}" = Painter 12 - EN
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97759DE4-0A6A-4ACF-A511-4DA791BEAA1A}" = Painter 12 - Content
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC6FC993-CCD1-41A5-B61C-AD61F90549BE}" = Corel Painter 12 - IPM
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3015C78-C196-4039-A279-9959940083DE}" = O2Micro Flash Memory Card Reader Driver (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E20B4EF-7FF1-95B0-2FA3-3966CD939CB1}" = MyFonts Order M2849332
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3732AF18-9C3C-428D-B944-F7E3FADEE3F3}" = Adobe Setup
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{402F6F2E-5683-491C-977D-0CA599A07CAF}" = Adobe CS6 Design and Web Premium
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CEF655D-188D-52D2-0424-6CCC70473B0C}" = Adobe® Content Viewer
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_6f2ce928cc3187358f216191905bbea" = Adobe Creative Suite 4 Web Premium
"AIM_7" = AIM 7
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"FileZilla Client" = FileZilla Client 3.5.3
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"HP Photo Creations" = HP Photo Creations
"HTC_WModemDriver" = WModem Driver Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.10.1652" = Opera 12.10
"PdaNet_is1" = PdaNet for Android 3.25
"Picasa 3" = Picasa 3
"SnagIt5" = SnagIt 5
"SyncBack_is1" = SyncBack
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

< End of report >
souxie55
Active Member
 
Posts: 9
Joined: November 17th, 2012, 1:07 am

Re: Please take a look at my logs

Unread postby souxie55 » November 26th, 2012, 6:57 pm

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.4 (11.26.2012)
OS: Windows (TM) Vista Home Premium x64
Ran by ZenFly on Mon 11/26/2012 at 14:37:34.16
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-858280618-3379134262-736390932-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-858280618-3379134262-736390932-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduitengine"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\pricegong"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\searchqutoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\comobject.deskbarenabler"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\comobject.deskbarenabler.1"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\conduit.engine"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook.1"
Successfully deleted: [Registry Key] "hkey_local_machine\software\metastream"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fcbccb87-9224-4b8d-b117-f56d924beb18}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcbccb87-9224-4b8d-b117-f56d924beb18}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\ZenFly\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\ZenFly\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\ZenFly\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\ZenFly\appdata\locallow\coupons.com"
Successfully deleted: [Folder] "C:\Users\ZenFly\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\ZenFly\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\ZenFly\appdata\locallow\toolbar4"



~~~ FireFox

Successfully deleted: [File] C:\Users\ZenFly\AppData\Roaming\mozilla\firefox\profiles\w5nvm45v.default\user.js
Successfully deleted: [File] C:\Users\ZenFly\AppData\Roaming\mozilla\firefox\profiles\w5nvm45v.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\ZenFly\AppData\Roaming\mozilla\firefox\profiles\w5nvm45v.default\searchplugins\search_results.xml
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
Successfully deleted the following from C:\Users\ZenFly\AppData\Roaming\mozilla\firefox\profiles\w5nvm45v.default\prefs.js

user_pref("CT2559647..clientLogIsEnabled", true);
user_pref("CT2559647..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2559647..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2559647.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2559647.AppTrackingLastCheckTime", "Tue Apr 26 2011 21:02:27 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.CTID", "CT2559647");
user_pref("CT2559647.CurrentServerDate", "27-4-2011");
user_pref("CT2559647.DialogsAlignMode", "LTR");
user_pref("CT2559647.DialogsGetterLastCheckTime", "Tue Apr 26 2011 21:02:11 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.DownloadReferralCookieData", "");
user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Tue Apr 26 2011 21:02:12 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Tue Apr 26 2011 21:02:12 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Tue Apr 26 2011 21:02:12 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.FirstServerDate", "27-4-2011");
user_pref("CT2559647.FirstTime", true);
user_pref("CT2559647.FirstTimeFF3", true);
user_pref("CT2559647.FixPageNotFoundErrors", true);
user_pref("CT2559647.GroupingServerCheckInterval", 1440);
user_pref("CT2559647.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2559647.HasUserGlobalKeys", true);
user_pref("CT2559647.Initialize", true);
user_pref("CT2559647.InitializeCommonPrefs", true);
user_pref("CT2559647.InstallationAndCookieDataSentCount", 1);
user_pref("CT2559647.InstallationType", "UnknownIntegration");
user_pref("CT2559647.InstalledDate", "Tue Apr 26 2011 21:02:12 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.IsGrouping", false);
user_pref("CT2559647.IsMulticommunity", false);
user_pref("CT2559647.IsOpenThankYouPage", false);
user_pref("CT2559647.IsOpenUninstallPage", false);
user_pref("CT2559647.LanguagePackLastCheckTime", "Tue Apr 26 2011 21:02:17 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2559647.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2559647.LastLogin_3.3.3.2", "Tue Apr 26 2011 21:02:11 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.LatestVersion", "3.3.3.2");
user_pref("CT2559647.Locale", "en");
user_pref("CT2559647.MCDetectTooltipHeight", "83");
user_pref("CT2559647.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2559647.MCDetectTooltipWidth", "295");
user_pref("CT2559647.SearchFromAddressBarIsInit", true);
user_pref("CT2559647.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=");
user_pref("CT2559647.SearchInNewTabEnabled", true);
user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
user_pref("CT2559647.SearchInNewTabLastCheckTime", "Tue Apr 26 2011 21:02:11 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2559647.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2559647.ServiceMapLastCheckTime", "Tue Apr 26 2011 21:02:06 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.SettingsLastCheckTime", "Tue Apr 26 2011 21:02:07 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.SettingsLastUpdate", "1299657776");
user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Tue Apr 26 2011 21:02:06 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1246786978");
user_pref("CT2559647.TrusteLinkUrl", "http://trust.conduit.com/CT2559647");
user_pref("CT2559647.UserID", "UN46877507553416264");
user_pref("CT2559647.alertChannelId", "952537");
user_pref("CT2559647.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"http://appdownload.conduit.com/\"}");
user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Tue Apr 26 2011 21:02:11 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.isAppTrackingManagerOn", true);
user_pref("CT2559647.myStuffEnabled", true);
user_pref("CT2559647.myStuffPublihserMinWidth", 400);
user_pref("CT2559647.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
user_pref("CT2559647.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2559647.testingCtid", "");
user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Tue Apr 26 2011 21:02:11 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Tue Apr 26 2011 21:02:17 GMT-0700 (US Mountain Standard Time)");
user_pref("CT2559647.usagesFlag", 1);
user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2559647");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root ... /948310/US", "\"0\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-ser ... =CT2559647", "\"0\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-serv ... &locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-serv ... &locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-serv ... &locale=en", "QmycQXJXVyFVAzIiNllWhQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-serv ... &locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\"803651ba7facb1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-s ... er=3.3.3.2", "\"07b2625f8cb1:0\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/ ... =CT2559647", "\"634394076199470000\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit. ... /CT2559647", "\"1299657776\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-serv ... ?locale=en", "\"634351849102130000\"");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=");
user_pref("CommunityToolbar.ToolbarsList", "CT2559647");
user_pref("CommunityToolbar.ToolbarsList2", "CT2559647");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Apr 26 2011 21:02:07 GMT-0700 (US Mountain Standard Time)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Apr 26 2011 21:02:17 GMT-0700 (US Mountain Standard Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Apr 26 2011 21:02:04 GMT-0700 (US Mountain Standard Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "665deaf6-8218-4981-8c0a-bb334adb1981");
user_pref("CommunityToolbar.globalUserId", "a6018aa7-bf73-48af-9626-f1c16311eae5");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647");
user_pref("aol_toolbar.surf.date", "16");
user_pref("aol_toolbar.surf.lastDate", "30");
user_pref("aol_toolbar.surf.lastMonth", "5");
user_pref("aol_toolbar.surf.lastYear", "2009");
user_pref("aol_toolbar.surf.mURL", "");
user_pref("aol_toolbar.surf.mURLh", "0");
user_pref("aol_toolbar.surf.mURLw", "0");
user_pref("aol_toolbar.surf.mURLx", "0");
user_pref("aol_toolbar.surf.mURLy", "0");
user_pref("aol_toolbar.surf.milestone", "-1");
user_pref("aol_toolbar.surf.month", "16");
user_pref("aol_toolbar.surf.prevMonth", "0");
user_pref("aol_toolbar.surf.total", "16");
user_pref("aol_toolbar.surf.week", "16");
user_pref("aol_toolbar.surf.year", "16");
user_pref("browser.search.defaultenginename", "Search Results");
user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search");
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Search Results");
user_pref("keyword.URL", "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/26/2012 at 14:42:53.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
souxie55
Active Member
 
Posts: 9
Joined: November 17th, 2012, 1:07 am

Re: Please take a look at my logs

Unread postby Cypher » November 27th, 2012, 6:34 am

Hi souxie55,
A couple of questions,
Computer Name: ZENFLY-PC | User Name: ZenFly

Zen Fly Web Design: Creative Technology Solutions

http://zenflywebdesign.com/html/about.html

Is this computer used for business puropses?
Can you confirm that you run the above website?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please take a look at my logs

Unread postby souxie55 » November 27th, 2012, 3:59 pm

Hi Cypher,

That is my website. I used to use this computer for the business, but I have not used it for that in over a year. I purchased a new PC and my daughter and husband use this one mostly for homework and personal use.
souxie55
Active Member
 
Posts: 9
Joined: November 17th, 2012, 1:07 am

Re: Please take a look at my logs

Unread postby Cypher » November 28th, 2012, 6:06 am

Hi souxie55,
Ok continue with the instrutions below please.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    FF - prefs.js..extensions.enabledAddons: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.6.0.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - user.js - File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.9.2)
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download TDSSKiller and save it to your Desktop.

  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • TDSSKiller log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please take a look at my logs

Unread postby souxie55 » November 28th, 2012, 2:14 pm

Hi Cypher,

Here are the logs.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.6.0.2 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ZenFly\Desktop\cmd.bat deleted successfully.
C:\Users\ZenFly\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: ZenFly
->Temp folder emptied: 17447163 bytes
->Temporary Internet Files folder emptied: 133632089 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 218977330 bytes
->Google Chrome cache emptied: 27167111 bytes
->Apple Safari cache emptied: 12414976 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 68182 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63964429 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 280599574 bytes

Total Files Cleaned = 719.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11282012_105403

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


11:08:01.0967 4792 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:08:02.0778 4792 ============================================================
11:08:02.0778 4792 Current date / time: 2012/11/28 11:08:02.0778
11:08:02.0778 4792 SystemInfo:
11:08:02.0778 4792
11:08:02.0778 4792 OS Version: 6.0.6002 ServicePack: 2.0
11:08:02.0778 4792 Product type: Workstation
11:08:02.0778 4792 ComputerName: ZENFLY-PC
11:08:02.0793 4792 UserName: ZenFly
11:08:02.0793 4792 Windows directory: C:\Windows
11:08:02.0793 4792 System windows directory: C:\Windows
11:08:02.0793 4792 Running under WOW64
11:08:02.0793 4792 Processor architecture: Intel x64
11:08:02.0793 4792 Number of processors: 2
11:08:02.0793 4792 Page size: 0x1000
11:08:02.0793 4792 Boot type: Normal boot
11:08:02.0793 4792 ============================================================
11:08:04.0369 4792 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:08:04.0385 4792 ============================================================
11:08:04.0385 4792 \Device\Harddisk0\DR0:
11:08:04.0416 4792 MBR partitions:
11:08:04.0416 4792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x23CBD800
11:08:04.0416 4792 ============================================================
11:08:04.0494 4792 C: <-> \Device\Harddisk0\DR0\Partition1
11:08:04.0494 4792 ============================================================
11:08:04.0494 4792 Initialize success
11:08:04.0494 4792 ============================================================
11:09:13.0508 5076 ============================================================
11:09:13.0508 5076 Scan started
11:09:13.0508 5076 Mode: Manual; SigCheck;
11:09:13.0508 5076 ============================================================
11:09:14.0117 5076 ================ Scan system memory ========================
11:09:14.0117 5076 System memory - ok
11:09:14.0117 5076 ================ Scan services =============================
11:09:14.0725 5076 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:09:15.0006 5076 ACPI - ok
11:09:15.0068 5076 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
11:09:15.0146 5076 adfs - ok
11:09:15.0224 5076 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:09:15.0240 5076 AdobeARMservice - ok
11:09:15.0848 5076 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:09:15.0879 5076 AdobeFlashPlayerUpdateSvc - ok
11:09:16.0004 5076 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:09:16.0145 5076 adp94xx - ok
11:09:16.0207 5076 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:09:16.0254 5076 adpahci - ok
11:09:16.0285 5076 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:09:16.0316 5076 adpu160m - ok
11:09:16.0394 5076 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:09:16.0425 5076 adpu320 - ok
11:09:16.0488 5076 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:09:16.0971 5076 AeLookupSvc - ok
11:09:17.0034 5076 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
11:09:17.0143 5076 AFD - ok
11:09:17.0252 5076 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:09:17.0283 5076 agp440 - ok
11:09:17.0315 5076 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:09:17.0408 5076 aic78xx - ok
11:09:17.0455 5076 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
11:09:17.0923 5076 ALG - ok
11:09:17.0954 5076 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
11:09:17.0985 5076 aliide - ok
11:09:18.0032 5076 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
11:09:18.0048 5076 amdide - ok
11:09:18.0110 5076 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:09:18.0173 5076 AmdK8 - ok
11:09:18.0266 5076 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys
11:09:18.0329 5076 Amfilter - ok
11:09:18.0391 5076 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys
11:09:18.0453 5076 Amusbprt - ok
11:09:18.0485 5076 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
11:09:18.0547 5076 Appinfo - ok
11:09:18.0578 5076 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
11:09:18.0594 5076 arc - ok
11:09:18.0641 5076 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:09:18.0656 5076 arcsas - ok
11:09:18.0703 5076 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:09:18.0781 5076 AsyncMac - ok
11:09:18.0797 5076 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys
11:09:18.0812 5076 atapi - ok
11:09:18.0890 5076 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:09:19.0015 5076 AudioEndpointBuilder - ok
11:09:19.0015 5076 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:09:19.0062 5076 AudioSrv - ok
11:09:19.0077 5076 Beep - ok
11:09:19.0171 5076 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
11:09:19.0233 5076 BFE - ok
11:09:19.0311 5076 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
11:09:19.0483 5076 BITS - ok
11:09:19.0577 5076 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:09:19.0639 5076 blbdrive - ok
11:09:19.0795 5076 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:09:19.0904 5076 Bonjour Service - ok
11:09:19.0982 5076 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:09:20.0076 5076 bowser - ok
11:09:20.0123 5076 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:09:20.0232 5076 BrFiltLo - ok
11:09:20.0247 5076 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:09:20.0310 5076 BrFiltUp - ok
11:09:20.0466 5076 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
11:09:20.0559 5076 Browser - ok
11:09:20.0591 5076 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
11:09:20.0856 5076 Brserid - ok
11:09:20.0887 5076 [ 132B32D4B0EC649EDBF4123455237E6D ] BrSerIf C:\Windows\system32\DRIVERS\BrSerIf.sys
11:09:20.0903 5076 BrSerIf - ok
11:09:20.0934 5076 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:09:21.0043 5076 BrSerWdm - ok
11:09:21.0074 5076 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:09:21.0199 5076 BrUsbMdm - ok
11:09:21.0261 5076 [ D014919FBCCCF077AA4BA0A0E5BA713B ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
11:09:21.0277 5076 BrUsbSer - ok
11:09:21.0324 5076 BTCFilterService - ok
11:09:21.0386 5076 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:09:21.0495 5076 BTHMODEM - ok
11:09:21.0558 5076 catchme - ok
11:09:21.0667 5076 [ CD69E6640BC4778EB4159D34A707106E ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
11:09:21.0761 5076 CAXHWAZL - ok
11:09:21.0807 5076 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:09:21.0901 5076 cdfs - ok
11:09:21.0932 5076 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:09:21.0979 5076 cdrom - ok
11:09:22.0057 5076 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
11:09:22.0104 5076 CertPropSvc - ok
11:09:22.0151 5076 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
11:09:22.0182 5076 circlass - ok
11:09:22.0244 5076 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
11:09:22.0275 5076 CLFS - ok
11:09:22.0463 5076 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:09:22.0572 5076 clr_optimization_v2.0.50727_32 - ok
11:09:22.0603 5076 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:09:22.0619 5076 clr_optimization_v2.0.50727_64 - ok
11:09:22.0697 5076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:09:22.0743 5076 clr_optimization_v4.0.30319_32 - ok
11:09:22.0853 5076 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:09:22.0915 5076 clr_optimization_v4.0.30319_64 - ok
11:09:22.0993 5076 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:09:23.0149 5076 CmBatt - ok
11:09:23.0196 5076 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:09:23.0211 5076 cmdide - ok
11:09:23.0321 5076 [ 491CBD050CE600B0FB8E71D01D76E0F9 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
11:09:23.0399 5076 CnxtHdAudService - ok
11:09:23.0430 5076 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:09:23.0445 5076 Compbatt - ok
11:09:23.0461 5076 COMSysApp - ok
11:09:23.0508 5076 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:09:23.0539 5076 crcdisk - ok
11:09:23.0617 5076 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:09:23.0664 5076 CryptSvc - ok
11:09:23.0773 5076 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:09:23.0882 5076 DcomLaunch - ok
11:09:23.0991 5076 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:09:24.0054 5076 DfsC - ok
11:09:24.0163 5076 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
11:09:24.0553 5076 DFSR - ok
11:09:24.0662 5076 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:09:24.0771 5076 Dhcp - ok
11:09:24.0818 5076 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
11:09:24.0849 5076 disk - ok
11:09:24.0912 5076 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:09:24.0974 5076 Dnscache - ok
11:09:25.0005 5076 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
11:09:25.0083 5076 dot3svc - ok
11:09:25.0146 5076 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:09:25.0224 5076 Dot4 - ok
11:09:25.0271 5076 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:09:25.0349 5076 Dot4Print - ok
11:09:25.0380 5076 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:09:25.0473 5076 dot4usb - ok
11:09:25.0520 5076 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
11:09:25.0567 5076 DPS - ok
11:09:25.0692 5076 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:09:25.0770 5076 drmkaud - ok
11:09:25.0863 5076 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:09:25.0910 5076 DXGKrnl - ok
11:09:25.0988 5076 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
11:09:26.0035 5076 E1G60 - ok
11:09:26.0066 5076 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
11:09:26.0129 5076 EapHost - ok
11:09:26.0222 5076 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
11:09:26.0300 5076 Ecache - ok
11:09:26.0394 5076 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:09:26.0534 5076 ehRecvr - ok
11:09:26.0550 5076 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
11:09:26.0597 5076 ehSched - ok
11:09:26.0643 5076 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
11:09:26.0690 5076 ehstart - ok
11:09:26.0768 5076 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:09:26.0909 5076 elxstor - ok
11:09:27.0018 5076 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:09:27.0252 5076 EMDMgmt - ok
11:09:27.0283 5076 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:09:27.0392 5076 ErrDev - ok
11:09:27.0470 5076 [ 23112102BC2A8FE44B8AC44A05BDF4C3 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
11:09:27.0501 5076 ETService ( UnsignedFile.Multi.Generic ) - warning
11:09:27.0501 5076 ETService - detected UnsignedFile.Multi.Generic (1)
11:09:27.0611 5076 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
11:09:27.0845 5076 EventSystem - ok
11:09:27.0907 5076 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
11:09:28.0032 5076 exfat - ok
11:09:28.0110 5076 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:09:28.0219 5076 fastfat - ok
11:09:28.0266 5076 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:09:28.0328 5076 fdc - ok
11:09:28.0391 5076 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
11:09:28.0453 5076 fdPHost - ok
11:09:28.0515 5076 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
11:09:28.0578 5076 FDResPub - ok
11:09:28.0609 5076 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:09:28.0625 5076 FileInfo - ok
11:09:28.0671 5076 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:09:28.0718 5076 Filetrace - ok
11:09:28.0921 5076 [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
11:09:29.0030 5076 FlipShare Service - ok
11:09:29.0155 5076 [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
11:09:29.0997 5076 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
11:09:29.0997 5076 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
11:09:30.0091 5076 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:09:30.0138 5076 flpydisk - ok
11:09:30.0216 5076 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:09:30.0341 5076 FltMgr - ok
11:09:30.0559 5076 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
11:09:30.0965 5076 FontCache - ok
11:09:31.0058 5076 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:09:31.0105 5076 FontCache3.0.0.0 - ok
11:09:31.0183 5076 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:09:31.0277 5076 Fs_Rec - ok
11:09:31.0323 5076 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:09:31.0370 5076 gagp30kx - ok
11:09:31.0464 5076 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
11:09:31.0620 5076 gpsvc - ok
11:09:31.0745 5076 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:09:31.0807 5076 gusvc - ok
11:09:31.0885 5076 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:09:32.0057 5076 HdAudAddService - ok
11:09:32.0275 5076 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:09:32.0478 5076 HDAudBus - ok
11:09:32.0525 5076 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:09:32.0603 5076 HidBth - ok
11:09:32.0681 5076 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:09:32.0759 5076 HidIr - ok
11:09:32.0821 5076 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
11:09:32.0868 5076 hidserv - ok
11:09:32.0899 5076 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:09:32.0961 5076 HidUsb - ok
11:09:33.0008 5076 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
11:09:33.0071 5076 hkmsvc - ok
11:09:33.0102 5076 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
11:09:33.0117 5076 HpCISSs - ok
11:09:33.0367 5076 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:09:33.0523 5076 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
11:09:33.0523 5076 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
11:09:33.0570 5076 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:09:33.0601 5076 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
11:09:33.0601 5076 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
11:09:33.0710 5076 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:09:33.0866 5076 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
11:09:33.0866 5076 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
11:09:33.0991 5076 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:09:34.0163 5076 HSFHWAZL - ok
11:09:34.0287 5076 [ EBDBA99C2362457BE429F024396B63BE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
11:09:34.0568 5076 HSF_DPV - ok
11:09:34.0740 5076 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:09:34.0849 5076 HTTP - ok
11:09:34.0865 5076 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
11:09:34.0974 5076 i2omp - ok
11:09:35.0005 5076 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:09:35.0099 5076 i8042prt - ok
11:09:35.0286 5076 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:09:35.0364 5076 IAANTMON - ok
11:09:35.0489 5076 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:09:35.0567 5076 iaStor - ok
11:09:35.0598 5076 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
11:09:35.0676 5076 iaStorV - ok
11:09:35.0785 5076 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:09:35.0910 5076 idsvc - ok
11:09:35.0972 5076 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:09:36.0003 5076 iirsp - ok
11:09:36.0144 5076 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
11:09:36.0409 5076 IKEEXT - ok
11:09:36.0690 5076 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
11:09:36.0705 5076 int15 - ok
11:09:36.0783 5076 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
11:09:36.0799 5076 intelide - ok
11:09:36.0846 5076 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:09:36.0893 5076 intelppm - ok
11:09:36.0955 5076 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:09:37.0049 5076 IPBusEnum - ok
11:09:37.0095 5076 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:09:37.0173 5076 IpFilterDriver - ok
11:09:37.0205 5076 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:09:37.0298 5076 iphlpsvc - ok
11:09:37.0298 5076 IpInIp - ok
11:09:37.0329 5076 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
11:09:37.0439 5076 IPMIDRV - ok
11:09:37.0532 5076 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
11:09:37.0626 5076 IPNAT - ok
11:09:37.0735 5076 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:09:37.0797 5076 IRENUM - ok
11:09:37.0844 5076 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:09:37.0860 5076 isapnp - ok
11:09:37.0953 5076 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:09:37.0985 5076 iScsiPrt - ok
11:09:38.0016 5076 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
11:09:38.0031 5076 iteatapi - ok
11:09:38.0063 5076 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
11:09:38.0078 5076 iteraid - ok
11:09:38.0094 5076 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:09:38.0109 5076 kbdclass - ok
11:09:38.0125 5076 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:09:38.0203 5076 kbdhid - ok
11:09:38.0265 5076 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
11:09:38.0328 5076 KeyIso - ok
11:09:38.0375 5076 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
11:09:38.0390 5076 KMWDFILTER - ok
11:09:38.0437 5076 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:09:38.0546 5076 KSecDD - ok
11:09:38.0609 5076 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:09:38.0718 5076 ksthunk - ok
11:09:38.0843 5076 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
11:09:38.0921 5076 KtmRm - ok
11:09:38.0967 5076 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:09:39.0030 5076 LanmanServer - ok
11:09:39.0077 5076 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:09:39.0139 5076 LanmanWorkstation - ok
11:09:39.0170 5076 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:09:39.0295 5076 lltdio - ok
11:09:39.0435 5076 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:09:39.0591 5076 lltdsvc - ok
11:09:39.0623 5076 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:09:39.0716 5076 lmhosts - ok
11:09:39.0810 5076 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:09:39.0825 5076 LSI_FC - ok
11:09:39.0872 5076 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:09:39.0888 5076 LSI_SAS - ok
11:09:39.0935 5076 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:09:39.0950 5076 LSI_SCSI - ok
11:09:39.0981 5076 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
11:09:40.0028 5076 luafv - ok
11:09:40.0091 5076 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:09:40.0137 5076 Mcx2Svc - ok
11:09:40.0200 5076 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:09:40.0247 5076 mdmxsdk - ok
11:09:40.0278 5076 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
11:09:40.0293 5076 megasas - ok
11:09:40.0371 5076 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
11:09:40.0481 5076 MegaSR - ok
11:09:40.0652 5076 Microsoft SharePoint Workspace Audit Service - ok
11:09:40.0699 5076 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
11:09:40.0777 5076 MMCSS - ok
11:09:40.0824 5076 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
11:09:40.0917 5076 Modem - ok
11:09:40.0949 5076 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:09:41.0058 5076 monitor - ok
11:09:41.0073 5076 motccgp - ok
11:09:41.0089 5076 motccgpfl - ok
11:09:41.0105 5076 motmodem - ok
11:09:41.0120 5076 MotoSwitchService - ok
11:09:41.0120 5076 Motousbnet - ok
11:09:41.0120 5076 motusbdevice - ok
11:09:41.0183 5076 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:09:41.0198 5076 mouclass - ok
11:09:41.0245 5076 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:09:41.0307 5076 mouhid - ok
11:09:41.0323 5076 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
11:09:41.0354 5076 MountMgr - ok
11:09:41.0417 5076 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:09:41.0432 5076 MozillaMaintenance - ok
11:09:41.0495 5076 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:09:41.0526 5076 MpFilter - ok
11:09:41.0557 5076 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
11:09:41.0588 5076 mpio - ok
11:09:41.0619 5076 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:09:41.0760 5076 mpsdrv - ok
11:09:41.0791 5076 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
11:09:41.0869 5076 MpsSvc - ok
11:09:41.0963 5076 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
11:09:41.0978 5076 Mraid35x - ok
11:09:42.0072 5076 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:09:42.0103 5076 MRxDAV - ok
11:09:42.0134 5076 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:09:42.0212 5076 mrxsmb - ok
11:09:42.0275 5076 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:09:42.0337 5076 mrxsmb10 - ok
11:09:42.0337 5076 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:09:42.0353 5076 mrxsmb20 - ok
11:09:42.0415 5076 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
11:09:42.0431 5076 msahci - ok
11:09:42.0524 5076 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:09:42.0540 5076 msdsm - ok
11:09:42.0587 5076 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
11:09:42.0665 5076 MSDTC - ok
11:09:42.0696 5076 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:09:42.0743 5076 Msfs - ok
11:09:42.0789 5076 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:09:42.0821 5076 msisadrv - ok
11:09:42.0867 5076 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:09:42.0945 5076 MSiSCSI - ok
11:09:42.0961 5076 msiserver - ok
11:09:42.0992 5076 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:09:43.0055 5076 MSKSSRV - ok
11:09:43.0211 5076 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:09:43.0242 5076 MsMpSvc - ok
11:09:43.0320 5076 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:09:43.0398 5076 MSPCLOCK - ok
11:09:43.0429 5076 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:09:43.0491 5076 MSPQM - ok
11:09:43.0523 5076 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:09:43.0616 5076 MsRPC - ok
11:09:43.0632 5076 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:09:43.0647 5076 mssmbios - ok
11:09:43.0835 5076 MSSQL$MSSMLBIZ - ok
11:09:43.0881 5076 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:09:43.0913 5076 MSSQLServerADHelper - ok
11:09:43.0991 5076 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:09:44.0131 5076 MSTEE - ok
11:09:44.0271 5076 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
11:09:44.0287 5076 Mup - ok
11:09:44.0443 5076 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
11:09:44.0568 5076 napagent - ok
11:09:44.0646 5076 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:09:44.0739 5076 NativeWifiP - ok
11:09:44.0802 5076 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:09:44.0849 5076 NDIS - ok
11:09:44.0880 5076 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:09:44.0973 5076 NdisTapi - ok
11:09:44.0989 5076 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:09:45.0067 5076 Ndisuio - ok
11:09:45.0145 5076 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:09:45.0239 5076 NdisWan - ok
11:09:45.0254 5076 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:09:45.0317 5076 NDProxy - ok
11:09:45.0379 5076 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:09:45.0395 5076 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:09:45.0395 5076 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:09:45.0426 5076 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:09:45.0488 5076 NetBIOS - ok
11:09:45.0519 5076 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
11:09:45.0551 5076 netbt - ok
11:09:45.0566 5076 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
11:09:45.0582 5076 Netlogon - ok
11:09:45.0769 5076 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
11:09:46.0003 5076 Netman - ok
11:09:46.0081 5076 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
11:09:46.0175 5076 netprofm - ok
11:09:46.0221 5076 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:09:46.0284 5076 NetTcpPortSharing - ok
11:09:46.0424 5076 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
11:09:47.0267 5076 NETw5v64 - ok
11:09:47.0345 5076 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:09:47.0360 5076 nfrd960 - ok
11:09:47.0376 5076 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:09:47.0407 5076 NisDrv - ok
11:09:47.0516 5076 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:09:47.0563 5076 NisSrv - ok
11:09:47.0641 5076 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
11:09:47.0703 5076 NlaSvc - ok
11:09:47.0766 5076 [ 40777BD92D73A8FF3B252E4F4881E672 ] nlscc C:\Windows\system32\nlsInterface.exe
11:09:47.0828 5076 nlscc ( UnsignedFile.Multi.Generic ) - warning
11:09:47.0828 5076 nlscc - detected UnsignedFile.Multi.Generic (1)
11:09:47.0922 5076 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:09:48.0031 5076 Npfs - ok
11:09:48.0047 5076 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
11:09:48.0203 5076 nsi - ok
11:09:48.0234 5076 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:09:48.0327 5076 nsiproxy - ok
11:09:48.0546 5076 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:09:48.0686 5076 Ntfs - ok
11:09:48.0733 5076 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
11:09:48.0811 5076 Null - ok
11:09:48.0889 5076 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:09:48.0905 5076 NVHDA - ok
11:09:49.0201 5076 [ C496CFEDEECC02B654EBED3954D47B1B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:09:49.0560 5076 nvlddmkm - ok
11:09:49.0700 5076 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:09:49.0731 5076 nvraid - ok
11:09:49.0778 5076 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:09:49.0794 5076 nvstor - ok
11:09:49.0919 5076 [ C083A5414A9D145354F1921BBCD895E4 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:09:49.0997 5076 nvsvc - ok
11:09:50.0028 5076 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:09:50.0059 5076 nv_agp - ok
11:09:50.0059 5076 NwlnkFlt - ok
11:09:50.0059 5076 NwlnkFwd - ok
11:09:50.0184 5076 [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
11:09:50.0262 5076 o2flash ( UnsignedFile.Multi.Generic ) - warning
11:09:50.0262 5076 o2flash - detected UnsignedFile.Multi.Generic (1)
11:09:50.0355 5076 [ 1FBB63BD15D25B022DC986D463F94219 ] O2MDRDR C:\Windows\system32\DRIVERS\o2mdx64.sys
11:09:50.0371 5076 O2MDRDR - ok
11:09:50.0402 5076 [ C88959545B5F598791D30314C7DB5718 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sdx64.sys
11:09:50.0433 5076 O2SDRDR - ok
11:09:50.0496 5076 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:09:50.0543 5076 ohci1394 - ok
11:09:50.0636 5076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:09:50.0667 5076 ose - ok
11:09:51.0323 5076 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:09:51.0728 5076 osppsvc - ok
11:09:51.0931 5076 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
11:09:52.0165 5076 p2pimsvc - ok
11:09:52.0212 5076 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
11:09:52.0259 5076 p2psvc - ok
11:09:52.0321 5076 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
11:09:52.0461 5076 Parport - ok
11:09:52.0508 5076 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:09:52.0524 5076 partmgr - ok
11:09:52.0571 5076 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
11:09:52.0633 5076 PcaSvc - ok
11:09:52.0711 5076 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
11:09:52.0727 5076 pci - ok
11:09:52.0820 5076 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
11:09:52.0836 5076 pciide - ok
11:09:52.0961 5076 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:09:53.0054 5076 pcmcia - ok
11:09:53.0101 5076 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:09:53.0273 5076 PEAUTH - ok
11:09:53.0319 5076 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:09:53.0366 5076 PerfHost - ok
11:09:53.0663 5076 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
11:09:53.0928 5076 pla - ok
11:09:54.0084 5076 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:09:54.0224 5076 PlugPlay - ok
11:09:54.0302 5076 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:09:54.0318 5076 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:09:54.0318 5076 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:09:54.0396 5076 [ A010F13D27C1033A8BE09D5FA9BF348B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
11:09:54.0489 5076 pneteth - ok
11:09:54.0536 5076 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
11:09:54.0567 5076 PNRPAutoReg - ok
11:09:54.0599 5076 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
11:09:54.0645 5076 PNRPsvc - ok
11:09:54.0692 5076 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:09:54.0848 5076 PolicyAgent - ok
11:09:54.0942 5076 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:09:54.0989 5076 PptpMiniport - ok
11:09:55.0035 5076 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
11:09:55.0129 5076 Processor - ok
11:09:55.0191 5076 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
11:09:55.0316 5076 ProfSvc - ok
11:09:55.0363 5076 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
11:09:55.0379 5076 ProtectedStorage - ok
11:09:55.0441 5076 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
11:09:55.0472 5076 PSched - ok
11:09:55.0613 5076 [ 788CB65D49D1162C5EE6814AFE5B0A70 ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
11:09:55.0737 5076 PSI_SVC_2_x64 - ok
11:09:55.0800 5076 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:09:55.0956 5076 ql2300 - ok
11:09:55.0987 5076 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:09:56.0018 5076 ql40xx - ok
11:09:56.0065 5076 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
11:09:56.0143 5076 QWAVE - ok
11:09:56.0159 5076 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:09:56.0174 5076 QWAVEdrv - ok
11:09:56.0205 5076 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:09:56.0315 5076 RasAcd - ok
11:09:56.0346 5076 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
11:09:56.0393 5076 RasAuto - ok
11:09:56.0455 5076 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:09:56.0549 5076 Rasl2tp - ok
11:09:56.0642 5076 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
11:09:56.0814 5076 RasMan - ok
11:09:56.0845 5076 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:09:56.0985 5076 RasPppoe - ok
11:09:57.0032 5076 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:09:57.0063 5076 RasSstp - ok
11:09:57.0110 5076 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:09:57.0188 5076 rdbss - ok
11:09:57.0266 5076 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:09:57.0313 5076 RDPCDD - ok
11:09:57.0407 5076 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
11:09:57.0531 5076 rdpdr - ok
11:09:57.0563 5076 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:09:57.0625 5076 RDPENCDD - ok
11:09:57.0703 5076 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:09:57.0812 5076 RDPWD - ok
11:09:57.0906 5076 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:09:58.0046 5076 RemoteAccess - ok
11:09:58.0109 5076 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:09:58.0187 5076 RemoteRegistry - ok
11:09:58.0296 5076 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
11:09:58.0374 5076 RpcLocator - ok
11:09:58.0483 5076 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
11:09:58.0561 5076 RpcSs - ok
11:09:58.0670 5076 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:09:58.0779 5076 rspndr - ok
11:09:58.0795 5076 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
11:09:58.0826 5076 SamSs - ok
11:09:58.0842 5076 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:09:58.0873 5076 sbp2port - ok
11:09:58.0904 5076 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:09:58.0982 5076 SCardSvr - ok
11:09:59.0216 5076 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
11:09:59.0466 5076 Schedule - ok
11:09:59.0513 5076 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:09:59.0575 5076 SCPolicySvc - ok
11:09:59.0653 5076 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:09:59.0731 5076 sdbus - ok
11:09:59.0793 5076 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:09:59.0871 5076 SDRSVC - ok
11:09:59.0934 5076 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:10:00.0012 5076 secdrv - ok
11:10:00.0074 5076 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
11:10:00.0183 5076 seclogon - ok
11:10:00.0199 5076 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
11:10:00.0246 5076 SENS - ok
11:10:00.0324 5076 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:10:00.0464 5076 Serenum - ok
11:10:00.0495 5076 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
11:10:00.0573 5076 Serial - ok
11:10:00.0667 5076 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:10:00.0714 5076 sermouse - ok
11:10:00.0745 5076 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
11:10:00.0823 5076 SessionEnv - ok
11:10:00.0854 5076 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:10:00.0917 5076 sffdisk - ok
11:10:00.0948 5076 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:10:01.0041 5076 sffp_mmc - ok
11:10:01.0104 5076 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:10:01.0151 5076 sffp_sd - ok
11:10:01.0197 5076 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:10:01.0307 5076 sfloppy - ok
11:10:01.0431 5076 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:10:01.0556 5076 SharedAccess - ok
11:10:01.0665 5076 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:10:01.0743 5076 ShellHWDetection - ok
11:10:01.0743 5076 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
11:10:01.0775 5076 SiSRaid2 - ok
11:10:01.0806 5076 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:10:01.0837 5076 SiSRaid4 - ok
11:10:01.0977 5076 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:10:01.0993 5076 SkypeUpdate - ok
11:10:02.0071 5076 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
11:10:02.0367 5076 slsvc - ok
11:10:02.0477 5076 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
11:10:02.0570 5076 SLUINotify - ok
11:10:02.0601 5076 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:10:02.0679 5076 Smb - ok
11:10:02.0695 5076 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:10:02.0804 5076 SNMPTRAP - ok
11:10:02.0820 5076 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
11:10:02.0835 5076 spldr - ok
11:10:02.0882 5076 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
11:10:02.0913 5076 Spooler - ok
11:10:02.0991 5076 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:10:03.0069 5076 SQLBrowser - ok
11:10:03.0210 5076 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:10:03.0225 5076 SQLWriter - ok
11:10:03.0303 5076 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
11:10:03.0475 5076 srv - ok
11:10:03.0522 5076 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:10:03.0631 5076 srv2 - ok
11:10:03.0647 5076 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:10:03.0756 5076 srvnet - ok
11:10:03.0787 5076 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:10:03.0849 5076 SSDPSRV - ok
11:10:03.0959 5076 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:10:03.0990 5076 SstpSvc - ok
11:10:04.0052 5076 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:10:04.0115 5076 StillCam - ok
11:10:04.0161 5076 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
11:10:04.0255 5076 stisvc - ok
11:10:04.0271 5076 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:10:04.0286 5076 swenum - ok
11:10:04.0520 5076 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:10:05.0035 5076 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:10:05.0035 5076 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:10:05.0082 5076 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
11:10:05.0238 5076 swprv - ok
11:10:05.0363 5076 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
11:10:05.0394 5076 Symc8xx - ok
11:10:05.0425 5076 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
11:10:05.0456 5076 Sym_hi - ok
11:10:05.0487 5076 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
11:10:05.0503 5076 Sym_u3 - ok
11:10:05.0581 5076 [ B432C6063D4C621241C2B6E05CA0C3E3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:10:05.0597 5076 SynTP - ok
11:10:05.0815 5076 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
11:10:06.0018 5076 SysMain - ok
11:10:06.0111 5076 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:10:06.0158 5076 TabletInputService - ok
11:10:06.0205 5076 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:10:06.0299 5076 TapiSrv - ok
11:10:06.0330 5076 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
11:10:06.0361 5076 TBS - ok
11:10:06.0657 5076 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:10:06.0860 5076 Tcpip - ok
11:10:06.0969 5076 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
11:10:07.0110 5076 Tcpip6 - ok
11:10:07.0172 5076 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:10:07.0281 5076 tcpipreg - ok
11:10:07.0344 5076 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:10:07.0437 5076 TDPIPE - ok
11:10:07.0484 5076 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:10:07.0531 5076 TDTCP - ok
11:10:07.0578 5076 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:10:07.0609 5076 tdx - ok
11:10:07.0671 5076 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:10:07.0687 5076 TermDD - ok
11:10:07.0749 5076 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
11:10:07.0905 5076 TermService - ok
11:10:07.0937 5076 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
11:10:07.0968 5076 Themes - ok
11:10:07.0983 5076 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
11:10:08.0030 5076 THREADORDER - ok
11:10:08.0077 5076 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
11:10:08.0217 5076 TrkWks - ok
11:10:08.0436 5076 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:10:08.0514 5076 TrustedInstaller - ok
11:10:08.0561 5076 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:10:08.0654 5076 tssecsrv - ok
11:10:08.0717 5076 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
11:10:08.0763 5076 tunmp - ok
11:10:08.0795 5076 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:10:08.0826 5076 tunnel - ok
11:10:08.0841 5076 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:10:08.0873 5076 uagp35 - ok
11:10:08.0904 5076 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:10:08.0982 5076 udfs - ok
11:10:09.0013 5076 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:10:09.0060 5076 UI0Detect - ok
11:10:09.0153 5076 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:10:09.0169 5076 uliagpkx - ok
11:10:09.0247 5076 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
11:10:09.0294 5076 uliahci - ok
11:10:09.0309 5076 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
11:10:09.0341 5076 UlSata - ok
11:10:09.0403 5076 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
11:10:09.0434 5076 ulsata2 - ok
11:10:09.0465 5076 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:10:09.0512 5076 umbus - ok
11:10:09.0637 5076 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
11:10:09.0684 5076 upnphost - ok
11:10:09.0731 5076 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:10:09.0809 5076 usbaudio - ok
11:10:09.0840 5076 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:10:09.0949 5076 usbccgp - ok
11:10:09.0965 5076 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:10:10.0074 5076 usbcir - ok
11:10:10.0183 5076 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:10:10.0261 5076 usbehci - ok
11:10:10.0292 5076 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:10:10.0370 5076 usbhub - ok
11:10:10.0386 5076 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:10:10.0495 5076 usbohci - ok
11:10:10.0651 5076 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:10:10.0698 5076 usbprint - ok
11:10:10.0776 5076 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:10:10.0854 5076 usbscan - ok
11:10:10.0869 5076 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:10:10.0947 5076 USBSTOR - ok
11:10:10.0963 5076 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:10:10.0994 5076 usbuhci - ok
11:10:11.0072 5076 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:10:11.0166 5076 usbvideo - ok
11:10:11.0181 5076 [ 56ED086F1300ECB1E6F67AC43955E5E9 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
11:10:11.0197 5076 UVCFTR - ok
11:10:11.0259 5076 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
11:10:11.0291 5076 UxSms - ok
11:10:11.0337 5076 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
11:10:11.0415 5076 vds - ok
11:10:11.0478 5076 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:10:11.0556 5076 vga - ok
11:10:11.0571 5076 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:10:11.0665 5076 VgaSave - ok
11:10:11.0681 5076 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
11:10:11.0696 5076 viaide - ok
11:10:11.0837 5076 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
11:10:11.0868 5076 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
11:10:11.0868 5076 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
11:10:11.0883 5076 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:10:11.0899 5076 volmgr - ok
11:10:12.0039 5076 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:10:12.0117 5076 volmgrx - ok
11:10:12.0289 5076 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:10:12.0507 5076 volsnap - ok
11:10:12.0554 5076 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:10:12.0585 5076 vsmraid - ok
11:10:12.0804 5076 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
11:10:13.0007 5076 VSS - ok
11:10:13.0116 5076 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
11:10:13.0194 5076 W32Time - ok
11:10:13.0225 5076 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:10:13.0303 5076 WacomPen - ok
11:10:13.0334 5076 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
11:10:13.0381 5076 Wanarp - ok
11:10:13.0381 5076 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:10:13.0412 5076 Wanarpv6 - ok
11:10:13.0459 5076 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:10:13.0584 5076 wcncsvc - ok
11:10:13.0631 5076 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:10:13.0693 5076 WcsPlugInService - ok
11:10:13.0833 5076 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
11:10:13.0849 5076 Wd - ok
11:10:13.0896 5076 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:10:14.0036 5076 Wdf01000 - ok
11:10:14.0052 5076 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:10:14.0099 5076 WdiServiceHost - ok
11:10:14.0099 5076 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:10:14.0145 5076 WdiSystemHost - ok
11:10:14.0301 5076 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
11:10:14.0364 5076 WebClient - ok
11:10:14.0504 5076 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:10:14.0598 5076 Wecsvc - ok
11:10:14.0613 5076 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:10:14.0645 5076 wercplsupport - ok
11:10:14.0707 5076 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
11:10:14.0847 5076 WerSvc - ok
11:10:15.0097 5076 [ 9E6C63F94D2C3D884A8936E448B1028B ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
11:10:15.0206 5076 winachsf - ok
11:10:15.0253 5076 WinDefend - ok
11:10:15.0269 5076 WinHttpAutoProxySvc - ok
11:10:15.0456 5076 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:10:15.0596 5076 Winmgmt - ok
11:10:15.0690 5076 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
11:10:15.0846 5076 WinRM - ok
11:10:15.0939 5076 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
11:10:16.0017 5076 WinUSB - ok
11:10:16.0267 5076 WisINT15 - ok
11:10:16.0454 5076 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:10:16.0610 5076 Wlansvc - ok
11:10:16.0719 5076 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:10:16.0938 5076 wlidsvc - ok
11:10:16.0969 5076 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:10:17.0000 5076 WmiAcpi - ok
11:10:17.0063 5076 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:10:17.0094 5076 wmiApSrv - ok
11:10:17.0156 5076 WMPNetworkSvc - ok
11:10:17.0219 5076 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:10:17.0250 5076 WPCSvc - ok
11:10:17.0312 5076 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:10:17.0437 5076 WPDBusEnum - ok
11:10:17.0499 5076 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
11:10:17.0531 5076 WpdUsb - ok
11:10:18.0030 5076 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:10:18.0233 5076 WPFFontCache_v0400 - ok
11:10:18.0295 5076 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:10:18.0373 5076 ws2ifsl - ok
11:10:18.0451 5076 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
11:10:18.0513 5076 wscsvc - ok
11:10:18.0591 5076 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
11:10:18.0654 5076 WSDPrintDevice - ok
11:10:18.0669 5076 WSearch - ok
11:10:18.0919 5076 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:10:19.0169 5076 wuauserv - ok
11:10:19.0231 5076 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:10:19.0309 5076 WUDFRd - ok
11:10:19.0356 5076 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:10:19.0434 5076 wudfsvc - ok
11:10:19.0527 5076 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
11:10:19.0574 5076 XAudio - ok
11:10:19.0637 5076 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
11:10:19.0730 5076 XAudioService - ok
11:10:19.0886 5076 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:10:20.0011 5076 YahooAUService - ok
11:10:20.0027 5076 yksvc - ok
11:10:20.0073 5076 [ B681CADB266B151061E7BAA82B0D77B7 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
11:10:20.0261 5076 yukonx64 - ok
11:10:20.0276 5076 ================ Scan global ===============================
11:10:20.0323 5076 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
11:10:20.0401 5076 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
11:10:20.0495 5076 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
11:10:20.0557 5076 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
11:10:20.0619 5076 [Global] - ok
11:10:20.0619 5076 ================ Scan MBR ==================================
11:10:20.0635 5076 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
11:10:24.0020 5076 \Device\Harddisk0\DR0 - ok
11:10:24.0020 5076 ================ Scan VBR ==================================
11:10:24.0161 5076 [ B251F2439B5B9954C863E579432A9316 ] \Device\Harddisk0\DR0\Partition1
11:10:24.0161 5076 \Device\Harddisk0\DR0\Partition1 - ok
11:10:24.0161 5076 ============================================================
11:10:24.0161 5076 Scan finished
11:10:24.0161 5076 ============================================================
11:10:24.0332 5068 Detected object count: 11
11:10:24.0332 5068 Actual detected object count: 11
11:12:36.0807 5068 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0807 5068 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0807 5068 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0807 5068 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0807 5068 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0807 5068 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0807 5068 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0807 5068 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0807 5068 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0807 5068 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0807 5068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0807 5068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0823 5068 nlscc ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0823 5068 nlscc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0823 5068 o2flash ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0823 5068 o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0823 5068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0823 5068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0823 5068 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0823 5068 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:36.0823 5068 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:36.0823 5068 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
souxie55
Active Member
 
Posts: 9
Joined: November 17th, 2012, 1:07 am

Re: Please take a look at my logs

Unread postby Cypher » November 28th, 2012, 2:34 pm

Hi souxie55,
Good work.
I had a virus which Microsoft Security Essentials removed, but I think I could still be infected

Have you had anymore alerts from Microsoft Security Essentials?
How is your computer running now, any problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please take a look at my logs

Unread postby souxie55 » November 29th, 2012, 11:21 am

The only issue I'm having now is that the computer takes a couple of minutes to boot up and sometimes it won't boot at all. It will bring up a page that asks me to do a start up repair. I do that and it says it couldn't fix anything.

Once the computer boots and I'm logged in it works fine. I'm not getting anymore alerts.
souxie55
Active Member
 
Posts: 9
Joined: November 17th, 2012, 1:07 am

Re: Please take a look at my logs

Unread postby Cypher » November 29th, 2012, 11:32 am

Hi souxie55.
The only issue I'm having now is that the computer takes a couple of minutes to boot up and sometimes it won't boot at all. It will bring up a page that asks me to do a start up repair. I do that and it says it couldn't fix anything.

Your latest set of logs appear to be clean, so we can rule out malware as the cause of that problem.
If you wish i can direct you to a tech forum where they can advise you further.

This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools/logs we used if they remain on your Desktop.

Remember to update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please take a look at my logs

Unread postby souxie55 » November 29th, 2012, 10:14 pm

Thanks for your help. Could you please tell me where I can go for more help?
souxie55
Active Member
 
Posts: 9
Joined: November 17th, 2012, 1:07 am

Re: Please take a look at my logs

Unread postby Cypher » November 30th, 2012, 6:47 am

Hi souxie55,
Thanks for your help.

You're most welcome.
Could you please tell me where I can go for more help?

Yes no problem, here are some excellent Tech sites (in no particular order) that may be able to help with your problem:


So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.

Any questions before i close this topic?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware