Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spigot/Yahoo infection from YDT install

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 12th, 2013, 3:07 am

I downloaded and installed Youtube Download Tool, which came with some kind of Spigot malware. I purged a lot of it myself, but still when I open Chrome browser, it always opens a second Chrome tab of Yahoo search with URL: http://search.yahoo.com/?type=407453&fr=spigot-yhp-ch. Can you help me purge all of it?


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2
Run by David at 22:53:14 on 2013-11-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16322.13427 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\VyprVPN\VyprVPN.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ie
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Web Desktop] C:\Program Files (x86)\Web Layers\desktop.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [EPSON WorkForce 500 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S1A8C.tmp" /EF "HKCU"
uRunOnce: [Uninstall C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VyprVPN.lnk - C:\Windows\System32\schtasks.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7057615D-425F-4689-B2A5-9A579BCF2854} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9621F672-7913-4757-96D3-67E442557EED} : NameServer = 216.168.2.53 216.168.2.54
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-23 20616]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-30 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-30 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [2013-11-5 1524824]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-30 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131111.002\IDSviA64.sys [2013-11-11 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-30 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-30 433752]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-7-23 927232]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-23 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-3 701512]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-30 144368]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15122208]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-9-28 1907896]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-9-8 65657]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-15 414496]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 ctgame;Game Port;C:\Windows\System32\drivers\ctgame.sys [2010-3-18 26328]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-27 140376]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-23 366216]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-23 786056]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-22 13080]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-3 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-30 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-24 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-22 395752]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 201376]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 154272]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-7-30 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-7-30 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-22 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-22 213504]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-8-20 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-2 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-2 30208]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2012-2-28 176640]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-31 1255736]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2012-2-28 230400]
.
=============== Created Last 30 ================
.
2013-11-11 08:59:44 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2013-10-30 08:18:04 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-10-30 08:18:04 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-10-30 08:17:51 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-10-30 08:17:51 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-10-21 00:28:07 -------- d-----w- C:\ProgramData\Oracle
2013-10-15 23:54:06 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2013-10-15 21:47:39 6665504 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-15 21:47:39 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-15 21:47:36 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-15 21:47:36 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-15 21:47:36 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-09 07:34:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 07:34:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 19:14:15 3398914 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-08 14:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-09-24 02:13:16 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-12 08:58:10 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2013-09-12 08:58:10 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 22:53:21.03 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2013 4:49:25 AM
System Uptime: 11/11/2013 10:12:50 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | Z87-C
Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz | SOCKET 1150 | 2275/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 35.243 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 128 GiB total, 19.892 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 685.602 GiB free.
G: is FIXED (NTFS) - 699 GiB total, 52.455 GiB free.
H: is FIXED (NTFS) - 571 GiB total, 115.779 GiB free.
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP65: 11/3/2013 7:00:03 PM - Windows Backup
RP66: 11/10/2013 11:02:23 PM - Windows Backup
RP67: 11/11/2013 2:08:15 AM - Removed YTD Toolbar v8.1.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Audacity 2.0.5
Creative ALchemy
Creative Audio Console
Creative Software AutoUpdate
Creative WaveStudio 7
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
DING!
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
eReg
FLAC 1.2.1b (remove only)
foobar2000 v1.2.9
GeForce Experience NvStream Client Components
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 45
Java Auto Updater
Logitech SetPoint 6.61
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Mouse and Keyboard Center
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional 2013 - en-us
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Mimo
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 6.2.0
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Newsbin Pro
Norton Security Suite
NVIDIA 3D Vision Controller Driver 331.58
NVIDIA 3D Vision Driver 331.58
NVIDIA Control Panel 331.58
NVIDIA GeForce Experience 1.7
NVIDIA Graphics Driver 331.58
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.16
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.16
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OpenAL
OpenVPN 2.2.2
Outils de vérification linguistique 2013 de Microsoft Office - Français
Pandora
QuickPar 0.9
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2817623) 64-Bit Edition
SHIELD Streaming
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827228) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827235) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2810016) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2825632) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition
Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2825633) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition
Update for Microsoft Word 2013 (KB2827218) 64-Bit Edition
VLC media player 2.0.8
VyprVPN
WinRAR 5.00 beta 8 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/11/2013 1:50:35 AM, Error: Service Control Manager [7031] - The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================


Thank you!!!
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am
Advertisement
Register to Remove

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 12th, 2013, 12:07 pm

Hello Mao55,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 12th, 2013, 7:51 pm

Hello Mao55,

Thank you for your patience! :)

Step 1.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Then
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of OTL.txt log file
  3. Contents of Extras.txt log file
  4. Answer for my question related to type of using of your computer
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 13th, 2013, 1:48 am

Thank you for helping me pgmigg!!

This reply is split into two parts so as to not exceed the maximum number of characters in a post. This is Part One.

A. I did not have any problems executing the instructions.

B. Contents of OTL.txt log file:

OTL logfile created on: 11/12/2013 9:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.94 Gb Total Physical Memory | 13.80 Gb Available Physical Memory | 86.57% Memory free
31.88 Gb Paging File | 29.76 Gb Available in Paging File | 93.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 32.98 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive E: | 128.00 Gb Total Space | 19.89 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 685.60 Gb Free Space | 73.60% Space Free | Partition Type: NTFS
Drive G: | 698.63 Gb Total Space | 52.46 Gb Free Space | 7.51% Space Free | Partition Type: NTFS
Drive H: | 570.64 Gb Total Space | 115.78 Gb Free Space | 20.29% Space Free | Partition Type: NTFS
Drive J: | 1.86 Gb Total Space | 1.47 Gb Free Space | 78.85% Space Free | Partition Type: FAT

Computer Name: DIGITALSTORM-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/12 21:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013/10/17 17:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/17 17:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/15 15:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/07/31 07:44:44 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/07/31 07:38:20 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/12 12:20:08 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/03/12 12:19:38 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/03/05 19:08:42 | 000,291,128 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/01/31 14:20:50 | 000,286,192 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/01/31 14:20:50 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/10/28 23:48:16 | 000,927,232 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
PRC - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/03/18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 20:02:27 | 001,227,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\decc12017394d466b473669f85b31b5d\System.WorkflowServices.ni.dll
MOD - [2013/10/09 01:07:40 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0aa6ae92cf58fb9d614d00132c439b39\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 01:07:40 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c8823408f21cc24f6add84812f1caaaf\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 01:07:39 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\53b16e9e500081433b043c3148d10239\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 01:07:35 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\593b48b531c3445e6dae067cc6879cdd\System.ServiceModel.Web.ni.dll
MOD - [2013/10/09 01:06:49 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5b0f72f144945b19324f94884e1e8699\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 01:06:47 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/09 01:06:46 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/09 01:06:27 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 01:06:27 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 01:04:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/09 01:04:14 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/09 01:04:11 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/08/14 20:18:23 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/14 20:18:17 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 00:16:35 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 00:16:33 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/14 00:16:33 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/07/31 22:58:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/17 17:35:51 | 015,122,208 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/06/13 11:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/13 11:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/02/13 11:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/01/31 14:20:50 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2013/10/17 17:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/15 15:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/08 23:34:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/31 07:44:44 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/07/30 23:27:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/07/30 23:18:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/12 12:20:08 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/12 12:19:38 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/10/28 23:48:16 | 000,927,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe -- (asComSvc)
SRV - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/12/15 09:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 15:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/07/30 19:19:03 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/16 04:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/05/22 22:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/22 22:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/05/22 22:12:48 | 000,077,592 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/05/22 22:12:48 | 000,013,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2013/05/22 21:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 21:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 21:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/04/24 16:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 18:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/03/20 08:51:14 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2013/03/20 08:49:34 | 000,012,288 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2013/03/19 16:25:46 | 000,027,648 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2013/03/19 16:25:28 | 000,023,552 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2013/03/12 12:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/03/04 17:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/31 14:20:10 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/01/31 14:20:10 | 000,028,656 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/12/27 00:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/20 14:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/12/20 14:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/12/20 14:44:10 | 000,020,616 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/27 19:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/06/08 15:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 09:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/11/22 06:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/22 06:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/10/25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/15 19:36:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/06/15 19:36:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/06/15 19:36:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2011/06/15 19:36:42 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/05/21 19:28:38 | 000,176,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2011/05/21 19:28:28 | 000,230,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/16 21:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/18 19:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 19:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 19:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 19:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 19:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 19:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 19:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 19:51:00 | 000,026,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctgame.sys -- (ctgame)
DRV:64bit: - [2010/03/18 19:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/03/18 19:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010/03/18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010/03/18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010/03/18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/10/28 09:41:15 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131112.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 15:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/15 05:38:04 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131112.020\ex64.sys -- (NAVEX15)
DRV - [2013/09/15 05:38:04 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131112.020\eng64.sys -- (NAVENG)
DRV - [2013/08/26 18:27:36 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/26 18:27:36 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 CC 54 A7 99 8D CE 01 [binary data]
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&tpr=111
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=407453&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes\{60FE28B5-591C-4947-BCA9-49BAB9CFFA3A}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN18104704253275810&UM=2
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_enUS547
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/11/12 19:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 18:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/09/03 00:04:13 | 000,000,000 | ---D | M]

[2013/06/13 19:45:42 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\David\AppData\Roaming\Slick Savings\Coupons64.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S1A8C.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\Run: [Web Desktop] C:\Program Files (x86)\Web Layers\desktop.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\RunOnce: [InetReg] C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\RunOnce: [Uninstall C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64" File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = File not found
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7057615D-425F-4689-B2A5-9A579BCF2854}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/27 21:11:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/05/10 11:37:00 | 000,000,330 | ---- | M] () - J:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{f4d874d2-1860-11e3-88ed-74d02b9ca2e8}\Shell - "" = AutoRun
O33 - MountPoints2\{f4d874d2-1860-11e3-88ed-74d02b9ca2e8}\Shell\AutoRun\command - "" = K:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/12 21:23:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/11/12 03:01:21 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/12 03:00:28 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 03:00:28 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 03:00:27 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 03:00:27 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 03:00:27 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 03:00:27 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 03:00:27 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 03:00:27 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 03:00:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 03:00:27 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 03:00:27 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 03:00:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 03:00:27 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 03:00:27 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 03:00:27 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 03:00:27 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 03:00:27 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 03:00:27 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 03:00:27 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 03:00:27 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 03:00:27 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 03:00:27 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 03:00:27 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 03:00:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 03:00:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 03:00:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 03:00:27 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 03:00:27 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 03:00:27 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 03:00:27 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 03:00:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 03:00:27 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 03:00:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 03:00:27 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 03:00:27 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 03:00:27 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 03:00:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 03:00:27 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 03:00:27 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 03:00:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 03:00:27 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 03:00:27 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 03:00:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 03:00:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 03:00:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 03:00:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 03:00:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 03:00:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 03:00:27 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 03:00:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 03:00:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 03:00:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 03:00:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 03:00:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 03:00:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 03:00:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 03:00:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 03:00:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 03:00:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 03:00:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 03:00:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/11 22:51:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\David\Desktop\dds.scr
[2013/11/11 00:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2013/10/30 00:18:04 | 001,063,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/10/30 00:18:04 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/10/30 00:17:51 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013/10/30 00:17:51 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013/10/21 22:33:43 | 030,344,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/21 22:33:43 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/21 22:33:43 | 022,933,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/21 22:33:43 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/21 22:33:43 | 015,858,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/21 22:33:43 | 011,415,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/21 22:33:43 | 011,362,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/21 22:33:43 | 009,516,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/21 22:33:43 | 009,472,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/21 22:33:43 | 003,131,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/21 22:33:43 | 003,124,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/21 22:33:43 | 002,946,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/21 22:33:43 | 002,747,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/21 22:33:43 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433158.dll
[2013/10/21 22:33:43 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433158.dll
[2013/10/21 22:33:43 | 001,241,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/21 22:33:43 | 000,696,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/21 22:33:43 | 000,655,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/21 22:33:43 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/21 22:33:43 | 000,560,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/21 22:33:43 | 000,479,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013/10/21 22:33:43 | 000,405,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013/10/21 22:33:43 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/21 22:33:43 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/21 22:33:43 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/21 22:33:43 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/20 16:29:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Oracle
[2013/10/20 16:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 16:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 16:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/15 15:54:06 | 000,589,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/12 21:29:22 | 000,784,738 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/12 21:29:22 | 000,664,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/12 21:29:22 | 000,122,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/12 21:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/11/12 21:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/12 20:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/12 19:12:03 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 19:12:03 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 19:05:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/12 19:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/12 19:04:56 | 4246,220,798 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/12 09:31:04 | 000,033,992 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/12 09:31:04 | 000,033,992 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/12 09:31:04 | 000,029,352 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/12 09:31:04 | 000,029,352 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/12 09:31:04 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/12 03:00:28 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 03:00:28 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 03:00:27 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 03:00:27 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 03:00:27 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 03:00:27 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 03:00:27 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 03:00:27 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 03:00:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 03:00:27 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 03:00:27 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 03:00:27 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 03:00:27 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 03:00:27 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 03:00:27 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 03:00:27 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 03:00:27 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 03:00:27 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 03:00:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 03:00:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 03:00:27 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 03:00:27 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 03:00:27 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 03:00:27 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 03:00:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 03:00:27 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 03:00:27 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 03:00:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 03:00:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 03:00:27 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 03:00:27 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 03:00:27 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 03:00:27 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 03:00:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 03:00:27 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 03:00:27 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 03:00:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 03:00:27 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 03:00:27 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 03:00:27 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 03:00:27 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 03:00:27 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 03:00:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 03:00:27 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 03:00:27 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 03:00:27 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 03:00:27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 03:00:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 03:00:27 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 03:00:27 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 03:00:27 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 03:00:27 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 03:00:27 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 03:00:27 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 03:00:27 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 03:00:27 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 03:00:27 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 03:00:27 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 03:00:27 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/12 03:00:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 03:00:27 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 03:00:27 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 03:00:27 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/11 22:51:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\David\Desktop\dds.scr
[2013/11/11 01:29:04 | 006,118,784 | ---- | M] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp3
[2013/11/11 01:28:48 | 003,141,670 | ---- | M] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp4
[2013/11/11 01:27:41 | 005,602,692 | ---- | M] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp3
[2013/11/11 01:27:26 | 005,205,557 | ---- | M] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp4
[2013/11/11 01:18:04 | 007,478,912 | ---- | M] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp3
[2013/11/11 01:17:46 | 025,882,899 | ---- | M] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp4
[2013/11/11 01:16:24 | 004,966,784 | ---- | M] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp3
[2013/11/11 01:15:58 | 004,334,696 | ---- | M] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp4
[2013/11/11 01:15:15 | 006,124,928 | ---- | M] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp3
[2013/11/11 01:14:52 | 023,177,866 | ---- | M] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp4
[2013/11/11 01:12:42 | 010,700,676 | ---- | M] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp3
[2013/11/11 01:03:56 | 089,709,722 | ---- | M] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp4
[2013/11/09 02:35:09 | 000,668,318 | ---- | M] () -- C:\Users\David\Desktop\Untitled.jpg
[2013/10/24 20:09:33 | 000,037,713 | ---- | M] () -- C:\Users\David\AppData\Roaming\Comma Separated Values.ADR
[2013/10/24 20:08:11 | 000,026,957 | ---- | M] () -- C:\Users\David\Documents\contacts.csv
[2013/10/24 20:08:11 | 000,026,957 | ---- | M] () -- C:\Users\David\Desktop\contacts.csv
[2013/10/24 17:32:19 | 000,576,281 | ---- | M] () -- C:\Users\David\Documents\bookmarks_10_24_13.html
[2013/10/24 13:54:09 | 002,347,469 | ---- | M] () -- C:\Users\David\Desktop\Comcast 2013-10-18_bill.pdf
[2013/10/24 12:39:34 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2013/10/24 09:28:00 | 000,967,216 | ---- | M] () -- C:\Users\David\Desktop\IMG_20131023_140537_486.jpg
[2013/10/24 09:28:00 | 000,871,182 | ---- | M] () -- C:\Users\David\Desktop\IMG_20131023_140552_318.jpg
[2013/10/18 00:02:18 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/17 17:36:09 | 001,063,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/10/17 17:36:08 | 000,955,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/10/15 16:48:05 | 030,344,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/15 16:48:05 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/15 16:48:05 | 022,933,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/15 16:48:05 | 018,290,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/10/15 16:48:05 | 018,243,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/10/15 16:48:05 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/15 16:48:05 | 015,858,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/15 16:48:05 | 015,244,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/10/15 16:48:05 | 011,415,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/15 16:48:05 | 011,362,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/15 16:48:05 | 009,516,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/15 16:48:05 | 009,472,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/15 16:48:05 | 003,131,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/15 16:48:05 | 003,124,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/15 16:48:05 | 003,067,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/10/15 16:48:05 | 002,946,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/15 16:48:05 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/15 16:48:05 | 002,694,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/10/15 16:48:05 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433158.dll
[2013/10/15 16:48:05 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433158.dll
[2013/10/15 16:48:05 | 001,435,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013/10/15 16:48:05 | 001,241,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/15 16:48:05 | 000,696,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/15 16:48:05 | 000,655,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/15 16:48:05 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/15 16:48:05 | 000,560,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/15 16:48:05 | 000,479,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013/10/15 16:48:05 | 000,405,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013/10/15 16:48:05 | 000,317,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/15 16:48:05 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/15 16:48:05 | 000,168,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/15 16:48:05 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/15 16:48:05 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/10/15 16:48:05 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/10/15 16:48:05 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/15 15:54:06 | 000,589,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/10/15 13:47:39 | 006,665,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/10/15 13:47:39 | 003,489,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/10/15 13:47:36 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/10/15 13:47:36 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013/10/14 18:00:00 | 000,028,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/12 03:00:27 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 03:00:27 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/11 01:29:00 | 006,118,784 | ---- | C] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp3
[2013/11/11 01:28:46 | 003,141,670 | ---- | C] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp4
[2013/11/11 01:27:37 | 005,602,692 | ---- | C] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp3
[2013/11/11 01:27:23 | 005,205,557 | ---- | C] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp4
[2013/11/11 01:17:58 | 007,478,912 | ---- | C] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp3
[2013/11/11 01:17:36 | 025,882,899 | ---- | C] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp4
[2013/11/11 01:16:21 | 004,966,784 | ---- | C] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp3
[2013/11/11 01:15:56 | 004,334,696 | ---- | C] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp4
[2013/11/11 01:15:10 | 006,124,928 | ---- | C] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp3
[2013/11/11 01:14:47 | 023,177,866 | ---- | C] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp4
[2013/11/11 01:12:34 | 010,700,676 | ---- | C] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp3
[2013/11/11 01:03:07 | 089,709,722 | ---- | C] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp4
[2013/11/09 02:35:09 | 000,668,318 | ---- | C] () -- C:\Users\David\Desktop\Untitled.jpg
[2013/10/24 21:10:25 | 000,026,957 | ---- | C] () -- C:\Users\David\Documents\contacts.csv
[2013/10/24 20:09:33 | 000,037,713 | ---- | C] () -- C:\Users\David\AppData\Roaming\Comma Separated Values.ADR
[2013/10/24 20:08:11 | 000,026,957 | ---- | C] () -- C:\Users\David\Desktop\contacts.csv
[2013/10/24 17:32:19 | 000,576,281 | ---- | C] () -- C:\Users\David\Documents\bookmarks_10_24_13.html
[2013/10/24 13:54:09 | 002,347,469 | ---- | C] () -- C:\Users\David\Desktop\Comcast 2013-10-18_bill.pdf
[2013/10/24 09:28:00 | 000,967,216 | ---- | C] () -- C:\Users\David\Desktop\IMG_20131023_140537_486.jpg
[2013/10/24 09:28:00 | 000,871,182 | ---- | C] () -- C:\Users\David\Desktop\IMG_20131023_140552_318.jpg
[2013/09/22 20:03:12 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/09/22 20:03:12 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/09/22 20:03:12 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/09/22 20:03:12 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/09/22 20:03:12 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/09/22 20:03:12 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/09/22 20:03:12 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/09/22 20:03:12 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/09/22 20:03:12 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/09/22 20:03:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/09/22 20:03:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/09/22 20:03:12 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/09/22 20:03:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/09/22 20:03:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/09/22 20:03:12 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/09/22 20:03:12 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/03 00:46:28 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/01 18:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\David\ntuser.pol
[2013/07/30 23:33:59 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2013/07/30 23:18:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/07/30 23:18:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/07/23 08:02:43 | 000,057,678 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/07/23 08:01:36 | 000,015,232 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/07/23 08:01:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/07/23 08:01:20 | 000,042,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/07/19 03:52:43 | 000,778,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/13 11:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/02 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.pandora.desktop
[2013/09/02 22:35:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1
[2013/07/31 20:10:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2013/07/29 20:52:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mimo
[2013/09/09 01:37:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Motorola Mobility
[2013/11/11 01:12:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Audacity
[2013/08/04 00:23:28 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.pandora.desktop
[2013/08/04 00:23:27 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1
[2013/11/11 01:50:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DefaultTab
[2013/09/22 20:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\EPSON
[2013/11/11 01:09:17 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\foobar2000
[2013/08/28 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mimo
[2013/11/12 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MotoCast
[2013/09/08 16:18:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Motorola
[2013/09/08 16:19:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Motorola Mobility
[2013/10/20 16:29:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Oracle
[2013/08/04 01:14:28 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Southwest Airlines

========== Purity Check ==========



< End of report >
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 13th, 2013, 1:49 am

This is Part Two:


C. Contents of Extras.txt:

OTL Extras logfile created on: 11/12/2013 9:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.94 Gb Total Physical Memory | 13.80 Gb Available Physical Memory | 86.57% Memory free
31.88 Gb Paging File | 29.76 Gb Available in Paging File | 93.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 32.98 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive E: | 128.00 Gb Total Space | 19.89 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 685.60 Gb Free Space | 73.60% Space Free | Partition Type: NTFS
Drive G: | 698.63 Gb Total Space | 52.46 Gb Free Space | 7.51% Space Free | Partition Type: NTFS
Drive H: | 570.64 Gb Total Space | 115.78 Gb Free Space | 20.29% Space Free | Partition Type: NTFS
Drive J: | 1.86 Gb Total Space | 1.47 Gb Free Space | 78.85% Space Free | Partition Type: FAT

Computer Name: DIGITALSTORM-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034FC5EF-2F58-4AD8-99F8-11B7D83861F2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0D8C11CE-9B9E-4701-ABDF-4DE76446A728}" = rport=138 | protocol=17 | dir=out | app=system |
"{13D2F794-0F8D-4192-9824-BA84FC29B3CB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{1AB5D560-DCD1-4514-9BF6-BB455CB1FFD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26903DEC-D47A-4131-8871-1D7099FFA9A7}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2F9F7641-EAEB-4BD6-81B5-1DB78D371E3F}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{3C773911-4A91-4F1D-A83F-195F631CDDFD}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{465C6D3C-9DFF-4DE8-AE98-7FC01DA4981E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{4B142E9F-D66B-43FD-B696-80B7B3C54264}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B5BD460-6251-4EB5-8022-32276898CF81}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{5CA0A610-8A66-4132-8A44-53024AB99A2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D246A77-4396-454B-B889-D85EE032A6D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{63B76510-4438-471C-B55C-6A1561807C7C}" = lport=138 | protocol=17 | dir=in | app=system |
"{6454F26D-2E91-4375-BFA5-802A8B21C56F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6A09DA8A-B221-403D-B3D7-8FAF95B3FB2D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6BC0A7D8-81E8-4865-AF0E-164FC2D8E4D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7260BDD5-486F-4198-A87C-CAA4B3E8FB6D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{78C6A10D-A498-4499-81E8-08003646CB75}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{798E36ED-396E-4FEF-857C-84EB78897108}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80A2F6E7-5CF5-4C16-BCED-14E5D67B3164}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8C3F72B1-C09E-4E17-9F75-F879652AED1C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8D8F0CBF-8940-4881-BC2C-98D606767252}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A68F560-D709-41BB-B3BD-034C93FF2B65}" = rport=137 | protocol=17 | dir=out | app=system |
"{9B479E48-7EB4-4290-972C-11774F665E66}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9E5D9576-0309-4BCE-999E-0316668BA94B}" = lport=137 | protocol=17 | dir=in | app=system |
"{A679E716-17AC-48A6-9F1A-273537FFC0B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B69C68F8-594A-432D-B510-82E6D047CE77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFCBA683-998C-4DF4-A1B7-63C1D50ECB58}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{D34EAEC8-F17E-4AA4-8B8E-750E0CE59939}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D81F4E50-1B6E-4EE6-9BEB-B744AF57D305}" = rport=139 | protocol=6 | dir=out | app=system |
"{DA93FB04-2D64-493E-95C8-07BC1304241C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD2FF91B-1A1D-41B3-AB4C-F23E535F677D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{E6E8C515-F403-4818-AF61-DB2CA200DF3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF216AF1-E622-4D97-8773-03BA40997BD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1DD4B85-7B64-4B67-9AE6-B1DB2AB795A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{F5F7729F-436D-4071-B387-53FF531D281D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{FA6FF2F4-81B3-4C80-9A35-6ADC69D2DEF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD72767-0587-4625-96BE-995DF26629A3}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{1312A981-2815-47FA-8AE4-577DC2ECBA74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{141BA026-92D6-4990-842C-4E9D5B0D82C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C798BBD-C4FF-451E-ABBA-11F50C521088}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{220BC599-2F2D-43A4-A264-5B4FD3886B3E}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{22C56011-BFB5-48B4-9089-88E834F378DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{2370FF60-E5B3-4295-8241-86957F837583}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{23E78F31-5EA9-4EB6-AF0E-6AD5229A4C7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A50E370-633F-4AFB-8EAC-4E5520039491}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{30FC4EC5-A265-4732-8EA7-618FF695AE00}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{34294891-295F-4462-AA10-0BA8B4128F2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{451A07EB-5B78-4D64-BB52-10280525800A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45629D01-1E7F-43BF-B359-59CB795C4723}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{508C069A-C10F-43CA-B1A7-0B8AF8A566D8}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{5DA855C6-706D-46E9-A463-36080C28758F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{693B9AAD-6EAE-4D35-B730-6C7A2D0A67AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6997798B-F9B4-48AF-BCB1-268CB2F6E3E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{6CF207BB-5099-4609-BE28-05951634AA4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{708DEA96-56DE-497D-B98D-CF6BE11BE504}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{785D81B8-E578-4952-B9A3-A425B0FB3C4E}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{7B80442E-00AF-41F2-8677-A0B30CF1462C}" = protocol=6 | dir=out | app=c:\program files\newsbin\newsbinpro64.exe |
"{7D4400C0-FAFC-47D3-938D-0F65C32DB6C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98DB6F30-4275-4F88-8CB1-7DBEC6572119}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BA36B8A-05AE-4895-90C5-FEE36DF1D0D5}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"{A998BB1D-A1D9-46BA-8801-58776DBDB125}" = protocol=17 | dir=in | app=c:\program files\newsbin\newsbinpro64.exe |
"{B92005DC-2F8A-4211-B85F-2AAA98AF7321}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C19747E0-A973-4827-AE2D-2D4B5FF90556}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C7A57765-0CB4-4ABD-A73C-9B0F87EB227B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{C9F6C921-FA75-4E12-946D-C04E6DBE79EF}" = protocol=6 | dir=in | app=c:\program files\newsbin\newsbinpro64.exe |
"{CB771F8A-9746-4407-A759-9B09AE46DD42}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CCED4647-5B1E-4218-B923-53AF02CF7816}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DEABB2DD-7509-44E9-AED7-943A8F736F7C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED86DF9E-287F-4604-91ED-F398252FB961}" = protocol=6 | dir=out | app=system |
"{F074F363-13B2-42B2-B15B-FD495FA44767}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE38387B-D4AA-47E8-8938-D092E08F67DB}" = dir=in | app=c:\users\david\appdata\local\microsoft\skydrive\skydrive.exe |
"{FE38D62E-0D71-4CBB-BCB4-E60614C2EB79}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7629623D-F0D0-4AC6-A763-FBE06ED8288C}" = Intel(R) Rapid Storage Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EC78F02-5C36-4C97-AAC4-95A3D742A285}" = Motorola Mobile Drivers Installation 6.2.0
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Newsbin6" = Newsbin Pro
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"ProfessionalRetail - en-us" = Microsoft Office Professional 2013 - en-us
"sp6" = Logitech SetPoint 6.61
"VLC media player" = VLC media player 2.0.8
"WinRAR archiver" = WinRAR 5.00 beta 8 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7DECB2A6-C226-6042-9C2B-83316950D30E}" = Pandora
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{C89FA20F-0236-424C-B7D8-8E5EEDC20E15}" = Motorola Device Software Update
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Audacity_is1" = Audacity 2.0.5
"AudioCS" = Creative Audio Console
"com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1" = Pandora
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EPSON Scanner" = EPSON Scan
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.2.9
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mimo" = Mimo
"N360" = Norton Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2
"QuickPar" = QuickPar 0.9
"VyprVPN 1.4.1.601" = VyprVPN
"WaveStudio 7" = Creative WaveStudio 7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2013 2:14:50 AM | Computer Name = DigitalStorm-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2013 7:17:25 AM | Computer Name = DigitalStorm-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/12/2013 7:17:25 AM | Computer Name = DigitalStorm-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/12/2013 7:17:25 AM | Computer Name = DigitalStorm-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/12/2013 7:19:13 AM | Computer Name = DigitalStorm-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2013 11:05:01 PM | Computer Name = DigitalStorm-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/12/2013 11:05:01 PM | Computer Name = DigitalStorm-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/12/2013 11:05:01 PM | Computer Name = DigitalStorm-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/12/2013 11:06:49 PM | Computer Name = DigitalStorm-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2013 11:24:55 PM | Computer Name = DigitalStorm-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/28/2013 4:47:01 AM | Computer Name = DigitalStorm-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/28/2013 4:49:09 AM | Computer Name = DigitalStorm-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/28/2013 4:49:09 AM | Computer Name = DigitalStorm-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/28/2013 4:49:09 AM | Computer Name = DigitalStorm-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/28/2013 4:49:57 AM | Computer Name = DigitalStorm-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/28/2013 4:49:57 AM | Computer Name = DigitalStorm-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/9/2013 5:01:32 AM | Computer Name = DigitalStorm-PC | Source = DCOM | ID = 10010
Description =

Error - 10/13/2013 9:22:56 PM | Computer Name = DigitalStorm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:49:28 AM on ?10/?13/?2013 was unexpected.

Error - 10/27/2013 3:36:22 AM | Computer Name = DigitalStorm-PC | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 11/11/2013 5:50:35 AM | Computer Name = DigitalStorm-PC | Source = Service Control Manager | ID = 7031
Description = The Motorola Device Manager Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
1000 milliseconds: Restart the service.


< End of report >


D. This is a standalone home computer that is not a part of a network or connected to any other computer. It is for private, non-commercial, non-educational use. I am the only user of this computer.

E. No changes since completing these instructions, no, if that's what you mean. The sole remaining sign of infection I see is that whenever I open Chrome, a second tab opens within that Chrome instance which opens a Yahoo search page with the URL http://search.yahoo.com/?type=407453&am ... got-yhp-ch. This symptom remains.
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 13th, 2013, 5:18 pm

Hello Mao55,

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before
most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
TDSSKiller - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 3.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 4.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 5.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of the JRT.txt log file
  4. Contents of the AdwCleaner[Sn].txt log file
  5. Contents of the most recent OTL.txt file after fresh OTL scan
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 14th, 2013, 1:05 am

Thank you for your continuing support, pgmigg!

My reply is 208352 characters, so I will have to split this reply into 3 or 4 parts, this being reply part 1:

A. Kinda. After AdwCleaner ran, it did open a txt file. It closed before I could save it. I then went searching for it, and I found two files, AdwCleaner[R0].txt and AdwCleaner[S0].txt in a new AdwCleaner folder on C:. I hope these are the files you were wanting.

B. Contents of TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt:

19:50:39.0726 0x1164 TDSS rootkit removing tool 3.0.0.17 Nov 12 2013 19:54:52
19:51:04.0516 0x1164 ============================================================
19:51:04.0516 0x1164 Current date / time: 2013/11/13 19:51:04.0516
19:51:04.0516 0x1164 SystemInfo:
19:51:04.0516 0x1164
19:51:04.0516 0x1164 OS Version: 6.1.7601 ServicePack: 1.0
19:51:04.0516 0x1164 Product type: Workstation
19:51:04.0516 0x1164 ComputerName: DIGITALSTORM-PC
19:51:04.0516 0x1164 UserName: David
19:51:04.0516 0x1164 Windows directory: C:\Windows
19:51:04.0516 0x1164 System windows directory: C:\Windows
19:51:04.0516 0x1164 Running under WOW64
19:51:04.0516 0x1164 Processor architecture: Intel x64
19:51:04.0516 0x1164 Number of processors: 8
19:51:04.0516 0x1164 Page size: 0x1000
19:51:04.0516 0x1164 Boot type: Normal boot
19:51:04.0516 0x1164 ============================================================
19:51:04.0906 0x1164 System UUID: {63770BB8-F432-B3B3-932C-FD94BC003435}
19:51:05.0199 0x1164 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:05.0413 0x1164 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:05.0426 0x1164 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:05.0442 0x1164 Drive \Device\Harddisk3\DR3 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x44C33, SectorsPerTrack: 0x33, TracksPerCylinder: 0x66, Type 'K0', Flags 0x00000040
19:51:05.0473 0x1164 Drive \Device\Harddisk5\DR5 - Size: 0x77600000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:51:05.0480 0x1164 ============================================================
19:51:05.0480 0x1164 \Device\Harddisk0\DR0:
19:51:05.0480 0x1164 MBR partitions:
19:51:05.0480 0x1164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:51:05.0480 0x1164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
19:51:05.0480 0x1164 \Device\Harddisk1\DR1:
19:51:05.0480 0x1164 MBR partitions:
19:51:05.0481 0x1164 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:51:05.0481 0x1164 \Device\Harddisk2\DR2:
19:51:05.0484 0x1164 MBR partitions:
19:51:05.0487 0x1164 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x57541401
19:51:05.0487 0x1164 \Device\Harddisk3\DR3:
19:51:05.0492 0x1164 MBR partitions:
19:51:05.0492 0x1164 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x33, BlocksNum 0xFFFE43F
19:51:05.0501 0x1164 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0xFFFE4A5, BlocksNum 0x47546B5F
19:51:05.0501 0x1164 \Device\Harddisk5\DR5:
19:51:05.0503 0x1164 MBR partitions:
19:51:05.0503 0x1164 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3BAF7F
19:51:05.0503 0x1164 ============================================================
19:51:05.0505 0x1164 C: <-> \Device\Harddisk0\DR0\Partition2
19:51:05.0533 0x1164 E: <-> \Device\Harddisk3\DR3\Partition1
19:51:05.0550 0x1164 G: <-> \Device\Harddisk2\DR2\Partition1
19:51:05.0580 0x1164 H: <-> \Device\Harddisk3\DR3\Partition2
19:51:05.0604 0x1164 F: <-> \Device\Harddisk1\DR1\Partition1
19:51:05.0604 0x1164 ============================================================
19:51:05.0604 0x1164 Initialize success
19:51:05.0604 0x1164 ============================================================
19:51:23.0549 0x069c ============================================================
19:51:23.0549 0x069c Scan started
19:51:23.0549 0x069c Mode: Manual;
19:51:23.0549 0x069c ============================================================
19:51:23.0549 0x069c KSN ping started
19:51:26.0512 0x069c KSN ping finished: true
19:51:26.0735 0x069c ================ Scan system memory ========================
19:51:26.0735 0x069c System memory - ok
19:51:26.0735 0x069c ================ Scan services =============================
19:51:26.0786 0x069c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:51:26.0794 0x069c 1394ohci - ok
19:51:26.0818 0x069c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:51:26.0825 0x069c ACPI - ok
19:51:26.0827 0x069c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:51:26.0828 0x069c AcpiPmi - ok
19:51:26.0833 0x069c [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:51:26.0834 0x069c AdobeARMservice - ok
19:51:26.0847 0x069c [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:51:26.0849 0x069c AdobeFlashPlayerUpdateSvc - ok
19:51:26.0858 0x069c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:51:26.0864 0x069c adp94xx - ok
19:51:26.0871 0x069c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:51:26.0876 0x069c adpahci - ok
19:51:26.0881 0x069c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:51:26.0884 0x069c adpu320 - ok
19:51:26.0887 0x069c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:51:26.0888 0x069c AeLookupSvc - ok
19:51:26.0896 0x069c [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
19:51:26.0903 0x069c AFD - ok
19:51:26.0905 0x069c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:51:26.0907 0x069c agp440 - ok
19:51:26.0909 0x069c AIDA64Driver - ok
19:51:26.0912 0x069c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:51:26.0913 0x069c ALG - ok
19:51:26.0915 0x069c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:51:26.0916 0x069c aliide - ok
19:51:26.0918 0x069c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:51:26.0919 0x069c amdide - ok
19:51:26.0921 0x069c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:51:26.0923 0x069c AmdK8 - ok
19:51:26.0925 0x069c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:51:26.0927 0x069c AmdPPM - ok
19:51:26.0930 0x069c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:51:26.0932 0x069c amdsata - ok
19:51:26.0936 0x069c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:51:26.0940 0x069c amdsbs - ok
19:51:26.0942 0x069c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:51:26.0942 0x069c amdxata - ok
19:51:26.0945 0x069c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
19:51:26.0946 0x069c AppID - ok
19:51:26.0948 0x069c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:51:26.0949 0x069c AppIDSvc - ok
19:51:26.0952 0x069c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
19:51:26.0953 0x069c Appinfo - ok
19:51:26.0955 0x069c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
19:51:26.0957 0x069c arc - ok
19:51:26.0960 0x069c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:51:26.0962 0x069c arcsas - ok
19:51:26.0976 0x069c [ 1A7A2CAC3B5AFABD6636B25DFE33CBAD, 0677FD0A6548E93320EF45B7EBD96F2FEA406790C68AA1F41623A1BFF8A1282E ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
19:51:26.0985 0x069c asComSvc - ok
19:51:26.0987 0x069c [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
19:51:26.0987 0x069c AsIO - ok
19:51:26.0991 0x069c [ 8569AF4C73747671194EA9EBB2F2D6CF, 121E7FC8C7E22CC7D27DCBD3988608C806D36ADE3753A36AA2DA48B07AD1BBFA ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
19:51:26.0993 0x069c asmthub3 - ok
19:51:27.0001 0x069c [ 073716FBFFAC7057CD5FF00A1B558331, B9EDB17A98CA4C5B217F56D012133F0B292AB484217B8F231E07367574110EB8 ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
19:51:27.0006 0x069c asmtxhci - ok
19:51:27.0012 0x069c [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:51:27.0014 0x069c aspnet_state - ok
19:51:27.0016 0x069c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:27.0017 0x069c AsyncMac - ok
19:51:27.0019 0x069c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:51:27.0019 0x069c atapi - ok
19:51:27.0021 0x069c [ 4119870B90E1B5E7797D6433D21F9216, 5CDA3748A6C89B1046173F20D857D164F4170A5028370B5BB9843212CEA86C8F ] AthDfu C:\Windows\System32\Drivers\AthDfu.sys
19:51:27.0023 0x069c AthDfu - ok
19:51:27.0024 0x069c [ E82E61F46D1336447F4DEFF8C074F13E, 9FC152B33F1D9F5684B687743E943AA26AC17A1093F4C31A43C7012E70BC302E ] AtiPcie C:\Windows\system32\drivers\AtiPcie64.sys
19:51:27.0025 0x069c AtiPcie - ok
19:51:27.0035 0x069c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:51:27.0044 0x069c AudioEndpointBuilder - ok
19:51:27.0054 0x069c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:51:27.0061 0x069c AudioSrv - ok
19:51:27.0064 0x069c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:51:27.0066 0x069c AxInstSV - ok
19:51:27.0075 0x069c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:51:27.0082 0x069c b06bdrv - ok
19:51:27.0088 0x069c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:51:27.0092 0x069c b57nd60a - ok
19:51:27.0096 0x069c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:51:27.0098 0x069c BDESVC - ok
19:51:27.0099 0x069c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:51:27.0100 0x069c Beep - ok
19:51:27.0111 0x069c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:51:27.0120 0x069c BFE - ok
19:51:27.0144 0x069c [ CB1B72BDCCF77B8F2104CF068FD2355C, BD6D8932B77660666824522F110F13DCCA06BE6FC27C186D79C0BD80EC17845B ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys
19:51:27.0158 0x069c BHDrvx64 - ok
19:51:27.0171 0x069c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
19:51:27.0180 0x069c BITS - ok
19:51:27.0182 0x069c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:27.0183 0x069c blbdrive - ok
19:51:27.0186 0x069c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:51:27.0187 0x069c bowser - ok
19:51:27.0189 0x069c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:51:27.0190 0x069c BrFiltLo - ok
19:51:27.0192 0x069c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:51:27.0193 0x069c BrFiltUp - ok
19:51:27.0196 0x069c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
19:51:27.0198 0x069c Browser - ok
19:51:27.0204 0x069c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:51:27.0208 0x069c Brserid - ok
19:51:27.0210 0x069c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:27.0212 0x069c BrSerWdm - ok
19:51:27.0214 0x069c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:27.0215 0x069c BrUsbMdm - ok
19:51:27.0216 0x069c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:27.0217 0x069c BrUsbSer - ok
19:51:27.0219 0x069c [ A9DF22429E8D69ED849B0BBBE16BD327, 853A2F34EDBE62889769B6B75B50A6E57971279EAF3936E03EF46D311B5483C5 ] BTATH_BUS C:\Windows\system32\drivers\btath_bus.sys
19:51:27.0220 0x069c BTATH_BUS - ok
19:51:27.0225 0x069c [ C864FF85EE16D61C2BDD5EF76824625F, 6D2FE57688D9E8B4277BF6DA9C219DEB367274364FBE17EFC353CEDB2D7EA35D ] BTATH_HCRP C:\Windows\system32\drivers\btath_hcrp.sys
19:51:27.0228 0x069c BTATH_HCRP - ok
19:51:27.0232 0x069c [ 724C8088C96EFE7A3E63FEC21D4681C0, 4F9B258BE0FEA634A0D93B3892F2F039A7CAD184C9A81DFC2B67B0D4B39C5035 ] BTATH_RCP C:\Windows\system32\drivers\btath_rcp.sys
19:51:27.0235 0x069c BTATH_RCP - ok
19:51:27.0237 0x069c [ 21A583678FD814794BC3E8E32E5A6BD3, 4EC67E35BAC69A66B480DA50FBB176104C7294744B3F7B7F4C05F2B351FE62DE ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
19:51:27.0238 0x069c BTCFilterService - ok
19:51:27.0241 0x069c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:51:27.0242 0x069c BTHMODEM - ok
19:51:27.0245 0x069c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:51:27.0247 0x069c bthserv - ok
19:51:27.0252 0x069c [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys
19:51:27.0253 0x069c ccSet_N360 - ok
19:51:27.0256 0x069c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:51:27.0258 0x069c cdfs - ok
19:51:27.0262 0x069c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:51:27.0264 0x069c cdrom - ok
19:51:27.0267 0x069c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:51:27.0268 0x069c CertPropSvc - ok
19:51:27.0271 0x069c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
19:51:27.0272 0x069c circlass - ok
19:51:27.0279 0x069c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:51:27.0283 0x069c CLFS - ok
19:51:27.0288 0x069c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:27.0289 0x069c clr_optimization_v2.0.50727_32 - ok
19:51:27.0294 0x069c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:51:27.0296 0x069c clr_optimization_v2.0.50727_64 - ok
19:51:27.0301 0x069c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:51:27.0303 0x069c clr_optimization_v4.0.30319_32 - ok
19:51:27.0306 0x069c [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:51:27.0307 0x069c clr_optimization_v4.0.30319_64 - ok
19:51:27.0309 0x069c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:51:27.0310 0x069c CmBatt - ok
19:51:27.0312 0x069c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:51:27.0313 0x069c cmdide - ok
19:51:27.0326 0x069c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
19:51:27.0331 0x069c CNG - ok
19:51:27.0336 0x069c [ F38ACFF40E9EDC2B3476EDD724CEA4A0, 2F6CB415F405F70BE1D40D0B912A1D4405E6F68E61A49AABD5C4C7F82681FF16 ] COMMONFX C:\Windows\system32\drivers\COMMONFX.SYS
19:51:27.0338 0x069c COMMONFX - ok
19:51:27.0342 0x069c [ F38ACFF40E9EDC2B3476EDD724CEA4A0, 2F6CB415F405F70BE1D40D0B912A1D4405E6F68E61A49AABD5C4C7F82681FF16 ] COMMONFX.SYS C:\Windows\System32\drivers\COMMONFX.SYS
19:51:27.0343 0x069c COMMONFX.SYS - ok
19:51:27.0345 0x069c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:51:27.0346 0x069c Compbatt - ok
19:51:27.0348 0x069c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:51:27.0350 0x069c CompositeBus - ok
19:51:27.0351 0x069c COMSysApp - ok
19:51:27.0353 0x069c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:51:27.0354 0x069c crcdisk - ok
19:51:27.0357 0x069c [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:51:27.0358 0x069c Creative ALchemy AL6 Licensing Service - ok
19:51:27.0361 0x069c [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:51:27.0362 0x069c Creative Audio Engine Licensing Service - ok
19:51:27.0367 0x069c [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:51:27.0369 0x069c CryptSvc - ok
19:51:27.0380 0x069c [ 095C566746217CD1482EDE40A70D87D2, FE8F9505C15E85222EC2DC21F239D9613EDB1E07FF4EE33A931AC0271A35B5B7 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
19:51:27.0386 0x069c ctac32k - ok
19:51:27.0400 0x069c [ 157E2196FCCD002A2EDF3B06DF7B0C9A, 54FCAE9C37D64B66D0339B397F2C270095FCC47A33F0D59A3077E5DC37475796 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
19:51:27.0408 0x069c ctaud2k - ok
19:51:27.0420 0x069c [ 17979EE857E930CBFDF24A12E89D77A1, AEAACA78B36F26A735F20295A74645C2EFDE5498C70156B902DF853B42B5D8AD ] CTAUDFX C:\Windows\system32\drivers\CTAUDFX.SYS
19:51:27.0426 0x069c CTAUDFX - ok
19:51:27.0438 0x069c [ 17979EE857E930CBFDF24A12E89D77A1, AEAACA78B36F26A735F20295A74645C2EFDE5498C70156B902DF853B42B5D8AD ] CTAUDFX.SYS C:\Windows\System32\drivers\CTAUDFX.SYS
19:51:27.0445 0x069c CTAUDFX.SYS - ok
19:51:27.0451 0x069c [ 5CE3D0E1D1B3832EE052CFC442EEE0FA, 6B9DB2C350140ED547C7A96DB0EAD812E8987176B312C79AF52FC9B23EEEB8C4 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:51:27.0455 0x069c CTAudSvcService - ok
19:51:27.0458 0x069c [ FE3EAE37536C02D087E5C5D339663779, 4FE08D6EC273241C789F3FE51235CCF5DD70C1196329347C12793B518EE3D33A ] CTERFXFX C:\Windows\system32\drivers\CTERFXFX.SYS
19:51:27.0461 0x069c CTERFXFX - ok
19:51:27.0464 0x069c [ FE3EAE37536C02D087E5C5D339663779, 4FE08D6EC273241C789F3FE51235CCF5DD70C1196329347C12793B518EE3D33A ] CTERFXFX.SYS C:\Windows\System32\drivers\CTERFXFX.SYS
19:51:27.0466 0x069c CTERFXFX.SYS - ok
19:51:27.0467 0x069c [ 51882DEB6E27BD59717CDE2038271930, 492CBEBDB5C668A3FFAE12E917F2D61A03964DC4BCDBDCBF6ABAD194A5219CDC ] ctgame C:\Windows\system32\DRIVERS\ctgame.sys
19:51:27.0468 0x069c ctgame - ok
19:51:27.0470 0x069c [ 4E4FDAB4A7CF5AF56E3FA1FE35E8AD3C, 59DA2CAF7E4DF97072E71BCE29DEEA764E7552E7539B25BB38FBF9A9CDB0CFEC ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
19:51:27.0470 0x069c ctprxy2k - ok
19:51:27.0482 0x069c [ 4A7DE2E30B2B9253933A157401EC76D5, 2AFEF3C4340791D2F0368911A35EF2554C59267D0BB8CFECF93EFC08D610A9D1 ] CTSBLFX C:\Windows\system32\drivers\CTSBLFX.SYS
19:51:27.0489 0x069c CTSBLFX - ok
19:51:27.0501 0x069c [ 4A7DE2E30B2B9253933A157401EC76D5, 2AFEF3C4340791D2F0368911A35EF2554C59267D0BB8CFECF93EFC08D610A9D1 ] CTSBLFX.SYS C:\Windows\System32\drivers\CTSBLFX.SYS
19:51:27.0507 0x069c CTSBLFX.SYS - ok
19:51:27.0514 0x069c [ 065ADE032A044D518AB1407D3586B7D5, 09BA9FB3B5685775811C95A4C09EE9DF770AB6DC497211C99EC9A6216119CC9E ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
19:51:27.0516 0x069c ctsfm2k - ok
19:51:27.0520 0x069c [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:51:27.0521 0x069c dc3d - ok
19:51:27.0530 0x069c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:51:27.0536 0x069c DcomLaunch - ok
19:51:27.0542 0x069c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:51:27.0546 0x069c defragsvc - ok
19:51:27.0551 0x069c [ 59D90B6A7FBC4CC712DD7C5868618480, ED7D7052D50B346CD1624D05ADDC33E030008D7EEE3AEDBA267F583BE51D859B ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
19:51:27.0553 0x069c DeviceMonitorService - ok
19:51:27.0556 0x069c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:51:27.0557 0x069c DfsC - ok
19:51:27.0563 0x069c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:51:27.0567 0x069c Dhcp - ok
19:51:27.0569 0x069c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:51:27.0570 0x069c discache - ok
19:51:27.0573 0x069c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
19:51:27.0574 0x069c Disk - ok
19:51:27.0578 0x069c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:51:27.0580 0x069c Dnscache - ok
19:51:27.0585 0x069c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:51:27.0589 0x069c dot3svc - ok
19:51:27.0592 0x069c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:51:27.0595 0x069c DPS - ok
19:51:27.0596 0x069c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:51:27.0597 0x069c drmkaud - ok
19:51:27.0611 0x069c [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:51:27.0620 0x069c DXGKrnl - ok
19:51:27.0624 0x069c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:51:27.0626 0x069c EapHost - ok
19:51:27.0666 0x069c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:51:27.0704 0x069c ebdrv - ok
19:51:27.0715 0x069c [ A2DA3D8E0B336E13F7A155B5789B58CF, D492E24807857547F62E69B8F2935ABC48113C28832B1155AB3186D04A63DEF1 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:51:27.0720 0x069c eeCtrl - ok
19:51:27.0722 0x069c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
19:51:27.0723 0x069c EFS - ok
19:51:27.0735 0x069c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:51:27.0745 0x069c ehRecvr - ok
19:51:27.0748 0x069c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:51:27.0750 0x069c ehSched - ok
19:51:27.0760 0x069c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:51:27.0768 0x069c elxstor - ok
19:51:27.0772 0x069c [ F380FF5D6D80CECC6DBBC15569757613, D882947D41396DB6E57691A7971B27664E7CB14475B48A37FC63D0BA3C908112 ] emupia C:\Windows\system32\drivers\emupia2k.sys
19:51:27.0774 0x069c emupia - ok
19:51:27.0777 0x069c [ B5581646636759D0DAFA8B008881C079, 0CADE029ABDCDE3A89C0786F1698C93D9A7CC981EFB3761CF243E19E178FF611 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
19:51:27.0780 0x069c EPSON_EB_RPCV4_01 - ok
19:51:27.0783 0x069c [ 1E345F2A2D95DA3190596E691CDE9342, 9D1D48F3B749ADA598D155E11E63CD52A4EEABF9BE92A1D997D25D07CF350084 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
19:51:27.0785 0x069c EPSON_PM_RPCV4_01 - ok
19:51:27.0788 0x069c [ 23C3061D2F7F8BCB6140A098447035B4, A89A628D99637DA72F51E90A6C3CBAAB552B423447C2EDC561E3D7CCB4D7EAB7 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:51:27.0790 0x069c EraserUtilRebootDrv - ok
19:51:27.0791 0x069c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:51:27.0792 0x069c ErrDev - ok
19:51:27.0801 0x069c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:51:27.0806 0x069c EventSystem - ok
19:51:27.0810 0x069c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:51:27.0813 0x069c exfat - ok
19:51:27.0818 0x069c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:51:27.0822 0x069c fastfat - ok
19:51:27.0833 0x069c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:51:27.0843 0x069c Fax - ok
19:51:27.0845 0x069c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
19:51:27.0846 0x069c fdc - ok
19:51:27.0848 0x069c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:51:27.0849 0x069c fdPHost - ok
19:51:27.0851 0x069c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:51:27.0851 0x069c FDResPub - ok
19:51:27.0853 0x069c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:51:27.0855 0x069c FileInfo - ok
19:51:27.0857 0x069c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:51:27.0858 0x069c Filetrace - ok
19:51:27.0860 0x069c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:51:27.0860 0x069c flpydisk - ok
19:51:27.0867 0x069c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:51:27.0871 0x069c FltMgr - ok
19:51:27.0888 0x069c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
19:51:27.0903 0x069c FontCache - ok
19:51:27.0906 0x069c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:51:27.0907 0x069c FontCache3.0.0.0 - ok
19:51:27.0909 0x069c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:51:27.0910 0x069c FsDepends - ok
19:51:27.0912 0x069c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:51:27.0913 0x069c Fs_Rec - ok
19:51:27.0917 0x069c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:51:27.0920 0x069c fvevol - ok
19:51:27.0922 0x069c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:51:27.0924 0x069c gagp30kx - ok
19:51:27.0935 0x069c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
19:51:27.0945 0x069c gpsvc - ok
19:51:27.0949 0x069c GPU-Z - ok
19:51:27.0953 0x069c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:51:27.0954 0x069c gupdate - ok
19:51:27.0957 0x069c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:51:27.0958 0x069c gupdatem - ok
19:51:27.0962 0x069c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:51:27.0965 0x069c gusvc - ok
19:51:27.0984 0x069c [ 82B68F585110AE8500A6D23623AE1F74, 1ADCFA2D77E3BB9BDCDD15DC21E7F6707823788A1CFB31ED959BC470595EE89B ] ha10kx2k C:\Windows\system32\drivers\ha10kx2k.sys
19:51:27.0997 0x069c ha10kx2k - ok
19:51:28.0004 0x069c [ 83F647F9ACE9192556F758E528024F68, 1007C2E3C8FDB3CB5FB3C336F9904AD076DC31BB263E633EF17E3813B9ED6EF6 ] hap16v2k C:\Windows\system32\drivers\hap16v2k.sys
19:51:28.0006 0x069c hap16v2k - ok
19:51:28.0012 0x069c [ E815D29361DE89D24C8DBE3E5A7006C9, 2B9075CC6A2425D06E6C3CB77E0755727F8B0920575C660CF261981464D190F0 ] hap17v2k C:\Windows\system32\drivers\hap17v2k.sys
19:51:28.0016 0x069c hap17v2k - ok
19:51:28.0018 0x069c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:51:28.0020 0x069c hcw85cir - ok
19:51:28.0023 0x069c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:51:28.0025 0x069c HDAudBus - ok
19:51:28.0027 0x069c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:51:28.0028 0x069c HidBatt - ok
19:51:28.0031 0x069c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:51:28.0033 0x069c HidBth - ok
19:51:28.0036 0x069c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
19:51:28.0037 0x069c HidIr - ok
19:51:28.0039 0x069c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
19:51:28.0040 0x069c hidserv - ok
19:51:28.0042 0x069c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:51:28.0043 0x069c HidUsb - ok
19:51:28.0046 0x069c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:51:28.0048 0x069c hkmsvc - ok
19:51:28.0053 0x069c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:51:28.0056 0x069c HomeGroupListener - ok
19:51:28.0060 0x069c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:51:28.0063 0x069c HomeGroupProvider - ok
19:51:28.0065 0x069c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:51:28.0067 0x069c HpSAMD - ok
19:51:28.0079 0x069c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:51:28.0089 0x069c HTTP - ok
19:51:28.0091 0x069c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:51:28.0091 0x069c hwpolicy - ok
19:51:28.0094 0x069c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:51:28.0097 0x069c i8042prt - ok
19:51:28.0107 0x069c [ FA4C48E36F0B24E7E33D3E7E1844B9C9, F61F448B8E305DEFDDA5D4A6FC4E57C798C11ED4DA0ACB885847DC8A9A7B4E98 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
19:51:28.0113 0x069c iaStorA - ok
19:51:28.0117 0x069c [ D5854F77CEEAFC5A8405F8ECCBEC09DF, 06D94EAF55787F807FB40E95011E90B0A719AC1A1529C2C110C1EABC5BE02C5B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:51:28.0118 0x069c IAStorDataMgrSvc - ok
19:51:28.0119 0x069c [ 05E24E2CA39C0D2FAADE8FC603345A7D, 01C519CABD3B1F003AAD1B6F1CE79C1A49408DFC2CE5A8008A7BD0A1266D783C ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
19:51:28.0120 0x069c iaStorF - ok
19:51:28.0127 0x069c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:51:28.0132 0x069c iaStorV - ok
19:51:28.0146 0x069c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:51:28.0157 0x069c idsvc - ok
19:51:28.0166 0x069c [ B96F641291378569E8525383FAA183EB, 9C728BA6B1D558B5C3F76003AE93DA61793DB4684E8FC326FF002CDC6060EED7 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131112.002\IDSvia64.sys
19:51:28.0171 0x069c IDSVia64 - ok
19:51:28.0173 0x069c IEEtwCollectorService - ok
19:51:28.0176 0x069c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:51:28.0177 0x069c iirsp - ok
19:51:28.0190 0x069c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
19:51:28.0198 0x069c IKEEXT - ok
19:51:28.0240 0x069c [ 4F7CDC44FD0111D2B9B844E73C377661, A2538F36F64E422D37E6F1DFE9227B54574FA29601FBDDF3AD19C97DF78AA6E7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:51:28.0272 0x069c IntcAzAudAddService - ok
19:51:28.0286 0x069c [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:51:28.0295 0x069c Intel(R) Capability Licensing Service Interface - ok
19:51:28.0308 0x069c [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
19:51:28.0318 0x069c Intel(R) Capability Licensing Service TCP IP Interface - ok
19:51:28.0320 0x069c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:51:28.0321 0x069c intelide - ok
19:51:28.0324 0x069c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:51:28.0324 0x069c intelppm - ok
19:51:28.0327 0x069c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:51:28.0329 0x069c IPBusEnum - ok
19:51:28.0332 0x069c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:28.0333 0x069c IpFilterDriver - ok
19:51:28.0343 0x069c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:51:28.0350 0x069c iphlpsvc - ok
19:51:28.0353 0x069c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:51:28.0355 0x069c IPMIDRV - ok
19:51:28.0358 0x069c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:51:28.0360 0x069c IPNAT - ok
19:51:28.0361 0x069c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:51:28.0362 0x069c IRENUM - ok
19:51:28.0364 0x069c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:51:28.0364 0x069c isapnp - ok
19:51:28.0370 0x069c [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:51:28.0374 0x069c iScsiPrt - ok
19:51:28.0376 0x069c [ 897B93573F07C9CB1140516DAC44BC7E, C80665FEA4913DDC72F2140EC92CD4FA5D693BD8D0E4029A99DB96D63172E3D1 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:51:28.0376 0x069c iusb3hcs - ok
19:51:28.0383 0x069c [ 2D15CEDF619796002E8640F73A4BF920, FCC0137CB5AE32266A550EE46106B80F431F0B55342599951B9D032F8EA10649 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
19:51:28.0386 0x069c iusb3hub - ok
19:51:28.0399 0x069c [ F1E93FE111924D0BC853155AADF8048B, 2DFD5B3D042286A0FD5E482C81FAE339E4F05C0A6DFF43061D8502C4551125F7 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:51:28.0406 0x069c iusb3xhc - ok
19:51:28.0411 0x069c [ BF5D3A2624177C413680DEF19A465AF8, B9909D3E6CB6F9971293116387865AD15CB9D47513C7FAA9C36BE4D2847A41EB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:51:28.0413 0x069c jhi_service - ok
19:51:28.0415 0x069c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:51:28.0416 0x069c kbdclass - ok
19:51:28.0418 0x069c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:51:28.0419 0x069c kbdhid - ok
19:51:28.0421 0x069c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
19:51:28.0421 0x069c KeyIso - ok
19:51:28.0424 0x069c [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:51:28.0425 0x069c KSecDD - ok
19:51:28.0429 0x069c [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:51:28.0431 0x069c KSecPkg - ok
19:51:28.0433 0x069c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:51:28.0434 0x069c ksthunk - ok
19:51:28.0441 0x069c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:51:28.0447 0x069c KtmRm - ok
19:51:28.0451 0x069c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:51:28.0455 0x069c LanmanServer - ok
19:51:28.0458 0x069c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:51:28.0460 0x069c LanmanWorkstation - ok
19:51:28.0467 0x069c [ D186AAAE72691136BDE00BBB41F48D12, C64885A726C0642C92BC4993667696DFEC8D284C20872D58E49786EE280A01ED ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:51:28.0471 0x069c LBTServ - ok
19:51:28.0475 0x069c [ 015BABFCD2E911C505204257DAB5ADC5, 94239919E967ABA12394D445E2D126447B5B7FB042DB95B1CCB280AF02D93833 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
19:51:28.0476 0x069c LEqdUsb - ok
19:51:28.0478 0x069c [ 20A23B8863AAA8A23EEB9E2919F529FD, 5DD7C780346DA6A36AB55B38109167B3BE138713C5A7C913BFED2B61F34E8BA1 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
19:51:28.0478 0x069c LHidEqd - ok
19:51:28.0481 0x069c [ 77D5786C6A7765503884E38706C9FD5E, 827DC2069AA0997DB87E118AAAA53575D97A89147C1451464986F8D68A329D41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:51:28.0482 0x069c LHidFilt - ok
19:51:28.0484 0x069c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:51:28.0485 0x069c lltdio - ok
19:51:28.0491 0x069c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:51:28.0496 0x069c lltdsvc - ok
19:51:28.0498 0x069c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:51:28.0498 0x069c lmhosts - ok
19:51:28.0500 0x069c [ F84023FB2E3DEA06103501974A2EDB44, 38144EB7DE7F0B33F9C3E637715834CD0860CCE11915C77065000949767D98DF ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:51:28.0501 0x069c LMouFilt - ok
19:51:28.0508 0x069c [ 3EA307C51069BC72DD74A4964F2A30A9, EB8F9C936AE43B7E31CB6C46F76FB918509D529E897C0E82B865A2854458996A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:51:28.0512 0x069c LMS - ok
19:51:28.0516 0x069c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:51:28.0518 0x069c LSI_FC - ok
19:51:28.0521 0x069c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:51:28.0523 0x069c LSI_SAS - ok
19:51:28.0525 0x069c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:51:28.0527 0x069c LSI_SAS2 - ok
19:51:28.0530 0x069c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:51:28.0532 0x069c LSI_SCSI - ok
19:51:28.0535 0x069c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:51:28.0538 0x069c luafv - ok
19:51:28.0540 0x069c [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:51:28.0540 0x069c MBAMProtector - ok
19:51:28.0548 0x069c [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:51:28.0553 0x069c MBAMScheduler - ok
19:51:28.0565 0x069c [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:51:28.0574 0x069c MBAMService - ok
19:51:28.0577 0x069c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:51:28.0579 0x069c Mcx2Svc - ok
19:51:28.0581 0x069c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
19:51:28.0583 0x069c megasas - ok
19:51:28.0590 0x069c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:51:28.0596 0x069c MegaSR - ok
19:51:28.0598 0x069c [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:51:28.0599 0x069c MEIx64 - ok
19:51:28.0602 0x069c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:51:28.0603 0x069c MMCSS - ok
19:51:28.0604 0x069c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:51:28.0606 0x069c Modem - ok
19:51:28.0608 0x069c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:51:28.0608 0x069c monitor - ok
19:51:28.0610 0x069c [ 12588483F1A69AB2970D36D96B07F71B, CDC044F2FDAD3B22B295528A117D93B7DF464DE63E421DAE9C19E7A1535E3743 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
19:51:28.0611 0x069c motccgp - ok
19:51:28.0612 0x069c motccgpfl - ok
19:51:28.0616 0x069c [ 1BCB26A55B2E092FAA4DA01D9A3DE528, A4A00F6DAB0EB8AC750184221E19F6182DC8A4CAD87D1259DC15AAF7ACA82360 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
19:51:28.0619 0x069c Motorola Device Manager - ok
19:51:28.0620 0x069c [ 19BC2161C3FCCED802F1BCD9B78C3466, 2EA39F23C49191A4651CD785A742554801A4AC59AACE1993B3A30EA137B4A321 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
19:51:28.0621 0x069c MotoSwitchService - ok
19:51:28.0623 0x069c [ 6A3C0B01551B614B6C6BC9743DEF60D9, 9144C0149A764355045711B36C12F87B2F914B76809407F46FB7BA72F83DDB9D ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
19:51:28.0624 0x069c Motousbnet - ok
19:51:28.0626 0x069c [ 1D19770F88FA22DACB7F488EA8F8EE6B, AD100C774058CF878B6006518F3DCDBDEE475F3C9808FC5D844947D9C305FAE5 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
19:51:28.0626 0x069c motusbdevice - ok
19:51:28.0628 0x069c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:51:28.0629 0x069c mouclass - ok
19:51:28.0631 0x069c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:51:28.0632 0x069c mouhid - ok
19:51:28.0635 0x069c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:51:28.0637 0x069c mountmgr - ok
19:51:28.0641 0x069c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:51:28.0644 0x069c mpio - ok
19:51:28.0646 0x069c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:51:28.0648 0x069c mpsdrv - ok
19:51:28.0660 0x069c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:51:28.0671 0x069c MpsSvc - ok
19:51:28.0675 0x069c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:51:28.0677 0x069c MRxDAV - ok
19:51:28.0681 0x069c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:28.0684 0x069c mrxsmb - ok
19:51:28.0689 0x069c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:28.0693 0x069c mrxsmb10 - ok
19:51:28.0696 0x069c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:28.0698 0x069c mrxsmb20 - ok
19:51:28.0700 0x069c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:51:28.0701 0x069c msahci - ok
19:51:28.0704 0x069c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:51:28.0707 0x069c msdsm - ok
19:51:28.0711 0x069c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:51:28.0713 0x069c MSDTC - ok
19:51:28.0716 0x069c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:51:28.0717 0x069c Msfs - ok
19:51:28.0719 0x069c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:51:28.0719 0x069c mshidkmdf - ok
19:51:28.0721 0x069c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:51:28.0721 0x069c msisadrv - ok
19:51:28.0725 0x069c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:51:28.0728 0x069c MSiSCSI - ok
19:51:28.0730 0x069c msiserver - ok
19:51:28.0731 0x069c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:51:28.0732 0x069c MSKSSRV - ok
19:51:28.0733 0x069c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:28.0734 0x069c MSPCLOCK - ok
19:51:28.0736 0x069c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:51:28.0736 0x069c MSPQM - ok
19:51:28.0743 0x069c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:51:28.0748 0x069c MsRPC - ok
19:51:28.0751 0x069c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:51:28.0751 0x069c mssmbios - ok
19:51:28.0753 0x069c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:51:28.0753 0x069c MSTEE - ok
19:51:28.0755 0x069c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:51:28.0756 0x069c MTConfig - ok
19:51:28.0758 0x069c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:51:28.0759 0x069c Mup - ok
19:51:28.0765 0x069c [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
19:51:28.0767 0x069c N360 - ok
19:51:28.0775 0x069c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:51:28.0781 0x069c napagent - ok
19:51:28.0787 0x069c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:51:28.0792 0x069c NativeWifiP - ok
19:51:28.0795 0x069c [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131113.001\ENG64.SYS
19:51:28.0797 0x069c NAVENG - ok
19:51:28.0824 0x069c [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131113.001\EX64.SYS
19:51:28.0843 0x069c NAVEX15 - ok
19:51:28.0858 0x069c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
19:51:28.0870 0x069c NDIS - ok
19:51:28.0872 0x069c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:51:28.0873 0x069c NdisCap - ok
19:51:28.0875 0x069c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:28.0876 0x069c NdisTapi - ok
19:51:28.0878 0x069c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:28.0879 0x069c Ndisuio - ok
19:51:28.0883 0x069c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:28.0886 0x069c NdisWan - ok
19:51:28.0888 0x069c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:51:28.0889 0x069c NDProxy - ok
19:51:28.0892 0x069c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:51:28.0893 0x069c NetBIOS - ok
19:51:28.0898 0x069c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:51:28.0902 0x069c NetBT - ok
19:51:28.0904 0x069c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
19:51:28.0905 0x069c Netlogon - ok
19:51:28.0912 0x069c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:51:28.0917 0x069c Netman - ok
19:51:28.0920 0x069c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:51:28.0922 0x069c NetMsmqActivator - ok
19:51:28.0925 0x069c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:51:28.0927 0x069c NetPipeActivator - ok
19:51:28.0934 0x069c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:51:28.0940 0x069c netprofm - ok
19:51:28.0943 0x069c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:51:28.0945 0x069c NetTcpActivator - ok
19:51:28.0948 0x069c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:51:28.0949 0x069c NetTcpPortSharing - ok
19:51:28.0952 0x069c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:51:28.0953 0x069c nfrd960 - ok
19:51:28.0959 0x069c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:51:28.0963 0x069c NlaSvc - ok
19:51:28.0965 0x069c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:51:28.0966 0x069c Npfs - ok
19:51:28.0968 0x069c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:51:28.0969 0x069c nsi - ok
19:51:28.0970 0x069c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:51:28.0971 0x069c nsiproxy - ok
19:51:28.0993 0x069c [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:51:29.0013 0x069c Ntfs - ok
19:51:29.0016 0x069c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:51:29.0016 0x069c Null - ok
19:51:29.0019 0x069c [ B227E75AD10A142DD326B4CC8D73A6D9, CA76D73381ADAB04E86D417788D4EDAAE8343B90DCC9690ED5FFB1C0B1F09057 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
19:51:29.0021 0x069c nusb3hub - ok
19:51:29.0026 0x069c [ 55959DB860E4E484681586824D09E52C, EEA42F7DF194A84F207A8DC3BA9BF9ACDBFFFA9C611DA9289528C7F64599563F ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
19:51:29.0030 0x069c nusb3xhc - ok
19:51:29.0034 0x069c [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:51:29.0036 0x069c NVHDA - ok
19:51:29.0182 0x069c [ 5A81DCCDA60D41BAC26C00B650D8769D, 47B8D349F6AA01BB019920761BCC92583EF15057E19B7AEFECB512D4EF24B92C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:51:29.0299 0x069c nvlddmkm - ok
19:51:29.0310 0x069c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:51:29.0312 0x069c nvraid - ok
19:51:29.0319 0x069c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:51:29.0322 0x069c nvstor - ok
19:51:29.0498 0x069c [ 449872BF91DF89D85D892AB2D2AD3A14, A42EA81703553F980D813531B3E8B07B84541D372C6138396D076FC75579D9A6 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
19:51:29.0639 0x069c NvStreamSvc - ok
19:51:29.0662 0x069c [ A81B621DDD83D3D016C32E6C6D45C898, 6ECB12A21B64E80E90788342120D56B8FC185A8B748B814DF07BD34B113931A4 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:51:29.0674 0x069c nvsvc - ok
19:51:29.0700 0x069c [ C98F28448B8A2488B499657C396EF3A0, EC5D97F5E8E2B9BC675F74CA3F626A1C88A038D708D3119F9089C778BB44E8F5 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:51:29.0723 0x069c nvUpdatusService - ok
19:51:29.0727 0x069c [ 31B16657118E439B77B0A527F7EA66CB, 8C375D2AFF56125E08587DDDCE6AD31DE6D2DEEDC9AD95ADE95B7499F79A5B56 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
19:51:29.0728 0x069c nvvad_WaveExtensible - ok
19:51:29.0731 0x069c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:51:29.0733 0x069c nv_agp - ok
19:51:29.0764 0x069c [ D02B9C22F789B320CD87A4A9D1C0FC09, EAD880B6697EB1CE90A358F8FC37C5C09D320F63BD750254F92F825E104A038B ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
19:51:29.0782 0x069c OfficeSvc - ok
19:51:29.0785 0x069c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:51:29.0787 0x069c ohci1394 - ok
19:51:29.0789 0x069c [ EC322186D8FCE3D632F3F597D67747DD, 3011E02C695B006EF9A82ACC030953B9BEA6CE9AD28D63E4AA7FB4CC14F05CF2 ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
19:51:29.0790 0x069c OpenVPNService - ok
19:51:29.0794 0x069c [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:29.0797 0x069c ose64 - ok
19:51:29.0859 0x069c [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:51:29.0917 0x069c osppsvc - ok
19:51:29.0925 0x069c [ 85EA378116E2C4385993BA5124536FFC, C641A62375F846839ED2CDFDF09D2E3CE393AAEE99490B1E1338C81B6F4D7257 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
19:51:29.0928 0x069c ossrv - ok
19:51:29.0934 0x069c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:51:29.0938 0x069c p2pimsvc - ok
19:51:29.0946 0x069c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:51:29.0952 0x069c p2psvc - ok
19:51:29.0955 0x069c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
19:51:29.0957 0x069c Parport - ok
19:51:29.0959 0x069c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:51:29.0961 0x069c partmgr - ok
19:51:29.0965 0x069c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:51:29.0967 0x069c PcaSvc - ok
19:51:29.0972 0x069c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:51:29.0974 0x069c pci - ok
19:51:29.0976 0x069c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:51:29.0977 0x069c pciide - ok
19:51:29.0981 0x069c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:51:29.0985 0x069c pcmcia - ok
19:51:29.0987 0x069c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:51:29.0988 0x069c pcw - ok
19:51:29.0998 0x069c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:51:30.0007 0x069c PEAUTH - ok
19:51:30.0017 0x069c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:51:30.0018 0x069c PerfHost - ok
19:51:30.0038 0x069c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:51:30.0055 0x069c pla - ok
19:51:30.0064 0x069c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:51:30.0069 0x069c PlugPlay - ok
19:51:30.0071 0x069c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:51:30.0073 0x069c PNRPAutoReg - ok
19:51:30.0079 0x069c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:51:30.0082 0x069c PNRPsvc - ok
19:51:30.0085 0x069c [ 520D48ECB54A33821C95EE496A4235AF, 3C7984E480F134E303E6AD03A3837515F3E03A4727F1AD184BD1D8C71D68FFEF ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:51:30.0085 0x069c Point64 - ok
19:51:30.0093 0x069c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:51:30.0100 0x069c PolicyAgent - ok
19:51:30.0104 0x069c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:51:30.0107 0x069c Power - ok
19:51:30.0110 0x069c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:51:30.0112 0x069c PptpMiniport - ok
19:51:30.0115 0x069c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
19:51:30.0116 0x069c Processor - ok
19:51:30.0121 0x069c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
19:51:30.0124 0x069c ProfSvc - ok
19:51:30.0125 0x069c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:51:30.0126 0x069c ProtectedStorage - ok
19:51:30.0129 0x069c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:51:30.0132 0x069c Psched - ok
19:51:30.0135 0x069c [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
19:51:30.0136 0x069c PST Service - ok
19:51:30.0157 0x069c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:51:30.0175 0x069c ql2300 - ok
19:51:30.0180 0x069c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:51:30.0182 0x069c ql40xx - ok
19:51:30.0187 0x069c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:51:30.0191 0x069c QWAVE - ok
19:51:30.0193 0x069c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:51:30.0194 0x069c QWAVEdrv - ok
19:51:30.0196 0x069c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:51:30.0196 0x069c RasAcd - ok
19:51:30.0199 0x069c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:51:30.0200 0x069c RasAgileVpn - ok
19:51:30.0203 0x069c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:51:30.0205 0x069c RasAuto - ok
19:51:30.0208 0x069c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:30.0211 0x069c Rasl2tp - ok
19:51:30.0217 0x069c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:51:30.0222 0x069c RasMan - ok
19:51:30.0225 0x069c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:30.0227 0x069c RasPppoe - ok
19:51:30.0229 0x069c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:51:30.0231 0x069c RasSstp - ok
19:51:30.0237 0x069c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:51:30.0242 0x069c rdbss - ok
19:51:30.0244 0x069c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:51:30.0245 0x069c rdpbus - ok
19:51:30.0246 0x069c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:30.0247 0x069c RDPCDD - ok
19:51:30.0249 0x069c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:51:30.0249 0x069c RDPENCDD - ok
19:51:30.0251 0x069c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:51:30.0252 0x069c RDPREFMP - ok
19:51:30.0254 0x069c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:51:30.0255 0x069c RdpVideoMiniport - ok
19:51:30.0260 0x069c [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:51:30.0263 0x069c RDPWD - ok
19:51:30.0268 0x069c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:51:30.0271 0x069c rdyboost - ok
19:51:30.0274 0x069c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:51:30.0276 0x069c RemoteAccess - ok
19:51:30.0280 0x069c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:51:30.0283 0x069c RemoteRegistry - ok
19:51:30.0285 0x069c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:51:30.0286 0x069c RpcEptMapper - ok
19:51:30.0288 0x069c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:51:30.0289 0x069c RpcLocator - ok
19:51:30.0297 0x069c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
19:51:30.0302 0x069c RpcSs - ok
19:51:30.0305 0x069c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:51:30.0307 0x069c rspndr - ok
19:51:30.0309 0x069c RTCore64 - ok
19:51:30.0322 0x069c [ 61A04C0C084D560BBEF1D09604608262, 27230BDFB479FBD1B18BB4035059A52F8BE74B19190951EAC95D569E284421B3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:51:30.0330 0x069c RTL8167 - ok
19:51:30.0332 0x069c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
19:51:30.0333 0x069c SamSs - ok
19:51:30.0336 0x069c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:51:30.0338 0x069c sbp2port - ok
19:51:30.0342 0x069c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:51:30.0345 0x069c SCardSvr - ok
19:51:30.0347 0x069c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:51:30.0348 0x069c scfilter - ok
19:51:30.0363 0x069c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
19:51:30.0377 0x069c Schedule - ok
19:51:30.0381 0x069c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:51:30.0382 0x069c SCPolicySvc - ok
19:51:30.0386 0x069c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:51:30.0388 0x069c SDRSVC - ok
19:51:30.0390 0x069c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:51:30.0390 0x069c secdrv - ok
19:51:30.0393 0x069c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
19:51:30.0394 0x069c seclogon - ok
19:51:30.0397 0x069c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
19:51:30.0398 0x069c SENS - ok
19:51:30.0400 0x069c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:51:30.0401 0x069c SensrSvc - ok
19:51:30.0403 0x069c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:51:30.0404 0x069c Serenum - ok
19:51:30.0407 0x069c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:51:30.0408 0x069c Serial - ok
19:51:30.0410 0x069c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:51:30.0411 0x069c sermouse - ok
19:51:30.0417 0x069c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:51:30.0419 0x069c SessionEnv - ok
19:51:30.0421 0x069c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:51:30.0422 0x069c sffdisk - ok
19:51:30.0423 0x069c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:51:30.0424 0x069c sffp_mmc - ok
19:51:30.0426 0x069c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:51:30.0427 0x069c sffp_sd - ok
19:51:30.0428 0x069c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:51:30.0429 0x069c sfloppy - ok
19:51:30.0436 0x069c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:51:30.0441 0x069c SharedAccess - ok
19:51:30.0448 0x069c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:51:30.0452 0x069c ShellHWDetection - ok
19:51:30.0455 0x069c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:51:30.0456 0x069c SiSRaid2 - ok
19:51:30.0459 0x069c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:51:30.0461 0x069c SiSRaid4 - ok
19:51:30.0464 0x069c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:51:30.0466 0x069c Smb - ok
19:51:30.0469 0x069c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:51:30.0470 0x069c SNMPTRAP - ok
19:51:30.0472 0x069c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:51:30.0472 0x069c spldr - ok
19:51:30.0482 0x069c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
19:51:30.0490 0x069c Spooler - ok
19:51:30.0533 0x069c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:51:30.0571 0x069c sppsvc - ok
19:51:30.0575 0x069c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:51:30.0577 0x069c sppuinotify - ok
19:51:30.0589 0x069c [ 2FD9346F9D76CB4192D37329CFA47A82, 4CD75B4006147D469116F3CBC10528928A592510DA8037D709CB198D89853CAB ] SRTSP C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
19:51:30.0597 0x069c SRTSP - ok
19:51:30.0600 0x069c [ 0E76CEF892C45734F7AED09FDDF35D4D, C25AF31E411AC3A090859C883132B9AE6A80C8D791168FF219BC0895E35A0359 ] SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
19:51:30.0600 0x069c SRTSPX - ok
19:51:30.0608 0x069c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:51:30.0614 0x069c srv - ok
19:51:30.0621 0x069c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:51:30.0627 0x069c srv2 - ok
19:51:30.0631 0x069c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:51:30.0633 0x069c srvnet - ok
19:51:30.0638 0x069c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:51:30.0640 0x069c SSDPSRV - ok
19:51:30.0643 0x069c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:51:30.0644 0x069c SstpSvc - ok
19:51:30.0652 0x069c [ 048B2EDFC0F6D110C06574086DC405B8, D3FD83AF6B6B4B3E330EADEAFA8613E2541A2BDAD35BA64D93059C7E631C73DC ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:51:30.0658 0x069c Stereo Service - ok
19:51:30.0660 0x069c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:51:30.0661 0x069c stexstor - ok
19:51:30.0671 0x069c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:51:30.0679 0x069c stisvc - ok
19:51:30.0681 0x069c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:51:30.0681 0x069c swenum - ok
19:51:30.0690 0x069c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:51:30.0696 0x069c swprv - ok
19:51:30.0705 0x069c [ 52DC0048D667757A8A2E4C87182890AC, 7B43DF6DADFDDBBC5402477FE832052ADB6A39B90111CDA89B5E01CE900F55C5 ] SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
19:51:30.0711 0x069c SymDS - ok
19:51:30.0727 0x069c [ 599872BAD7CFB45C7CE47CDED4B726D8, 5B15B1B22C3ACA1BC56CAFCAFFC2E974C75C77C0AB7355FBA91F2147C0911499 ] SymEFA C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
19:51:30.0741 0x069c SymEFA - ok
19:51:30.0746 0x069c [ F19E5E37ED8134B9E5F6287F2D3A75D7, 5804D6DF529213CCF7CD2C345483940554CAA5C6EA065A1B09AA54D114C612F8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:51:30.0748 0x069c SymEvent - ok
19:51:30.0753 0x069c [ ADF37F1A715D6C56C8E065FD8569A9A4, 33E895CB326F62D4D22E345563B0641EB88D23B2104A07E8CEBE5ED150882767 ] SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS
19:51:30.0755 0x069c SymIRON - ok
19:51:30.0762 0x069c [ 9CDCA70485BD6B9D230365F67C31F132, 137995F1F0124E3A10AAA25551F811602BB5FE8361AE8CBA899C6B98486F4CF3 ] SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
19:51:30.0767 0x069c SymNetS - ok
19:51:30.0789 0x069c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
19:51:30.0810 0x069c SysMain - ok
19:51:30.0814 0x069c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:30.0816 0x069c TabletInputService - ok
19:51:30.0818 0x069c [ F9BE29D5E097F03F81D3CD12B794CB66, 5EC208DEAF7C721F4C36512E7DAD4AC66578AB935B9502A5E1E213BC91BE508C ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:51:30.0819 0x069c tap0901 - ok
19:51:30.0825 0x069c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:51:30.0830 0x069c TapiSrv - ok
19:51:30.0832 0x069c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:51:30.0833 0x069c TBS - ok
19:51:30.0858 0x069c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:51:30.0881 0x069c Tcpip - ok
19:51:30.0907 0x069c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:51:30.0925 0x069c TCPIP6 - ok
19:51:30.0929 0x069c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:51:30.0930 0x069c tcpipreg - ok
19:51:30.0933 0x069c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:51:30.0934 0x069c TDPIPE - ok
19:51:30.0936 0x069c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:51:30.0937 0x069c TDTCP - ok
19:51:30.0940 0x069c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:51:30.0942 0x069c tdx - ok
19:51:30.0945 0x069c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:51:30.0946 0x069c TermDD - ok
19:51:30.0957 0x069c [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
19:51:30.0966 0x069c TermService - ok
19:51:30.0969 0x069c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:51:30.0970 0x069c Themes - ok
19:51:30.0972 0x069c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:51:30.0973 0x069c THREADORDER - ok
19:51:30.0976 0x069c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:51:30.0978 0x069c TrkWks - ok
19:51:30.0983 0x069c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:30.0986 0x069c TrustedInstaller - ok
19:51:30.0988 0x069c [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:30.0989 0x069c tssecsrv - ok
19:51:30.0991 0x069c [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:51:30.0993 0x069c TsUsbFlt - ok
19:51:30.0995 0x069c [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:51:30.0996 0x069c TsUsbGD - ok
19:51:30.0999 0x069c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:51:31.0002 0x069c tunnel - ok
19:51:31.0004 0x069c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:51:31.0005 0x069c uagp35 - ok
19:51:31.0011 0x069c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:51:31.0016 0x069c udfs - ok
19:51:31.0019 0x069c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:51:31.0021 0x069c UI0Detect - ok
19:51:31.0023 0x069c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:51:31.0025 0x069c uliagpkx - ok
19:51:31.0027 0x069c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:51:31.0028 0x069c umbus - ok
19:51:31.0030 0x069c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
19:51:31.0031 0x069c UmPass - ok
19:51:31.0038 0x069c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:51:31.0042 0x069c upnphost - ok
19:51:31.0045 0x069c [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:31.0047 0x069c usbccgp - ok
19:51:31.0050 0x069c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:51:31.0052 0x069c usbcir - ok
19:51:31.0054 0x069c [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:51:31.0055 0x069c usbehci - ok
19:51:31.0062 0x069c [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:51:31.0066 0x069c usbhub - ok
19:51:31.0069 0x069c [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:51:31.0070 0x069c usbohci - ok
19:51:31.0072 0x069c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:51:31.0072 0x069c usbprint - ok
19:51:31.0075 0x069c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
19:51:31.0076 0x069c usbscan - ok
19:51:31.0079 0x069c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:31.0081 0x069c USBSTOR - ok
19:51:31.0083 0x069c [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:51:31.0084 0x069c usbuhci - ok
19:51:31.0086 0x069c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:51:31.0088 0x069c UxSms - ok
19:51:31.0089 0x069c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
19:51:31.0090 0x069c VaultSvc - ok
19:51:31.0092 0x069c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:51:31.0093 0x069c vdrvroot - ok
19:51:31.0102 0x069c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:51:31.0108 0x069c vds - ok
19:51:31.0110 0x069c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:31.0111 0x069c vga - ok
19:51:31.0113 0x069c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:51:31.0114 0x069c VgaSave - ok
19:51:31.0118 0x069c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:51:31.0122 0x069c vhdmp - ok
19:51:31.0123 0x069c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:51:31.0124 0x069c viaide - ok
19:51:31.0127 0x069c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:51:31.0128 0x069c volmgr - ok
19:51:31.0135 0x069c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:51:31.0140 0x069c volmgrx - ok
19:51:31.0146 0x069c [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:51:31.0151 0x069c volsnap - ok
19:51:31.0155 0x069c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:51:31.0158 0x069c vsmraid - ok
19:51:31.0180 0x069c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:51:31.0201 0x069c VSS - ok
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 14th, 2013, 1:11 am

Continuation:

19:51:31.0206 0x069c [ 5BE34BFADE20FF6C154B4663605B6212, 810F7956588F1A177FEE9C4D45C834954122BB9429D7E915D7F6F8EA3DA9802A ] VUSB3HUB C:\Windows\system32\drivers

\ViaHub3.sys
19:51:31.0209 0x069c VUSB3HUB - ok
19:51:31.0211 0x069c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers

\vwifibus.sys
19:51:31.0212 0x069c vwifibus - ok
19:51:31.0219 0x069c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:51:31.0224 0x069c W32Time - ok
19:51:31.0227 0x069c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers

\wacompen.sys
19:51:31.0228 0x069c WacomPen - ok
19:51:31.0231 0x069c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS

\wanarp.sys
19:51:31.0233 0x069c WANARP - ok
19:51:31.0235 0x069c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS

\wanarp.sys
19:51:31.0236 0x069c Wanarpv6 - ok
19:51:31.0254 0x069c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat

\WatAdminSvc.exe
19:51:31.0270 0x069c WatAdminSvc - ok
19:51:31.0291 0x069c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:51:31.0308 0x069c wbengine - ok
19:51:31.0313 0x069c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:51:31.0316 0x069c WbioSrvc - ok
19:51:31.0325 0x069c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:51:31.0331 0x069c wcncsvc - ok
19:51:31.0333 0x069c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows

\System32\WcsPlugInService.dll
19:51:31.0335 0x069c WcsPlugInService - ok
19:51:31.0337 0x069c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
19:51:31.0338 0x069c Wd - ok
19:51:31.0351 0x069c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers

\Wdf01000.sys
19:51:31.0361 0x069c Wdf01000 - ok
19:51:31.0364 0x069c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:51:31.0366 0x069c WdiServiceHost - ok
19:51:31.0368 0x069c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:51:31.0369 0x069c WdiSystemHost - ok
19:51:31.0374 0x069c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
19:51:31.0378 0x069c WebClient - ok
19:51:31.0383 0x069c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:51:31.0387 0x069c Wecsvc - ok
19:51:31.0390 0x069c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows

\System32\wercplsupport.dll
19:51:31.0391 0x069c wercplsupport - ok
19:51:31.0393 0x069c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:51:31.0395 0x069c WerSvc - ok
19:51:31.0396 0x069c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS

\wfplwf.sys
19:51:31.0397 0x069c WfpLwf - ok
19:51:31.0399 0x069c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers

\wimmount.sys
19:51:31.0400 0x069c WIMMount - ok
19:51:31.0401 0x069c WinDefend - ok
19:51:31.0404 0x069c WinHttpAutoProxySvc - ok
19:51:31.0411 0x069c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem

\WMIsvc.dll
19:51:31.0414 0x069c Winmgmt - ok
19:51:31.0440 0x069c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
19:51:31.0465 0x069c WinRM - ok
19:51:31.0470 0x069c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS

\WinUsb.sys
19:51:31.0471 0x069c WinUsb - ok
19:51:31.0484 0x069c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:51:31.0496 0x069c Wlansvc - ok
19:51:31.0498 0x069c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS

\wmiacpi.sys
19:51:31.0498 0x069c WmiAcpi - ok
19:51:31.0503 0x069c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem

\WmiApSrv.exe
19:51:31.0506 0x069c wmiApSrv - ok
19:51:31.0508 0x069c WMPNetworkSvc - ok
19:51:31.0510 0x069c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:51:31.0511 0x069c WPCSvc - ok
19:51:31.0515 0x069c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:51:31.0516 0x069c WPDBusEnum - ok
19:51:31.0518 0x069c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers

\ws2ifsl.sys
19:51:31.0519 0x069c ws2ifsl - ok
19:51:31.0522 0x069c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
19:51:31.0524 0x069c wscsvc - ok
19:51:31.0525 0x069c WSearch - ok
19:51:31.0556 0x069c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
19:51:31.0582 0x069c wuauserv - ok
19:51:31.0586 0x069c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers

\WudfPf.sys
19:51:31.0588 0x069c WudfPf - ok
19:51:31.0592 0x069c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS

\WUDFRd.sys
19:51:31.0596 0x069c WUDFRd - ok
19:51:31.0598 0x069c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:51:31.0600 0x069c wudfsvc - ok
19:51:31.0604 0x069c [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:51:31.0608 0x069c WwanSvc - ok
19:51:31.0613 0x069c [ 109B6F1888845661D19B7A458776D5D1, 526F9655480726345A4E3395EC841BAFB25AFF7AD84C51AD2A6BBA9605BD26FD ] xhcdrv C:\Windows\system32\drivers

\xhcdrv.sys
19:51:31.0616 0x069c xhcdrv - ok
19:51:31.0619 0x069c ================ Scan global ===============================
19:51:31.0621 0x069c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:51:31.0626 0x069c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:51:31.0633 0x069c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:51:31.0637 0x069c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:51:31.0644 0x069c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:51:31.0648 0x069c [ Global ] - ok
19:51:31.0648 0x069c ================ Scan MBR ==================================
19:51:31.0649 0x069c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:51:31.0686 0x069c \Device\Harddisk0\DR0 - ok
19:51:31.0699 0x069c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:51:31.0702 0x069c \Device\Harddisk1\DR1 - ok
19:51:31.0706 0x069c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
19:51:31.0709 0x069c \Device\Harddisk2\DR2 - ok
19:51:31.0722 0x069c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
19:51:31.0899 0x069c \Device\Harddisk3\DR3 - ok
19:51:31.0907 0x069c [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
19:51:31.0919 0x069c \Device\Harddisk5\DR5 - ok
19:51:31.0919 0x069c ================ Scan VBR ==================================
19:51:31.0922 0x069c [ BEC61454C218930473CC8399150FCC7B ] \Device\Harddisk0\DR0\Partition1
19:51:31.0925 0x069c \Device\Harddisk0\DR0\Partition1 - ok
19:51:31.0928 0x069c [ 6E95FC7EEC6BF9F83B48EDD3F248E4CC ] \Device\Harddisk0\DR0\Partition2
19:51:31.0930 0x069c \Device\Harddisk0\DR0\Partition2 - ok
19:51:31.0934 0x069c [ F9DE044E6BD66AFEEEBBF696499FD1DC ] \Device\Harddisk1\DR1\Partition1
19:51:31.0936 0x069c \Device\Harddisk1\DR1\Partition1 - ok
19:51:31.0943 0x069c [ 1BB1AFA9464F45779B50DC3032FE14B2 ] \Device\Harddisk2\DR2\Partition1
19:51:31.0945 0x069c \Device\Harddisk2\DR2\Partition1 - ok
19:51:31.0956 0x069c [ 8FE3D30AF5E77E6BA03847629E749952 ] \Device\Harddisk3\DR3\Partition1
19:51:31.0958 0x069c \Device\Harddisk3\DR3\Partition1 - ok
19:51:31.0972 0x069c [ 1B3EF200D54C812B1313C4DBEFE1E352 ] \Device\Harddisk3\DR3\Partition2
19:51:31.0974 0x069c \Device\Harddisk3\DR3\Partition2 - ok
19:51:31.0979 0x069c [ 6080B65E715BA3DEA9111D47661180B3 ] \Device\Harddisk5\DR5\Partition1
19:51:31.0982 0x069c \Device\Harddisk5\DR5\Partition1 - ok
19:51:31.0982 0x069c Waiting for KSN requests completion. In queue: 212
19:51:32.0982 0x069c Waiting for KSN requests completion. In queue: 182
19:51:33.0982 0x069c Waiting for KSN requests completion. In queue: 182
19:51:34.0983 0x069c Waiting for KSN requests completion. In queue: 22
19:51:36.0021 0x069c AV detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x51000 ( enabled :

updated )
19:51:36.0024 0x069c FW detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x51010 ( enabled )
19:51:38.0888 0x069c ============================================================
19:51:38.0888 0x069c Scan finished
19:51:38.0888 0x069c ============================================================
19:51:38.0899 0x05b4 Detected object count: 0
19:51:38.0899 0x05b4 Actual detected object count: 0
19:52:22.0169 0x1a6c Deinitialize success





C. Contents of the JRT.txt log file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by David on Wed 11/13/2013 at 20:09:00.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\web desktop



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\web layers
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{60FE28B5-591C-4947-BCA9-49BAB9CFFA3A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\David\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\David\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/13/2013 at 20:11:50.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



D.1. Contents of the AdwCleaner[R0].txt:

# AdwCleaner v3.012 - Report created 13/11/2013 at 20:15:00
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David - DIGITALSTORM-PC
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.48

[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1132 octets] - [13/11/2013 20:15:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1192 octets] ##########



D.2. Contents of the AdwCleaner[S0].txt:

# AdwCleaner v3.012 - Report created 13/11/2013 at 20:15:38
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David - DIGITALSTORM-PC
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
File Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.48

[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1272 octets] - [13/11/2013 20:15:00]
AdwCleaner[S0].txt - [1201 octets] - [13/11/2013 20:15:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1261 octets] ##########
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 14th, 2013, 1:13 am

E. Contents of the most recent OTL.txt file:

OTL logfile created on: 11/13/2013 8:30:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.94 Gb Total Physical Memory | 13.97 Gb Available Physical Memory | 87.65% Memory free
31.88 Gb Paging File | 29.95 Gb Available in Paging File | 93.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 33.70 Gb Free Space | 30.17% Space Free | Partition Type: NTFS
Drive E: | 128.00 Gb Total Space | 19.89 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 685.60 Gb Free Space | 73.60% Space Free | Partition Type: NTFS
Drive G: | 698.63 Gb Total Space | 52.46 Gb Free Space | 7.51% Space Free | Partition Type: NTFS
Drive H: | 570.64 Gb Total Space | 115.78 Gb Free Space | 20.29% Space Free | Partition Type: NTFS
Drive J: | 1.86 Gb Total Space | 1.47 Gb Free Space | 78.85% Space Free | Partition Type: FAT

Computer Name: DIGITALSTORM-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/12 21:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013/10/17 17:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/17 17:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/15 15:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/07/31 07:44:44 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/07/31 07:38:20 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/12 12:20:08 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/03/12 12:19:38 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/03/05 19:08:42 | 000,291,128 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/01/31 14:20:50 | 000,286,192 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/01/31 14:20:50 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/10/28 23:48:16 | 000,927,232 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
PRC - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/03/18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 20:02:27 | 001,227,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\decc12017394d466b473669f85b31b5d\System.WorkflowServices.ni.dll
MOD - [2013/10/09 01:07:40 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0aa6ae92cf58fb9d614d00132c439b39\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 01:07:40 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c8823408f21cc24f6add84812f1caaaf\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 01:07:39 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\53b16e9e500081433b043c3148d10239\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 01:07:35 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\593b48b531c3445e6dae067cc6879cdd\System.ServiceModel.Web.ni.dll
MOD - [2013/10/09 01:06:49 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5b0f72f144945b19324f94884e1e8699\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 01:06:47 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/09 01:06:46 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/09 01:06:27 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 01:06:27 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 01:04:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/09 01:04:14 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/09 01:04:11 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/08/14 20:18:23 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/14 20:18:17 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 00:16:35 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 00:16:33 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/14 00:16:33 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/07/31 22:58:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/17 17:35:51 | 015,122,208 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/06/13 11:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/13 11:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/02/13 11:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/01/31 14:20:50 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2013/10/17 17:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/15 15:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/08 23:34:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/31 07:44:44 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/07/30 23:27:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/07/30 23:18:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/12 12:20:08 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/12 12:19:38 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/10/28 23:48:16 | 000,927,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe -- (asComSvc)
SRV - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/12/15 09:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 15:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/07/30 19:19:03 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/16 04:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/05/22 22:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/22 22:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/05/22 22:12:48 | 000,077,592 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/05/22 22:12:48 | 000,013,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2013/05/22 21:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 21:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 21:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/04/24 16:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 18:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/03/20 08:51:14 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2013/03/20 08:49:34 | 000,012,288 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2013/03/19 16:25:46 | 000,027,648 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2013/03/19 16:25:28 | 000,023,552 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2013/03/12 12:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/03/04 17:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/31 14:20:10 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/01/31 14:20:10 | 000,028,656 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/12/27 00:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/20 14:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/12/20 14:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/12/20 14:44:10 | 000,020,616 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/27 19:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/06/08 15:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 09:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/11/22 06:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/22 06:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/10/25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/15 19:36:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/06/15 19:36:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/06/15 19:36:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2011/06/15 19:36:42 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/05/21 19:28:38 | 000,176,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2011/05/21 19:28:28 | 000,230,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/16 21:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/18 19:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 19:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 19:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 19:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 19:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 19:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 19:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 19:51:00 | 000,026,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctgame.sys -- (ctgame)
DRV:64bit: - [2010/03/18 19:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/03/18 19:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010/03/18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010/03/18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010/03/18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/10/28 09:41:15 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131113.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 15:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/15 05:38:04 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131113.008\ex64.sys -- (NAVEX15)
DRV - [2013/09/15 05:38:04 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131113.008\eng64.sys -- (NAVENG)
DRV - [2013/08/26 18:27:36 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/26 18:27:36 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 CC 54 A7 99 8D CE 01 [binary data]
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&tpr=111
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=407453&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_enUS547
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/11/13 20:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 18:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/09/03 00:04:13 | 000,000,000 | ---D | M]

[2013/06/13 19:45:42 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\David\AppData\Roaming\Slick Savings\Coupons64.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S1A8C.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\RunOnce: [InetReg] C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\RunOnce: [Uninstall C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64" File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7057615D-425F-4689-B2A5-9A579BCF2854}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/27 21:11:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/05/10 11:37:00 | 000,000,330 | ---- | M] () - J:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{f4d874d2-1860-11e3-88ed-74d02b9ca2e8}\Shell - "" = AutoRun
O33 - MountPoints2\{f4d874d2-1860-11e3-88ed-74d02b9ca2e8}\Shell\AutoRun\command - "" = K:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/13 20:14:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/13 20:09:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/13 19:55:48 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\David\Desktop\JRT.exe
[2013/11/13 19:47:37 | 004,121,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe
[2013/11/13 12:34:31 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 12:34:29 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 12:34:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 12:34:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 12:34:29 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 12:34:29 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 12:34:28 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 12:34:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 12:34:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 12:34:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 12:34:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 12:34:27 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/13 12:34:26 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/13 12:34:26 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/13 12:34:26 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/13 12:34:26 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/12 21:23:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/11/12 03:01:21 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/12 03:00:28 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 03:00:28 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 03:00:27 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 03:00:27 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 03:00:27 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 03:00:27 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 03:00:27 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 03:00:27 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 03:00:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 03:00:27 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 03:00:27 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 03:00:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 03:00:27 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 03:00:27 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 03:00:27 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 03:00:27 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 03:00:27 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 03:00:27 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 03:00:27 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 03:00:27 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 03:00:27 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 03:00:27 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 03:00:27 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 03:00:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 03:00:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 03:00:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 03:00:27 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 03:00:27 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 03:00:27 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 03:00:27 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 03:00:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 03:00:27 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 03:00:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 03:00:27 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 03:00:27 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 03:00:27 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 03:00:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 03:00:27 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 03:00:27 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 03:00:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 03:00:27 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 03:00:27 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 03:00:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 03:00:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 03:00:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 03:00:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 03:00:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 03:00:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 03:00:27 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 03:00:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 03:00:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 03:00:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 03:00:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 03:00:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 03:00:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 03:00:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 03:00:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 03:00:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 03:00:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 03:00:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 03:00:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/11 22:51:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\David\Desktop\dds.scr
[2013/11/11 00:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2013/10/30 00:18:04 | 001,063,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/10/30 00:18:04 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/10/30 00:17:51 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013/10/30 00:17:51 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013/10/21 22:33:43 | 030,344,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/21 22:33:43 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/21 22:33:43 | 022,933,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/21 22:33:43 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/21 22:33:43 | 015,858,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/21 22:33:43 | 011,415,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/21 22:33:43 | 011,362,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/21 22:33:43 | 009,516,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/21 22:33:43 | 009,472,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/21 22:33:43 | 003,131,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/21 22:33:43 | 003,124,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/21 22:33:43 | 002,946,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/21 22:33:43 | 002,747,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/21 22:33:43 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433158.dll
[2013/10/21 22:33:43 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433158.dll
[2013/10/21 22:33:43 | 001,241,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/21 22:33:43 | 000,696,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/21 22:33:43 | 000,655,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/21 22:33:43 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/21 22:33:43 | 000,560,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/21 22:33:43 | 000,479,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013/10/21 22:33:43 | 000,405,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013/10/21 22:33:43 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/21 22:33:43 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/21 22:33:43 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/21 22:33:43 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/20 16:29:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Oracle
[2013/10/20 16:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 16:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 16:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/15 15:54:06 | 000,589,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/13 20:24:46 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 20:24:46 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 20:23:50 | 000,784,738 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/13 20:23:50 | 000,664,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/13 20:23:50 | 000,122,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/13 20:17:44 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 20:17:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/13 20:17:38 | 4246,220,798 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 20:17:08 | 000,033,992 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/13 20:17:08 | 000,033,992 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/13 20:17:08 | 000,029,352 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/13 20:17:08 | 000,029,352 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/13 20:17:08 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/13 20:13:51 | 001,085,542 | ---- | M] () -- C:\Users\David\Desktop\adwcleaner.exe
[2013/11/13 20:02:28 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/13 20:02:27 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/13 19:55:08 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\David\Desktop\JRT.exe
[2013/11/13 19:46:41 | 004,121,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe
[2013/11/13 19:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/12 21:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/11/12 03:00:28 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 03:00:28 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 03:00:27 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 03:00:27 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 03:00:27 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 03:00:27 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 03:00:27 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 03:00:27 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 03:00:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 03:00:27 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 03:00:27 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 03:00:27 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 03:00:27 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 03:00:27 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 03:00:27 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 03:00:27 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 03:00:27 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 03:00:27 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 03:00:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 03:00:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 03:00:27 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 03:00:27 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 03:00:27 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 03:00:27 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 03:00:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 03:00:27 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 03:00:27 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 03:00:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 03:00:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 03:00:27 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 03:00:27 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 03:00:27 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 03:00:27 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 03:00:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 03:00:27 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 03:00:27 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 03:00:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 03:00:27 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 03:00:27 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 03:00:27 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 03:00:27 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 03:00:27 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 03:00:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 03:00:27 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 03:00:27 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 03:00:27 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 03:00:27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 03:00:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 03:00:27 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 03:00:27 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 03:00:27 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 03:00:27 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 03:00:27 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 03:00:27 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 03:00:27 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 03:00:27 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 03:00:27 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 03:00:27 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 03:00:27 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/12 03:00:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 03:00:27 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 03:00:27 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 03:00:27 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/11 22:51:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\David\Desktop\dds.scr
[2013/11/11 01:29:04 | 006,118,784 | ---- | M] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp3
[2013/11/11 01:28:48 | 003,141,670 | ---- | M] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp4
[2013/11/11 01:27:41 | 005,602,692 | ---- | M] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp3
[2013/11/11 01:27:26 | 005,205,557 | ---- | M] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp4
[2013/11/11 01:18:04 | 007,478,912 | ---- | M] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp3
[2013/11/11 01:17:46 | 025,882,899 | ---- | M] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp4
[2013/11/11 01:16:24 | 004,966,784 | ---- | M] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp3
[2013/11/11 01:15:58 | 004,334,696 | ---- | M] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp4
[2013/11/11 01:15:15 | 006,124,928 | ---- | M] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp3
[2013/11/11 01:14:52 | 023,177,866 | ---- | M] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp4
[2013/11/11 01:12:42 | 010,700,676 | ---- | M] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp3
[2013/11/11 01:03:56 | 089,709,722 | ---- | M] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp4
[2013/11/09 02:35:09 | 000,668,318 | ---- | M] () -- C:\Users\David\Desktop\Untitled.jpg
[2013/10/24 20:09:33 | 000,037,713 | ---- | M] () -- C:\Users\David\AppData\Roaming\Comma Separated Values.ADR
[2013/10/24 20:08:11 | 000,026,957 | ---- | M] () -- C:\Users\David\Documents\contacts.csv
[2013/10/24 20:08:11 | 000,026,957 | ---- | M] () -- C:\Users\David\Desktop\contacts.csv
[2013/10/24 17:32:19 | 000,576,281 | ---- | M] () -- C:\Users\David\Documents\bookmarks_10_24_13.html
[2013/10/24 13:54:09 | 002,347,469 | ---- | M] () -- C:\Users\David\Desktop\Comcast 2013-10-18_bill.pdf
[2013/10/24 12:39:34 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2013/10/24 09:28:00 | 000,871,182 | ---- | M] () -- C:\Users\David\Desktop\IMG_20131023_140552_318.jpg
[2013/10/17 17:36:09 | 001,063,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/10/17 17:36:08 | 000,955,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/10/15 16:48:05 | 030,344,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/15 16:48:05 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/15 16:48:05 | 022,933,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/15 16:48:05 | 018,290,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/10/15 16:48:05 | 018,243,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/10/15 16:48:05 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/15 16:48:05 | 015,858,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/15 16:48:05 | 015,244,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/10/15 16:48:05 | 011,415,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/15 16:48:05 | 011,362,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/15 16:48:05 | 009,516,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/15 16:48:05 | 009,472,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/15 16:48:05 | 003,131,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/15 16:48:05 | 003,124,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/15 16:48:05 | 003,067,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/10/15 16:48:05 | 002,946,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/15 16:48:05 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/15 16:48:05 | 002,694,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/10/15 16:48:05 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433158.dll
[2013/10/15 16:48:05 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433158.dll
[2013/10/15 16:48:05 | 001,435,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013/10/15 16:48:05 | 001,241,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/15 16:48:05 | 000,696,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/15 16:48:05 | 000,655,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/15 16:48:05 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/15 16:48:05 | 000,560,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/15 16:48:05 | 000,479,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013/10/15 16:48:05 | 000,405,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013/10/15 16:48:05 | 000,317,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/15 16:48:05 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/15 16:48:05 | 000,168,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/15 16:48:05 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/15 16:48:05 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/10/15 16:48:05 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/10/15 16:48:05 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/15 15:54:06 | 000,589,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/10/15 13:47:39 | 006,665,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/10/15 13:47:39 | 003,489,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/10/15 13:47:36 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/10/15 13:47:36 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/13 20:14:34 | 001,085,542 | ---- | C] () -- C:\Users\David\Desktop\adwcleaner.exe
[2013/11/12 03:00:27 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 03:00:27 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/11 01:29:00 | 006,118,784 | ---- | C] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp3
[2013/11/11 01:28:46 | 003,141,670 | ---- | C] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp4
[2013/11/11 01:27:37 | 005,602,692 | ---- | C] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp3
[2013/11/11 01:27:23 | 005,205,557 | ---- | C] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp4
[2013/11/11 01:17:58 | 007,478,912 | ---- | C] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp3
[2013/11/11 01:17:36 | 025,882,899 | ---- | C] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp4
[2013/11/11 01:16:21 | 004,966,784 | ---- | C] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp3
[2013/11/11 01:15:56 | 004,334,696 | ---- | C] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp4
[2013/11/11 01:15:10 | 006,124,928 | ---- | C] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp3
[2013/11/11 01:14:47 | 023,177,866 | ---- | C] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp4
[2013/11/11 01:12:34 | 010,700,676 | ---- | C] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp3
[2013/11/11 01:03:07 | 089,709,722 | ---- | C] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp4
[2013/11/09 02:35:09 | 000,668,318 | ---- | C] () -- C:\Users\David\Desktop\Untitled.jpg
[2013/10/24 21:10:25 | 000,026,957 | ---- | C] () -- C:\Users\David\Documents\contacts.csv
[2013/10/24 20:09:33 | 000,037,713 | ---- | C] () -- C:\Users\David\AppData\Roaming\Comma Separated Values.ADR
[2013/10/24 20:08:11 | 000,026,957 | ---- | C] () -- C:\Users\David\Desktop\contacts.csv
[2013/10/24 17:32:19 | 000,576,281 | ---- | C] () -- C:\Users\David\Documents\bookmarks_10_24_13.html
[2013/10/24 13:54:09 | 002,347,469 | ---- | C] () -- C:\Users\David\Desktop\Comcast 2013-10-18_bill.pdf
[2013/10/24 09:28:00 | 000,871,182 | ---- | C] () -- C:\Users\David\Desktop\IMG_20131023_140552_318.jpg
[2013/09/22 20:03:12 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/09/22 20:03:12 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/09/22 20:03:12 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/09/22 20:03:12 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/09/22 20:03:12 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/09/22 20:03:12 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/09/22 20:03:12 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/09/22 20:03:12 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/09/22 20:03:12 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/09/22 20:03:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/09/22 20:03:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/09/22 20:03:12 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/09/22 20:03:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/09/22 20:03:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/09/22 20:03:12 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/09/22 20:03:12 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/03 00:46:28 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/01 18:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\David\ntuser.pol
[2013/07/30 23:33:59 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2013/07/30 23:18:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/07/30 23:18:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/07/23 08:02:43 | 000,057,678 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/07/23 08:01:36 | 000,015,232 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/07/23 08:01:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/07/23 08:01:20 | 000,042,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/07/19 03:52:43 | 000,778,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/13 11:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >




F. Changes in computer behavior:

To continue with your multi-step instructions, I had to re-login to my email to get the link to the forum to re-check your instructions (I know, I shoulda printed them), which meant multiple re-boots, as I was often unable to re-connect to the forum website. After one reboot, opening Chrome gave a "restore previous webpages?" type message, and Chrome did not have the usual spigot/yahoo second tab. However, even after choosing not the restore previous Chrome webpages, Chrome then opened with the second spigot/yahoo tab. :-(


Thank you pgmigg!
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 14th, 2013, 4:58 pm

Hello Mao55,

Thank you pgmigg!
You are welcome, Mao55!
To continue with your multi-step instructions, I had to re-login to my email to get the link to the forum to re-check your instructions (I know, I shoulda printed them), which meant multiple re-boots, as I was often unable to re-connect to the forum website. After one reboot, opening Chrome gave a "restore previous webpages?" type message, and Chrome did not have the usual spigot/yahoo second tab. However, even after choosing not the restore previous Chrome webpages, Chrome then opened with the second spigot/yahoo tab. :-(
Very good job! :D Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    E - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&tpr=111
    IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=407453&fr=spigot-yhp-ie
    IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    O2:64bit: - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\David\AppData\Roaming\Slick Savings\Coupons64.dll File not found
    
    :Files
    C:\Users\David\AppData\Roaming\Slick Savings
    C:\Program Files (x86)\*.tmp
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Malwarebytes' Anti-Malware Rerun
As I saw you already have latest version of MBAM.
  1. Please start MBAM (Malwarebytes' Anti-Malware).
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab. Then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Step 3.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *Coupons*
    *datamngr*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *Coupons*
    *datamngr*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    Coupons
    datamngr
    searchab
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    Slick
    smartbar
    Sweetpack
    Tarma
    trolltech
    Vafmusic2
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file.
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 16th, 2013, 2:24 am

Thank you for your continuing help, pgmigg!

A. Problems executing instructions - I don't know that it's a problem, but after running Malwarebytes' Anti-Malware, there were no items listed to be deleted, but you may be able to see that from the log. However, I noticed in the Quarantine there were lots of entries for Spigot, Slick, and SearchProtect.

B. Contents of OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ deleted successfully.
========== FILES ==========
File\Folder C:\Users\David\AppData\Roaming\Slick Savings not found.
C:\Program Files (x86)\GUM9B06.tmp folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\David\Desktop\cmd.bat deleted successfully.
C:\Users\David\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1472821 bytes
->Temporary Internet Files folder emptied: 175822 bytes
->Java cache emptied: 46019 bytes
->Google Chrome cache emptied: 439908967 bytes
->Flash cache emptied: 63680 bytes

User: All Users

User: David
->Temp folder emptied: 6770311 bytes
->Temporary Internet Files folder emptied: 5158961 bytes
->Java cache emptied: 342828 bytes
->Google Chrome cache emptied: 16196590 bytes
->Flash cache emptied: 58439 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4263241 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 1803007 bytes

Total Files Cleaned = 454.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: David
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11152013_162808

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(20131115145940948).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20131115145940948).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20131115145940948).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x64.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x64.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



C. Contents of MBAM log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.15.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
David :: DIGITALSTORM-PC [administrator]

Protection: Enabled

11/15/2013 4:32:48 PM
mbam-log-2013-11-15 (16-32-48).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 573017
Time elapsed: 1 hour(s), 10 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



D. Contents of SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 22:00 on 15/11/2013 by David
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Users\David\Downloads\Mimo\alt.binaries.sounds.flac\King Tubby & The Aggrovators - Shalom Dub\King Tubby & The Aggrovators - Shalom Dub\09 - Move Out Of Babylon Dub.flac --a---- 21255462 bytes [02:19 09/09/2013] [13:57 14/09/2011] DDA625A20E7FBF970720349D83CDD680

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\ConduitAbstractionLayerBack.js.vir --a---- 488612 bytes [05:10 25/09/2013] [05:10 25/09/2013] 2949A371FB4B2D8571465CAC06D6D3D5
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\ConduitAbstractionLayerFront.js.vir --a---- 248731 bytes [05:10 25/09/2013] [05:10 25/09/2013] 28CC58847D6311A5322AC9A44B46D77D
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\js\conduitEnv.js.vir --a---- 93693 bytes [05:10 25/09/2013] [05:10 25/09/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\ConduitChromeApiPlugin.dll.vir --a---- 858400 bytes [05:10 25/09/2013] [05:10 25/09/2013] DCFC6376CD54D7FFD5F4B1446C725DEE
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\Search\plugins\npConduitNewTabPlugin.dll.vir --a---- 62240 bytes [05:10 25/09/2013] [05:10 25/09/2013] 2D3E11A6A5DF8EE64BB2245F9EF9B4AB
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [05:10 25/09/2013] [05:10 25/09/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [05:10 25/09/2013] [05:10 25/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [05:10 25/09/2013] [05:10 25/09/2013] 04EC2FEFD3A417F86E983508778A00DD

Searching for "*Coupons*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Slick*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Sweet*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Coupons*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Slick*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Sweet*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
No data found.

Searching for "Coupons"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Slick Savings]
"xpi_path"="C:\Users\David\AppData\Roaming\Slick Savings\coupons_2.8.xpi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk]
"Path"="C:\Users\David\AppData\Local\Slick Savings\coupons.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}]
"AppName"="CouponsHelper.exe"
[HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\AppDataLow\Software\Slick Savings]
"xpi_path"="C:\Users\David\AppData\Roaming\Slick Savings\coupons_2.8.xpi"

Searching for "datamngr"
No data found.

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
@="IUccUserSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54562FBC-5A84-4461-8BC9-590737E5DE13}]
@="IUccUserSearchQueryEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
@="_IUccUserSearchQueryEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Slick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Slick Savings]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Slick Savings]
"xpi_path"="C:\Users\David\AppData\Roaming\Slick Savings\coupons_2.8.xpi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk]
"Path"="C:\Users\David\AppData\Local\Slick Savings\coupons.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}]
"AppPath"="C:\Users\David\AppData\Roaming\Slick Savings"
[HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\AppDataLow\Software\Slick Savings]
[HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\AppDataLow\Software\Slick Savings]
"xpi_path"="C:\Users\David\AppData\Roaming\Slick Savings\coupons_2.8.xpi"

Searching for "smartbar"
No data found.

Searching for "Sweetpack"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-



E. I do not see any changes in system behavior. Whenever I open Chrome, there still is a second tab which opens a Yahoo Search page. :-(


Thank you again for working with me on this!
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 16th, 2013, 1:26 pm

Hello Mao55,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    %Files
    C:\Users\David\AppData\Local\Slick Savings\*.*
    C:\Users\David\AppData\Roaming\Slick Savings\*.*
    C:\Program Files (x86)\Common Files\Spigot 
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\Slick Savings]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}]
    [-HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\AppDataLow\Software\Slick Savings]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Trolltech]
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *Slick*
    *spigot*
    
    :folderfind
    *Slick*
    *spigot*
    
    :Regfind
    Slick
    spigot
    mhkaekfpcppmmioggniknbnbdbcigpkk
    pfndaklgolladniicklehhancnlgocpp
    icdlfehblmklkikfigmjhbmmpmkmpooj
    hbcennhacfaagdopikcegfcobcadeocj
    4593F72F-836C-4A7E-8F54-B3B1CE3D1CB5
    
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 3.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Contents of the ESETScan.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 16th, 2013, 11:38 pm

A. I made a mistake running the ESET Online Scanner, which I hope didn't screw things up. First, the instructions fr this Step 3 include for browsers Internet Explorer and Mozilla Firefox, but not Chrome. I do not have Mozilla Firefox, but I do have Internet Explorer. However, I rarely use IE, and use Chrome instead, and that's where I got the infection with the Yahoo/Spigot tab. So I thought I'd run ESET on both browsers. I did Chrome first, and that's where I made the mistake. In Step 3. 6., the second line is "UNCHECK "Remove found threats". I left it checked, and just my luck it did seem to "find" something in my System Volume Information and deleted it. *Sigh* FWIW, I then ran ESET on IE, following the instructions exactly, and no threats were found. Let me know if I really damaged something, or if there's anything I should do about this. Sorry for being such an idiot.



B. Contents of the OTL step:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <%Files> in the current context!
Error: Unable to interpret <C:\Users\David\AppData\Local\Slick Savings\*.*> in the current context!
Error: Unable to interpret <C:\Users\David\AppData\Roaming\Slick Savings\*.*> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\Common Files\Spigot > in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Slick Savings\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\AppDataLow\Software\Slick Savings\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Trolltech\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: David
->Temp folder emptied: 1732861 bytes
->Temporary Internet Files folder emptied: 823642 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 371176536 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1516 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1276930 bytes

Total Files Cleaned = 358.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: David
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11162013_135924

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(20131116111557988).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20131116111557988).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20131116111557988).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x64.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x64.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


C. Contents of the SystemLook.txt:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:06 on 16/11/2013 by David
Administrator - Elevation successful

========== filefind ==========

Searching for "*Slick*"
No files found.

Searching for "*spigot*"
No files found.

========== folderfind ==========

Searching for "*Slick*"
No folders found.

Searching for "*spigot*"
No folders found.

========== Regfind ==========

Searching for "Slick"
No data found.

Searching for "spigot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Spigot\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Spigot\GC\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj]
"path"="C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj]
"path"="C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp]
"path"="C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx"

Searching for "mhkaekfpcppmmioggniknbnbdbcigpkk"
No data found.

Searching for "pfndaklgolladniicklehhancnlgocpp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp]

Searching for "icdlfehblmklkikfigmjhbmmpmkmpooj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj]

Searching for "hbcennhacfaagdopikcegfcobcadeocj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj]

Searching for "4593F72F-836C-4A7E-8F54-B3B1CE3D1CB5"
No data found.

Searching for "a]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5591379C-B467-4BCA-B647-A438712504B0}\InprocServer32]
"InprocServer32"="zqP^V5!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6316D324-2238-101B-9E66-00AA003BA905}\LocalServer32]
"LocalServer32"="zqP^V5!!!!4!!!!MKKSkOutlookMAPI2>Sk2A]g%wi?z[!8w7=%A1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{688B0D3D-AF8F-483C-A712-8F4E9868B8DA}\InprocServer32]
"InprocServer32"="zqP^V5!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC6}\InprocServer32]
"InprocServer32"="zqP^V5!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC7}\InprocServer32]
"InprocServer32"="zqP^V5!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC8}\InprocServer32]
"InprocServer32"="zqP^V5!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC9}\InprocServer32]
"InprocServer32"="zqP^V5!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F yh1BVW?WA$4!!!!MKKSkTranslationFiles_1036>qUCLv[qvr=3vhtZ?ys+6 yh1BV^}tr&4!!!!MKKSkTranslationFiles_3082>CTFDu%NAf8gM!0B%jtgR"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABF651A1-0F07-48DF-9FF6-8B1B557669CA}\InprocServer32]
"InprocServer32"="zqP^V5!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB2B65B0-241E-101B-9E67-00AA003BA905}\LocalServer32]
"LocalServer32"="zqP^V5!!!!4!!!!MKKSkOutlookMAPI2>Sk2A]g%wi?z[!8w7=%A1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Common Files|Microsoft Shared|VSTA|Pipeline.v10.0|AddInSideAdapters|Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll]
"Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0,fileVersion="9.0.30729.5806",version="9.0.0.00000000",culture="neutral",publicKeyToken="B03F5F7F11D50A3A",processorArchitecture="MSIL""="yh1BV`$!!!4!!!!MKKSkVSTOCLR35>Y7retCX}Y9'~'ka]!&Hl zqP^V5!!!!4!!!!MKKSkVSTOCLR35>Y7retCX}Y9'~'ka]!&Hl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft Silverlight|5.1.20513.0|fi|mscorlib.resources.dll]
"mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.1.20513.0",culture="fi""="3PgDT0$gy?~Dc}DI]?&!Complete5.1.20513.0>Q-Va)BK{S9!Bp?-Evml? 3PgDT0$gy?~Dc}DI]?&!Complete5.1.20513.0>,DG,G*LQ'A]Oe{UWYXX4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft Silverlight|5.1.20513.0|lv|mscorlib.resources.dll]
"mscorlib.resources,version="5.0.5.0",publicKeyToken="7cec85d7bea7798e",processorArchitecture="MSIL",fileVersion="5.1.20513.0",culture="lv""="3PgDT0$gy?~Dc}DI]?&!Complete5.1.20513.0>e!l8$KTf0?ze[?a],RhK 3PgDT0$gy?~Dc}DI]?&!Complete5.1.20513.0>)?D${%=rY8!D?'+]1Nq9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft Silverlight|5.1.20513.0|zh-Hant|Microsoft.VisualBasic.resources.dll]
"Microsoft.VisualBasic.resources,version="5.0.5.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="5.1.20513.0",culture="zh-Hant""="3PgDT0$gy?~Dc}DI]?&!Complete5.1.20513.0>QfITh,hVq?3AS'1sghA] 3PgDT0$gy?~Dc}DI]?&!Complete5.1.20513.0>o&S'C-q9S=)&2rwij'xz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global]
"Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl,fileVersion="15.0.4420.1017",version="15.0.0.0000000",culture="neutral",publicKeyToken="71E9BCE111E9429C",processorArchitecture="MSIL""="zqP^V5!!!!4!!!!MKKSkOutlook_PIA>)^lz[Ih+-=yWA]EN]Sie yh1BV`$!!!4!!!!MKKSkOutlook_PIA>)^lz[Ih+-=yWA]EN]Sie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\52C90BF83BF06024791A1DBA02280F1B]
"Edge.inf"="zqP^V5!!!!4!!!!MKKSkThemesTypicalFiles>8n!(B_4}%=b)cpIV0hm=[^2A]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\52C90BF83BF06024791A1DBA02280F1B]
"Evrgreen.inf"="zqP^V5!!!!4!!!!MKKSkThemesTypicalFiles>V$sHMiUh_8pF{A]6KV-^[^2D]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\Tabs_Part.accdt"="yh1BVJ(8A$4!!!!MKKSkAccessTemplatesIntl_1033>fYfpt0)]UA]g.XO-q)t][^0]\Tabs_Part.part"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\BILLSTA7.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>H1WOITUEo8(E)k+.rgE*[^7A]\Billing Statement.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\BLOODPT8.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>fUD&{g~3s89wjpendM!X[^7A]\Blood Pressure Tracker.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\EXPENRP9.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>2_!@qYZ089XK99xD@9TX[^7A]\Expense Report.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\LOANAMO1.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>]E^VabNgB@!b(Q2mS2d`[^7A]\Loan Amortization.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\PMONBUD2.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>d'NaIUS!&?el[T`WrdnI[^7A]\Personal Monthly Budget.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\SALEREP4.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>J{WOIGg(&9wUY4nNdKA@[^7A]\Sales Report.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\TIMECAR6.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>K5V7CoxBc97eg&zl!'4l[^7A]\Time Card.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\AdjacencyReport.dotx"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>o?)tz$dzU@kk_nk?fK=%[^6A]\Adjacency report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\orginrep.dot"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>6q?U6%?T-=GRMJ8Hh%oP[^6A]\Origin report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\RedAndBlackReport.dotx"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>5wfb[c*iX9&uzcFQ9I6N[^6A]\Red and black report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\StudentReport.dotx"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>iXwHFIH*%@nc*F$k,Ya+[^6A]\Student report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\TimelessReport.dotx"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>MQ51=Tlnf9Q~COhHB}6Q[^6A]\Timeless report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\B347638FCC3D5BE438A7B3A875C058E2]
"1033\BWClassic.dotx"="yh1BVP(8A$4!!!!MKKSkWordQuickFormatsFilesIntl_1033>SnV&=y=HU?k$TysfjTd5[^9A]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\appvMachineRegistryStore\Integration\Backup\Software\Classes\CLSID\{6316D324-2238-101B-9E66-00AA003BA905}\LocalServer32]
"LocalServer32"="zqP^V5!!!!4!!!!MKKSkOutlookMAPI2>Sk2A]g%wi?z[!8w7=%A1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\appvMachineRegistryStore\Integration\Backup\Software\Classes\CLSID\{BB2B65B0-241E-101B-9E67-00AA003BA905}\LocalServer32]
"LocalServer32"="zqP^V5!!!!4!!!!MKKSkOutlookMAPI2>Sk2A]g%wi?z[!8w7=%A1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{5591379C-B467-4BCA-B647-A438712504B0}\InprocServer32]
"InprocServer32"="yh1BV3!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{6316D324-2238-101B-9E66-00AA003BA905}\LocalServer32]
"LocalServer32"="yh1BV3!!!!4!!!!MKKSkOutlookMAPI2>Sk2A]g%wi?z[!8w7=%A1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{688B0D3D-AF8F-483C-A712-8F4E9868B8DA}\InprocServer32]
"InprocServer32"="yh1BV3!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC6}\InprocServer32]
"InprocServer32"="yh1BV3!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC7}\InprocServer32]
"InprocServer32"="yh1BV3!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC8}\InprocServer32]
"InprocServer32"="yh1BV3!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{ABF651A1-0F07-48DF-9FF6-8B1B557669CA}\InprocServer32]
"InprocServer32"="yh1BV3!!!!4!!!!MKKSkTranslationCore>kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{BB2B65B0-241E-101B-9E67-00AA003BA905}\LocalServer32]
"LocalServer32"="yh1BV3!!!!4!!!!MKKSkOutlookMAPI2>Sk2A]g%wi?z[!8w7=%A1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\52C90BF83BF06024791A1DBA02280F1B]
"Edge.inf"="yh1BV3!!!!4!!!!MKKSkThemesTypicalFiles>8n!(B_4}%=b)cpIV0hm=[^2A]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\52C90BF83BF06024791A1DBA02280F1B]
"Evrgreen.inf"="yh1BV3!!!!4!!!!MKKSkThemesTypicalFiles>V$sHMiUh_8pF{A]6KV-^[^2D]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\Tabs_Part.accdt"="yh1BVJ(8A$4!!!!MKKSkAccessTemplatesIntl_1033>fYfpt0)]UA]g.XO-q)t][^0]\Tabs_Part.part"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\BILLSTA7.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>H1WOITUEo8(E)k+.rgE*[^7A]\Billing Statement.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\BLOODPT8.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>fUD&{g~3s89wjpendM!X[^7A]\Blood Pressure Tracker.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\EXPENRP9.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>2_!@qYZ089XK99xD@9TX[^7A]\Expense Report.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\LOANAMO1.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>]E^VabNgB@!b(Q2mS2d`[^7A]\Loan Amortization.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\PMONBUD2.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>d'NaIUS!&?el[T`WrdnI[^7A]\Personal Monthly Budget.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\SALEREP4.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>J{WOIGg(&9wUY4nNdKA@[^7A]\Sales Report.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\TIMECAR6.XLX"="yh1BVK(8A$4!!!!MKKSkExcelHelpFilesIntl_1033>K5V7CoxBc97eg&zl!'4l[^7A]\Time Card.xltx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\AdjacencyReport.dotx"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>o?)tz$dzU@kk_nk?fK=%[^6A]\Adjacency report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\orginrep.dot"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>6q?U6%?T-=GRMJ8Hh%oP[^6A]\Origin report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\RedAndBlackReport.dotx"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>5wfb[c*iX9&uzcFQ9I6N[^6A]\Red and black report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\StudentReport.dotx"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>iXwHFIH*%@nc*F$k,Ya+[^6A]\Student report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\8F622368F04F7B849A7B2021EE668F21]
"1033\TimelessReport.dotx"="yh1BVP(8A$4!!!!MKKSkWORDDocumentTemplatesIntl_1033>MQ51=Tlnf9Q~COhHB}6Q[^6A]\Timeless report.dotx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\B347638FCC3D5BE438A7B3A875C058E2]
"1033\BWClassic.dotx"="yh1BVP(8A$4!!!!MKKSkWordQuickFormatsFilesIntl_1033>SnV&=y=HU?k$TysfjTd5[^9A]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109510090400100000000F01FEC\Features]
"AccessTemplatesIntl_1033"="=FX,!8^w)?G9Gh3e@KOxLNW$]y*Wz9BLH-UPjr$hJFToMGV`~=rJtWSB)ADgY)0pQJQZq?U(,Zb1u9Yvh,*SGICd[=Mw85($d.NO'1dbV.FYA?0meIK}Xblh+krs_a1LM=f?)3+tS?1E+hMF,f,-k@wh}w2&oT&Nb(Js,~qWf==kx$!r&rwJ!(m`INpsV?uKcznZwY0t}CuoI5&]x8c{O.lAp4kSLAb9rbz!9?%EDL%r)~S4H9R@QT_1G?9j'VbD2U_R_J)$GWo@*?*R.J^A`uK`),rZgd-~HA}UM'%Z0cJb{^,mwQ^55='YS02G+`!4!F`N[!!8{=$2eO%CTbRgmxHKu%mKy9%A6~6fwS'8]@ISSU93u8]YG,1O_K6-J1MsR97{n8{n4I_Mve[qr]Zrre$&Z92ij[ulwd?mfYfpt0)]UA]g.XO-q)t]FfEX7.(.FA7^R35[eDiDISj`Nh{29?{0Ni.L[ot2@`&wH`!P!@*.@5g26}gN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A10090400100000000F01FEC\Features]
"OutlookDVExtensionsFilesIntl_1033"="1.hb)Sce$AE~iu?@$7``*)Q]X`Ay]=`?dKKu@,ya]X$_Uq1.}?(iaubF%j_!K]AcG[=RU=i&e'l-5,o`BR?O57aej9REf9n-7Zfm0q)BV?_1$=ItrAy*3cL)=W.YfU[FJ=6vgAUV$rbU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000100000000F01FEC\Features]
"ACCESSNonBootFiles"="e8FRR}r}99i=ube?6g.4Y{DbX^d309n57@3`dwOiuRH8uw,zw8ipi(Ir{lVs(rQpeq,cCAZFwENrr77G(pr}$N%-'AprE!^m!?zW!?^Y.%Mh%?3mx+-zJDDT`~eK1~WD?A}N-}203[XovIv-=]Xd!9C1@@2*PU_kvL.5If?0_8PC'c?'2kLDeVK*HER&!ACyiz$sQ)LS.OkSi6Z_@A}91sLmBXbEL~O_--O*R9e4Jr-Xs*xiwT[jK,1bx?w-Hj2[+~&J2X?s1,aG39Ah@i?=Py}k'_@csn9R~9%VJrv^{x.0RG_&BQ&(3A]r.}87=`FgYg@oC*hJs97T-ozJ8_}+uLD-ed)(5?.ya9!dCj2IQ$hqd3A(0=yxz?dE7c5J}JL*WGO+w8$s~BKt!gdp5d9@,'*iL@Yt~-@]13V]ZVy'OG5o`9mtbLl%Pq3jASkYoKCl?@?JxPk]LlcBSFqWXEgI&?j+y,PEbzeH3M(usC}$x?TU$JLCW[X%SY7yl-m_EADIlndOq,iNK6~GjVSRW9QClKco&pIy4[okVj5(dAlQ2HUfXq9WgPtvhL+GK@=AU669lNM.-H&H8SVDJA%h6QneJ}1YaH0W*eBIw=WZoGJpp}Hm%Es?A[=0R=g71v!gn,)d"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000100000000F01FEC\Features]
"DeveloperWizards"="(PTE-+@C)A3eEq+B^IZ$A3`uW`W~JA+L*D,V?a]Z"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000100000000F01FEC\Features]
"EXCELNonBootFiles"="e8FRR}r}99i=ube?6g.4Y{DbX^d309n57@3`dwOiuRH8uw,zw8ipi(Ir{lVs(rQpeq,cCAZFwENrr77G(pr}$N%-'AprE!^m!?zW!?^Y.%Mh%?3mx+-zJDDT`~eK1~WD?A}N-}203[XozRc00vsh79^hy]e~2`L,X'GaDmh'N==MPn3rI+9c5T+1OSdz@=+i4)iJnJ`-vIv-=]Xd!9C1@@2*PU_kvL.5If?0_8PC'c?'2kLDVin,cg]629v]fCu!7rkeu`1yWXa!G=@A0aC7M`+WoxnYKU^P.9F,VMH%5-fDDqoq*Q^zX8m0KhiWYh*FeVK*HER&!ACyiz$sQ)LS.OkSi6Z_@A}91sLmBXbEL~O_--O*R9e4Jr-Xs*xiwT[jK,1bx?w-Hj2[+~&J2X?s1,aG39Ah@i?=Py}k'_@csn9R~9%VJrv^{x.0RG_&BQ&(3A]r.}87=`FgYg@oC*hJs97T-ozJ8_}+uLD-ed)(5?.ya9!dCj2IQ$hqd3A(0=yxz?dE7c5J}JL*WGO+w8$s~BKt!gdp5d9@,'*iL@Yt~-@]13V]ZVy'OG5o`9mtbLl%Pq3jASkYoKCl?@?JxPk]LlcBSFqWXEgI&?j+y,PEbzeH3M(usC}$x?TU$JLCW[X%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000100000000F01FEC\Features]
"ThemesTypicalFiles"="PJw6t5MIBALDR~1eN&?^&Fel82rTB?!941]Uy31IbRh2NO$}[?wY[8[G2kOWNP)xo{AOR987TCbk@Vo@-Ez[$3`~OAGd'm7YIgeDyOzF4kj6@A(C2VRKEym0Xn1$?[W94Ayx*&*-~9b$uW9IslYDS=s(ypHsGEDY0SccAgp4YAK^K-5f==)t2m95B!{a_91U?[D(Xo_%fcW})'`fv94*O`Zu4_.Nr'pKB1dUP?YO`G((20r(8n!(B_4}%=b)cpIV0hm=V$sHMiUh_8pF{A]6KV-^upv,.PjPV@f@(0pZ['Xgk`uxs+4b-?nQZYQ^g`zT-py4RzF4w@qf&Ru_o$df%eODe6d'H@_tL8jwX@5=N&pqr4u`c?Va,=6wnD!A{mlbg~L53Ar}jnD*9UtOxEtl?Fio.?j%.`bk@DNM{(Z)UXZ`Y@wB.EQAjfvf&cOnu6S&f?8$0KU^]xAe_JVm^d2FD9{1mUpPM^Dv$6E=wM0H`@(*VhPv5Hte9qEHu*g{R@MKJ0=wn3zb=JZ?bY*Y_8^rgE.[ZTo9.C7N.rL8'9,Bpf$ero3lv,FiY~[ds8^XK8=u?NI2IL+NjugK`8KyL@S2e9W3ww8jvvy}}@b~onmv,+cA$X$ai]V=?@]rpmG?U&r?"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000100000000F01FEC\Features]
"TranslationCore"="-YV_1&K$69*XT(yw^E3)kb=1@s4*[?R=Q,@AIa]F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000100000000F01FEC\Features]
"OneNoteToIEAddin"="-!NposNUc?A]r`cqr%JlzKB7wsIL%A0T!YC+]c9K"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000100000000F01FEC\Features]
"OutlookMAPI2"="Sk2A]g%wi?z[!8w7=%A1yMzImmycO=.W-XDKyQM+u=e,LSVZE@8a}(Vo?)dGWoRaP8)uS?-9ZcVKEUt."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F00000000100000000F01FEC\Features]
"PubWizardsTier2"="NCoASG1')AO4fgN^1YmL'qy]uP1.E@`xcCNOFFfHv^%&uOUc3=c3d5htmt-9{bvNT6G){@KB4EhNDd!T^+F(5,1XAAD-(K.pyn)pIy^_Wj=o}8Hxa~)hs-WCBAZCzxw(59MC8WukN3CE]GZ`UdRPg@44u=!qQjo-Uv')w6@YAAIHfL?Xu^b(bVL$+l.FU9U%VqVM.e{[[Aw-Pf*w4=e1@iJIm^ADH+x^&jXD)=bV[Bd8(Ie_y&5gj4)yR?q'7Gz$zt,ucwr'Kw-i?A]Y7(D_FYbO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109510090400100000000F01FEC\Features]
"AccessTemplatesIntl_1033"="=FX,!8^w)?G9Gh3e@KOxLNW$]y*Wz9BLH-UPjr$hJFToMGV`~=rJtWSB)ADgY)0pQJQZq?U(,Zb1u9Yvh,*SGICd[=Mw85($d.NO'1dbV.FYA?0meIK}Xblh+krs_a1LM=f?)3+tS?1E+hMF,f,-k@wh}w2&oT&Nb(Js,~qWf==kx$!r&rwJ!(m`INpsV?uKcznZwY0t}CuoI5&]x8c{O.lAp4kSLAb9rbz!9?%EDL%r)~S4H9R@QT_1G?9j'VbD2U_R_J)$GWo@*?*R.J^A`uK`),rZgd-~HA}UM'%Z0cJb{^,mwQ^55='YS02G+`!4!F`N[!!8{=$2eO%CTbRgmxHKu%mKy9%A6~6fwS'8]@ISSU93u8]YG,1O_K6-J1MsR97{n8{n4I_Mve[qr]Zrre$&Z92ij[ulwd?mfYfpt0)]UA]g.XO-q)t]FfEX7.(.FA7^R35[eDiDISj`Nh{29?{0Ni.L[ot2@`&wH`!P!@*.@5g26}gNACCESSFilesIntl_1033"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A10090400100000000F01FEC\Features]
"OutlookDVExtensionsFilesIntl_1033"="1.hb)Sce$AE~iu?@$7``*)Q]X`Ay]=`?dKKu@,ya]X$_Uq1.}?(iaubF%j_!K]AcG[=RU=i&e'l-5,o`BR?O57aej9REf9n-7Zfm0q)BV?_1$=ItrAy*3cL)=W.YfU[FJ=6vgAUV$rbUOutlookImportExportFilesIntl_1033"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C80000000100000000F01FEC\Features]
"Outlook_PIA"="}V@+J+1Vk@5)eQ)E+~1A)It&NL!ei?7mMcOZ8[p$W4`)n'^%O=^Rt3YDv(PloaKcV4?N{@v1h.qk-HPi~`-Eeg2CZ@ICOREiblkB}C~5TP1RRAk?'ju-7+ggk8@cfi2DA?GZmRj0G$EEh6&Y,XwtM9b4yJ*PC$EyyU[.81NzJ9,4?,?IuGD$^MMx3^cIq8d'KPN4@(PKvatXpf*wS=4fltLnpn%I&=1d-6}6]A73k)bg)y5G+Ox0Iul3g(W'z?VXB]2d[*xOnBb5g(X*z?VXB]2d]~x0Iul3g(W'z?VXB]2d0*xOnBb5g(X*z?VXB]2dD~x0Iul3g(W'z?VXB]2d!*xOnBb5g(X*z?VXB]2d%Ox0Iul3g(W'z?VXB]2dc)xOnBb5g(X*z?VXB]2d1~*,9G13g(Svy?VXB]2d_*xOnBb5g(X*z?VXB]2dES~O,ZtxO]JNF=48`bJf0nNL=`1st9ov2d&OMvT_n-xOnBb5g(X*z?VXB]2doHtDyiazm=Pc'mDO`B_5Oy2]N~UMb9IWGFlwTmqPm,xAP^JGO93]]*l0H?b4gd9dn3^.k?{vo4bz5&s0('fEi2=^V=]J(!RA3DXAtpIt'k@2]At~B{t7._@c,t]`+?Ope?-d&KId6~*a'MrGdSV68?.y&)*e'`Fc)^lz[Ih+-=yWA]EN]Sie+&{FAM-b?=7)TsDJa,Gg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C80000000100000000F01FEC\Features]
"VSTOCLR35"=")ZdT6o,8y@}tMkmh4c50g+EBbm+q.@7w-Quiet3K-89)S7l,r@sN!Wc.$?)I}_Q(6,`Go=Zb}=PZ,=qiXEm75Am(19kR]JNBE-.CfINO'z(FQ9PN[!3E%i2Ln_UHe~t38@7n$Vnvu{3Ag&up&((If8ic]p$3(1_pLY8s'glj{=sAB6$%jqR=9{Jj2u$^VAA8%BDcvyj?OALt@QHTN=Z6H.sLLNcU(U~NtKbd8AK3S'=bZUDS=bCWbg`8v9~)ozIY!F$%EJjWzKz&w='HN=N!=MJ6uMU(Z83RN@d)Kqjbn%})3']5Zguot?@ZDGRp$$RybW1}H,3Re8!EOYB{C-RCO^QWiy[[{9^M10c&![*zF(Efs)ynI=kHZb*RM&f3D'Hu5tB.~@.nw[`y=6Dn?(qg=FK{l?68ac5j1kZg&E@,pH%I$AnY.8fA[=Z`R5}_aJ)n19!TcV67FZ!+YL'fKS$kt?tcu}GDe&MdYLmVJpRZe?wdZh=+m(O3p%T?EaCDt?tXb7R),j))-Y%5gwisZ@!jkPQ_mKa1C~GJ37vn(@rp`pgMf49chBMa05TQ{8BA)YM&9)3Tv6SM%bMmI@AI3ZR=g4axkRQMwbBm9AlsYYk294a?+r-$cNyfm?vJS'2z{7G(bjq]s@O.%@x*~_vDM1KcdFhxrZSnn@4q^V[WF?hv{'1D.S8'^8]xa4OgBOg+0jQ{od%%v?A*.7A+cGsIt7e&APXr4@sswQl]ootUois,&d4rH90X=JK9?ogVP_Ztf,T@^9gAYo0RfKcCjrbiR2KT*=C]qeh!J)IGcaJx`QpC)@g*3mVfiGxr(c1pp{SvE9F!iab*FvHu]B^jU5*kDA6PEAFljQ]3Y7retCX}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"TranslationCore"="-YV_1&K$69*XT(yw^E3)kb=1@s4*[?R=Q,@AIa]FProofingParent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"OutlookMAPI2"="Sk2A]g%wi?z[!8w7=%A1yMzImmycO=.W-XDKyQM+u=e,LSVZE@8a}(Vo?)dGWoRaP8)uS?-9ZcVKEUt.OutlookMessaging"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"VSTOCLR35"=")ZdT6o,8y@}tMkmh4c50g+EBbm+q.@7w-Quiet3K-89)S7l,r@sN!Wc.$?)I}_Q(6,`Go=Zb}=PZ,=qiXEm75Am(19kR]JNBE-.CfINO'z(FQ9PN[!3E%i2Ln_UHe~t38@7n$Vnvu{3Ag&up&((If8ic]p$3(1_pLY8s'glj{=sAB6$%jqR=9{Jj2u$^VAA8%BDcvyj?OALt@QHTN=Z6H.sLLNcU(U~NtKbd8AK3S'=bZUDS=bCWbg`8v9~)ozIY!F$%EJjWzKz&w='HN=N!=MJ6uMU(Z83RN@d)Kqjbn%})3']5Zguot?@ZDGRp$$RybW1}H,3Re8!EOYB{C-RCO^QWiy[[{9^M10c&![*zF(Efs)ynI=kHZb*RM&f3D'Hu5tB.~@.nw[`y=6Dn?(qg=FK{l?68ac5j1kZg&E@,pH%I$AnY.8fA[=Z`R5}_aJ)n19!TcV67FZ!+YL'fKS$kt?tcu}GDe&MdYLmVJpRZe?wdZh=+m(O3p%T?EaCDt?tXb7R),j))-Y%5gwisZ@!jkPQ_mKa1C~GJ37vn(@rp`pgMf49chBMa05TQ{8BA)YM&9)3TkRQMwbBm9AlsYYk294a?+r-$cNyfm?vJS'2z{7G(bjq]s@O.%@x*~_vDM1KcdFhxrZSnn@4q^V[WF?hv{'1D.S8'^8]xa4OgBOg+0jQ{od%%v?A*.7A+cGsIt7e&APXr4@sswQl]ootUois,&d4rH90X=JK9?ogVP_Ztf,T@^9gAYo0RfKcCjrbiR2KT*=C]qeh!J)IGcaJx`QpC)@g*3mVfiGxr(c1pp{SvE9F!iab*FvHu]B^jU5*kDA6PEAFljQ]3Y7retCX}Y9'~'ka]!&Hl[c@Vr&@M
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"Outlook_PIA"="}V@+J+1Vk@5)eQ)E+~1A)It&NL!ei?7mMcOZ8[p$W4`)n'^%O=^Rt3YDv(PloaKcV4?N{@v1h.qk-HPi~`-Eeg2CZ@ICOREiblkB}C~5TP1RRAk?'ju-7+ggk8@cfi2DA?GZmRj0G$EEh6&Y,XwtM9b4yJ*PC$EyyU[.81NzJ9,4?,?IuGD$^MMx3^cIq8d'KPN4@(PKvatXpf*wS=4fltLnpn%I&=1d-6}6]A73k)bg)y5G+Ox0Iul3g(W'z?VXB]2d[*xOnBb5g(X*z?VXB]2d]~x0Iul3g(W'z?VXB]2d0*xOnBb5g(X*z?VXB]2dD~x0Iul3g(W'z?VXB]2d!*xOnBb5g(X*z?VXB]2d%Ox0Iul3g(W'z?VXB]2dc)xOnBb5g(X*z?VXB]2d1~*,9G13g(Svy?VXB]2d_*xOnBb5g(X*z?VXB]2dES~O,ZtxO]JNF=48`bJf0nNL=`1st9ov2d&OMvT_n-xOnBb5g(X*z?VXB]2doHtDyiazm=Pc'mDO`B_5Oy2]N~UMb9IWGFlwTmqPm,xAP^JGO93]]*l0H?b4gd9dn3^.k?{vo4bz5&s0('fEi2=^V=]J(!RA3DXAtpIt'k@2]At~B{t7._@c,t]`+?Ope?-d&KId6~*a'MrGdSV68?.y&)*e'`Fc)^lz[Ih+-=yWA]EN]Sie+&{FAM-b?=7)TsDJa,GgOUTLOOKFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"EXCELNonBootFiles"="e8FRR}r}99i=ube?6g.4Y{DbX^d309n57@3`dwOiuRH8uw,zw8ipi(Ir{lVs(rQpeq,cCAZFwENrr77G(pr}$N%-'AprE!^m!?zW!?^Y.%Mh%?3mx+-zJDDT`~eK1~WD?A}N-}203[XozRc00vsh79^hy]e~2`L,X'GaDmh'N==MPn3rI+9c5T+1OSdz@=+i4)iJnJ`-vIv-=]Xd!9C1@@2*PU_kvL.5If?0_8PC'c?'2kLDVin,cg]629v]fCu!7rkeu`1yWXa!G=@A0aC7M`+Wj`V8f[{4@9edB9WqWbY1oxnYKU^P.9F,VMH%5-fDDqoq*Q^zX8m0KhiWYh*FeVK*HER&!ACyiz$sQ)LS.OkSi6Z_@A}91sLmBXbEL~O_--O*R9e4Jr-Xs*xiwT[jK,1bx?w-Hj2[+~&J2X?s1,aG39Ah@i?=Py}k'_@csn9R~9%VJrv^{x.0RG_&BQ&(3A]r.}87=`FgYg@oC*hJs97T-ozJ8_}+uLD-ed)(5?.ya9!dCj2IQ$hqd3A(0=yxz?dE7c5J}JL*WGO+w8$s~BKt!gdp5d9@,'*iL@Yt~-@]13V]ZVy'OG5o`9mtbLl%Pq3jASkYoKCl?@?JxPk]LlcBSFqWXEgI&?j+y,PEbzeH3M(usC}$x?TU$JLCW[X%EXCELFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"ExcelAddInPowerViewFiles"="1pDV2fTLo994sACL{LrWHP_qlj0@9A&At$SnAAC6dQ%V'2)!h9`&ODtgc1mratfhE@@61=]Oh,H9q8jtz^kS$&]AM?pErd8jJqq[nAIL]ZbY[=lf@Em.[T?+_x6YD=38B@Ugv+=4r)84}]L'I$6,Y9}%l^ken.i58H'Mi*Ma^9-ID.iAEu2p+%MF*Ho${9t1]7d7,-V2mB?8Qu+0z94?7(cllmQ)(6%KP~Ga?=h3.$-rAxGbLPr1K(OAB=kmxICEoI+d'+3%PO+d09ri]sBz'+Ti[1Et1YV%7@)Jd3QYq(i.C$nca`%Sb=zpgH_%cYZAP&g[Cqis=?CuSri*s^a`1C''MJ$I7AR6IlEEdI_NXr.INHVO$=4eNwj1%9~nc+d8%TJW1?)zFs+%p16GX+M4-`U829&a_U_=-ziqLw%TK*8F&=QKvMb5NMw1R*riz5q0C@^EXb_%4Yc$t~0=Z!WpE9)mMO^n}7F,u=}9Y_Unp9ucOBvhPzHApM7uKhPM_=PNout0apMOFyF1m7Z^*?S^Z)K@xV_3URpEUx*{f@EfY$9*!FSC%l&9TWo3@=2G(h*L,^j+BWBy2}ZAV9BE]DGv2KH-r35}Z+H_v8y!4ldTZjAy$iy8DM9(9?N)Sa4rux[cN-[I3scy&AlSjgfHvbTVtX15.a]By=kSK6n1oAYFG$1'{^,KF@h*BgIgk=H8Tf['5pYid8v=Krk7f2+KhK`o7'66n=)NC&iJSA0T=!VofdKX(?=Ek}rS!$5IR2y)2Vz3v91B.T8?RJ0pb%[4x'_!.AMlAb?wkvOX%DPo,C.C]AaZrWj=rlZ)`Ko-tz)@u@8pcY28QjBSq-MhH]u3a@5^&
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"ExcelAddInPowerPivotFiles"="U?F4U]n_^?2Nv&]x24a8YbI*_RLC~8,QOd2lKax2nzCXTa$2{?[^K`,NwKLK'EJ5WYTmw8zrBL`)ex0Xr$W8D.[A`Akf_K$z[3cBC7q,xU16r8Bn9Z+&!&aD1@ic,%6t=AWEiadRpQ$WtR*Abevdx=&}genfY+U^-xo9vS8N5=3P8&),+&~NVQ-6Dble!?8SDxVTtte)m2R3?_G6,?{H4_v1rR=o)YPF0l4Jj=3{~h_''I!je3CFYU-%q@5j@mZqVQGoj=ptjwN-Y8PcNp&0gZ0fr~QSXRYm!=Radf37'Po3a$BIfHO_Z9U`_FQOy{tgwzHupoDo+A0b6(](tE*he40Me}h$P?DDvMYE_BWC_MMU&FPa2?WwZ-=5X-{iV[?[?EjiV@t7IvW6uc&g)p{H(F_m~=V-!,aB3?7OeAU4l885u=}5,rRuW9TjJm++a~=Bl@Y0kU&Qx(G6tAHCiP[W=96f(,qjAkcwX,RF1u$,HArdA3_,5y~H!7vr@uY5(9uh5?0fK@^.yO[j0ag8w@)}hP!rc-}?X_dz5MrNX98+rZQem(J,v~8qtQR{}@?UJSX2)N.G7I)=ZW1H]A5C9uZ~15K^bb9JL{m4q?xbl2ha,s6V+me-!I0@,Aj0W1BxwE^N4?5Q$C0Qf80=x=[Sq4)$?@I[&0mf49x(_s)$+8l8ikeLocC,h?mU)*hA1uV$+9PO[@d()?()ZjDc*N'9H?DI@%@&c9rm(WR{XalTorV]gVr$Q9tpT9Wt'&kQWs}[7.``8Avt!n@Z=)LJ-zHd^Os`g9G='Aiv`T%v={Z`'~[(x?}ifIOh5,frf9ISaY&+a9n{Q.8!L,boFu2ae?mAa@5A
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"ACCESSNonBootFiles"="e8FRR}r}99i=ube?6g.4Y{DbX^d309n57@3`dwOiuRH8uw,zw8ipi(Ir{lVs(rQpeq,cCAZFwENrr77G(pr}$N%-'AprE!^m!?zW!?^Y.%Mh%?3mx+-zJDDT`~eK1~WD?A}N-}203[XovIv-=]Xd!9C1@@2*PU_kvL.5If?0_8PC'c?'2kLDeVK*HER&!ACyiz$sQ)LS.OkSi6Z_@A}91sLmBXbEL~O_--O*R9e4Jr-Xs*xiwT[jK,1bx?w-Hj2[+~&J2X?s1,aG39Ah@i?=Py}k'_@csn9R~9%VJrv^{x.0RG_&BQ&(3A]r.}87=`FgYg@oC*hJs97T-ozJ8_}+uLD-ed)(5?.ya9!dCj2IQ$hqd3A(0=yxz?dE7c5J}JL*WGO+w8$s~BKt!gdp5d9@,'*iL@Yt~-@]13V]ZVy'OG5o`9mtbLl%Pq3jASkYoKCl?@?JxPk]LlcBSFqWXEgI&?j+y,PEbzeH3M(usC}$x?TU$JLCW[X%K6~GjVSRW9QClKco&pIy4[okVj5(dAlQ2HUfXq9WgPtvhL+GK@=AU669lNM.-H&H8SVDJA%h6QneJ}1YaH0W*eBIw=WZoGJpp}Hm%Es?A[=0R=g71v!gn,)dSY7yl-m_EADIlndOq,iNACCESSFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"DeveloperWizards"="(PTE-+@C)A3eEq+B^IZ$A3`uW`W~JA+L*D,V?a]ZACCESSFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"ThemesTypicalFiles"="PJw6t5MIBALDR~1eN&?^&Fel82rTB?!941]Uy31IbRh2NO$}[?wY[8[G2kOWNP)xo{AOR987TCbk@Vo@-Ez[$3`~OAGd'm7YIgeDyOzF4kj6@A(C2VRKEym0Xn1$?[W94Ayx*&*-~9b$uW9IslYDS=s(ypHsGEDY0SccAgp4YAK^K-5f==)t2m95B!{a_91U?[D(Xo_%fcW})'`fv94*O`Zu4_.Nr'pKB1dUP?YO`G((20r(8n!(B_4}%=b)cpIV0hm=V$sHMiUh_8pF{A]6KV-^upv,.PjPV@f@(0pZ['Xgk`uxs+4b-?nQZYQ^g`zT-py4RzF4w@qf&Ru_o$df%eODe6d'H@_tL8jwX@5=N&pqr4u`c?Va,=6wnD!A{mlbg~L53Ar}jnD*9UtOxEtl?Fio.?j%.`bk@DNM{(Z)UXZ`Y@wB.EQAjfvf&cOnu6S&f?8$0KU^]xAe_JVm^d2FD9{1mUpPM^Dv$6E=wM0H`@(*VhPv5Hte9qEHu*g{R@MKJ0=wn3zb=JZ?bY*Y_8^rgE.[ZTo9.C7N.rL8'9,Bpf$ero3lv,FiY~[ds8^XK8=u?NI2IL+NjugK`8KyL@S2e9W3ww8jvvy}}@b~onmv,+cA$X$ai]V=?@]rpmG?U&r?THEMESFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"OneNoteToIEAddin"="-!NposNUc?A]r`cqr%JlzKB7wsIL%A0T!YC+]c9K"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC\Features]
"PubWizardsTier2"="NCoASG1')AO4fgN^1YmL'qy]uP1.E@`xcCNOFFfHv^%&uOUc3=c3d5htmt-9{bvNT6G){@KB4EhNDd!T^+F(5,1XAAD-(K.pyn)pIy^_Wj=o}8Hxa~)hs-WCBAZCzxw(59MC8WukN3CE]GZ`UdRPg@44u=!qQjo-Uv')w6@YAAIHfL?Xu^b(bVL$+l.FU9U%VqVM.e{[[Aw-Pf*w4=e1@iJIm^ADH+x^&jXD)=bV[Bd8(Ie_y&5gj4)yR?q'7Gz$zt,ucwr'Kw-i?A]Y7(D_FYbOPubWizards"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0AF7403EB6D26DB4C84D9599551FECD9\Features]
"DeviceCenter"="`Va3TBxs+@+R0JbC6'`shP68nrXs[A2l45Er)iH1^y@8`W2'6?imK^Y!A74=IxOiD$o6^@o{mFNTO.Cc{&A9],9,M?20+Kl5RF^X*%l5kvEp_8Dot~d!L@?o'Fyl5eBiU=m*wJ,=F{)ih_w*8U74g=(3bUDTX~Ye$i1(@u5?8@CCB2LJl`4ynTt18Ten!AkB@94T}bfV(zhMxHfMV?C6{-?0lgYz7ZJ?K{.1(?v1q$s6R&5R,N3w6zfP{?p([B31BqxdzWInq,?uC@7VJ-l3QFDUBYH~_+2j1?R*bMpSS,]d-%d2QT@IF=eZOpoIwBPMsWfM[qQS_8,7-S_aDvq6NM1Tb0PCr8Uzr_D+a%@uj0L0Cq`jv@j[I_m_fV5vC02rm.VAb9y3@AgXv&A6NykJ]v4c4=M?KU_6}r[A%mZAt_!nLAcwm?s6Y}P[zL-$%ki%^9cI=vlOINlw_?9ZsNaxU=qwe`pNVaWP%g5}40`?D93~{'5v8}&e4{2]ml9W4A0]q2DSHMDbZ?zR*xt^V=@cjS`Bn-J1hbeZE4NGK@{q4V_$16,_k97_ng&WC?{dr!%6)^-zv%BjPp-P{=rzVkmG7mxJ[y&4Idv[.?`rB^Qf!VLpL7j1cK)249nXKeB[)@}]T50*UOrE!=xO-'l(.gtHD?U1r&i9u='g7*[332eY^vJ.P082c@PWud3JgJHBdgYILHpTTA?5`))$noJqWq~{Y}Kpt8,83we._3`co4hUG_boP?Os?EBc,J=[tAPv'2F.r?1YHJI0H(h7wy5uz$,`o9qEqo!mHt'U`kf++]8TK=C0%gnRFYH-c.qZZ=deB9JR$ddTvCPdRe&Q+fHde@@T]Xd04c8pck!%,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744BA0000000010\Features]
"AdobeCommonTypSpt"="&F+9PRpg~@$7Qy!5bsRs2Ih$wwTPK=I=%u3r!0v&3H+5Vzlb4?JYZL^2_F4wKkjJyUOrt@XgAjR}-L6W3Ozplh}=JA8V%&)y&cbjP=sXx!GW+=QaXi-i+?22nqFm*@RA?Ax]vs9X5KE1?Uuvn1CY]9h]5%hs-_)($1EtTD&C!@AV%RYi&iUS6GO[6yJdB?tP?zE9`hGE(v=4xR+L'=I1?Ira0)!YhN]ko%_-R=X3u-,FZ8zA](p)G61nQ?eW*xE@dc*8$tc{rDX,M9Epg)k9{orrO]=)%)Izw=,0Imi({r_T,L$5n[nMe@T2)4aw,B'X1mC@F3wKR?%fvl)]b8gc(,0%,gK2C?jry!D96JV2,f!-zBxOj?81$1`JdUN090q-x@5^9=6{=PT(C)4w371cd+pCj@gT77*3G_o?ReaderProgramFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D79387323DF29048A45A657BCE7AD64\Features]
"Language"="o]q?y&^pdAn&j.I.i7a=d4aS$U0.]=bz=c](4d0_tasI'3*s*@BtXmEi9uT=hysb*'Sq=?HQ']*GY71%1z]N2RmKa=uUMN&{auF-Y&xi7i6Io=J{qqe[P$IPVs361%A9A9zM]dwwqF,kT1DsdP{D=@afs%'[MopJh8SiIP)W0?Dg5VG^7lo1I-l*6p(0AA*sa+,mB.-Rf3IBk37w)94J%0dHR9M`9$SJPR.Ns@YqiBfX'(f`5@*T,mRF7?VW@kWPdC7[ZIypi9C&X=OnDo@&10K?p~syszN5W?eMSq8@e~ZO0EY(sT-7(Ac9fmtUc^M48wm~w67Jz8cGH3!4gKe!NDK!.Ir-n@8V*qO,u60wJPCMpPGCXAr@.Y@ecMag8le-B0-LX8m-!iF?Fv47H&68DwGwMAz(q@_@m6s+y34m$bzA(A,8kD[JmVZmbn0@NKf6'=5H4PiZ@AEW8z9V`d]6a9$Y^8Rys)WR}nlTO{nkVAAZZ].fr`q%3v[V=lUM6?A~dDrtN@@$Fm`.*~]_QA2MCzy-XDeLc.Qe]`I64A?JU1&F7NJd}t?(E[&Z99f(tzU'Om}qK+2DwN4y,Afa]-j,&WL2'e'6SQIS4@oQeE+nYBCo1e[~(U@Ib9)3oVeO%q'DWF.V[Ah$,9senfW1ph'QBrzi3$kH3Afin-WAt%28.V5xh^b,DAjSr@+P^z&gG4QQ(N4Qd9czU}+wo&U=~{1F.SZVV?-FIv13F280IZ&!zirpt9u.N%G1o=Gr[('y.mMhVAd8FjtC]pQ7]ncosL8[g996(U'~PP'(25NmtI$K)=p'8l.FW6lF-{{asHP.69!T!Q7_q$8{T+~3H3@wi9_,l%+ZYX'4W5%,j7AKd
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D79387323DF29048A45A657BCE7AD64\Features]
"MotorolaMediaLink"="f}rR_$,p29V=v_LhCYw)sVC,EtyD,@fIn{Ho}!DJH*RaGe=ik9i1%Yv]1e@Bdt1oZpWY$=(r`jzj+MC%$PDCY-V%w=m)MsJruWeXE-Zqc)(0T@}ve^yMp].FnL,Kgz'xr=jyX`,MDX!tu@,!'3U!Q@Hhp[Z*ro1B)i}O0]t+6=Nk)xE?fZh]'Lluu65}I@410UYY=E23tkSVpUyFK@YL({_jef(eF3H]xDWQs@.ZKNj7tH4?$.?=a5o7t@idas8gpRnv,6NAcR((*?ZIjD`_(y[p5=d-.O56?@R+!h3GcD*IUIzFe~&Aq9wMf,H_JF]xj,6bKzpnj=yZCW44,9Ne?R,6jK$wW?kmZ&q^gojezV(h-MI=p@7o&f[yG_SS0]5kqB2mt9NxhcTY1g8^R*Hlb[?px9AYz1ff.Klr7s6xqNd[t@bbnZ-jRzBF1*cSO)Fz%Aj,5%$?rtx4uac)1!X-]AoX@_mCIKy0xpVuX~O}MA9!9PdOUte8-T8&IVVu9@acQ{`O%tVe-U1sk[Pmc8k?M5Vt.o&D2aIHQblTh9}Hb$p`uJ^O]OYc6}'J7?q7MRd_~J`@M-u't?@=_A'X[dZ){OOY)9j{De8p`=Kq*z&dSi,s$a@d7L=*g993$`6cUj?b6oo.Lfu2(AqO!z3m-yWcIh?)nRQkC?2Hm5&J'XB'E7R'2*je*AI9k`jy](17y'*z]SQ'N='m'c_E'tJlB,@X&pbWk=u@p$P8&-b*P.o}*`$gn8vLCewqAT{)`sbAY.NVo9Eoi9+]Y@&y'{vdBi7mb=B=.R*(.=(.3SX))$BkdA~u,(JD*bGFy=+L7cOWy=p9TK4xjY6o}o[ayK+EUA=YL7FwP+0{
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D79387323DF29048A45A657BCE7AD64\Features]
"SUE"="*[)$NT-`N973T&&D583[kt.7.9J?t80aQW6HgnB8fhyFFfVcO?VuOV-'=Hml[58KiOD_}8(Sze*7`^9R2INR3`I9&?giP6x,s{boITzaC}zyQ@Zq3QlMCb0eV2?0@7$9*=IdbugpYRMX}GHaGLdZ==A&kv@Y~]3iui-r60O)l=Em%pCn7G4)XDUgy77v$M[FIR6V9xH?JCsd`SZ2Ja]?Jt8)6yP9FI].8GR0~2{bCza0~[*aVZa*&)=w*a2k%WKDmj%fPbCx4N%Bp9,DR$R.3]qnO6d}cU&QMAl?OPm`Ez%EA7X{'T}Z8*H9vL-2wV6KdEOr[5DGDsm$6RvjZY71PvxQUGzOyIfCDa'9lFuPRE}I$f6`z]e'F[se_q$_XyhvT0J9,Nyw]WP,aAVg(rz`v%!qAJ+dKQW6%L=21`Lkq00cyJ9QA%xQT]doX-t31G&2~HoWbfqU,.J9A+tLeQ*RL,Ubu_'T(7pd6K*F?r&]2nT-+?9?w6FZlP^idk`'?W@6?q7Fwom7}_9O'1L!0GfurSvZ-&IH&BGtx7{DS7m(PO5'rHOUQ8inEF(Y7oK^H8G4MR`b2RTe0&Jp(JBp5MTH$SMf%b,dYke}7_`sNRQ4,RO?bZXUtUMU3eIM2d3S3kHEI)l3g*uOqjoH'Xy{'SFd,+)Vk-7x8[AZIt7WB'MruB87{P)VgL+Ni7{Py1VgX0ydxm$~JQ2hFd$^~z@5%gbG^G9sum!.ypj}GVz`Yf+UwEm0Wo0YDe.II-M*VTp0G]ot85UNp^a9q0([xD3,&8T)ZVYwPCC2bR5*.jd4tpGRpE1@wr4yVw48JV}jhcEjFGf7PM*D}vmJr&}F$S?NS.=6lae3{wghfUuPI'g?ULLPSl
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C28643E881181F13CBC489DC69571E2C\Features]
"NetFx_Extended_amd64"="Qh6OP0Hby@1Z10B{NfGg,G!a]6YQ)?mG5Oszu,lMn,_HAj]}a9B!y+iyqANHbX-fS?{J(?MRq{W}pwQI^Bd.IDbD!@Y2fpWe@7?R}]1H?YXHm=YTfhmOVsPsI'RDCavH!A=VfWEPOPgA'eZ*Q9Ydz=4XRt*IKp{zxQzHozxTB=R'(kO=_fxT{{u5h,RdF94r%T,,u5+uA{v.9kP(h(87OyM&lrLW=msy%xP(h(@Rft@&lrLWA{DfDuP(h(V[m?!&lrLWbA0eyH@!l9oiPzA(x`P=+T_Yvc5_V92t13'q4@zSsq(oHq(H*Ak+{9`3lKbIxNyB$UP+g@FzcV&4GgEdEEsM1{P(h(V~0^Y&lrLW^TclV}P(h(3osM^&lrLW)S9qNyP(h(_N2OM&lrLWEW1wKYkcN?4zAbbo1%_P[e4LKb'uH97B6bc7gZ?eoM![Affi9@P^4L?FQut23,oX]-~G+?B%uIJvl2V*?diTloi~)?fq{`T]%lv.ZD$LU8EYc9!82UpT9vT^'flAQkz'u=}b(o%Y&s*,9@-Q0gkG9?$,=X[ISGft%]p`EZ]~C9P~Ta8U7]K6W$[Gz_hha8j_pNDnl*F[VFzAMaelJAXPuK?3O`[dPwMzKid,QAZ{Sb]`TLS4LJD,S=Xgr9clg%ePS%qdpK}l6p%?f9WXU[_YGw3@fC]AH)SWp@7xhR6}??ts0gVp3-~Xi9B)Jm40e.^MYL-A$xr[a={uy074ivQ3iak3gh9ZK=N-`_gv5HA)VH4S-&4iE9+NNJ-6KOzH{1IU&C%Uw8-Gl1,2iS)mQTgeV]_%B?Bl`]1eYjCy$l'3W3TrTAlMv~csrWK)J40Kyi`y,9C7HKScy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D32692670D0F6CA47A36BF0EE68D82C8\Features]
"UIFeature"="E&`B2.ed]@n}1Nq`iV$nj%guW2BCe?wUg2+ia([vRJ**h8+f-9(%[SVEcb)T8ZJD%-r.w8[J^@`MYYS?{L{_o{4$x9PNy9$ZH$2NgpT[[a{dh=2c'vH}X.w8Tdjm`g~Kk=Sv&}lG!u2xL$+Q*$?f=9%K4jyqN,RHLIYI&}P13=,Zp*n3zC4[akG2SEhO9@nK3OD9''LL}J[90p&c!?lyIakrwX8R5,L~Z.g^LAbA{%mpM?&q_y'o_4o=*9z&MBzak}^2&IZu8rbLx=L$njSMO`JMTKIfQ?Eef=Ku3Aq@x*4hl@Mh1e%Y7AKUZW-J,LaJni]D3^}go85hWJMb+QUK@Q($(Cfv%9F_{_y%l{L6`q4j@0cS4A..1['RTZ,I~sX'G=vH_9%r]'Kco'x=uT@ymm@]^AvHn,c~WXA&pyGtT0y@m96pE}xq'M@LYQr~$'BKt9I*{18]yK*dPEv+l+69p?YRb.k_L[TOO`Y2Q`-NS9eI%8+Fv4bu(U(I$YZ[i@W!nbXbu{U?pko)_cjgR=0[e`iX)8ECx2@^vq(]z?L@_qa4tVppyelNT=V'BA52B,5z+%bj=NSSP&+I9=hFh,7vO)N-%zZ_h7!=V?'6%~39RRd5XFpDn)^l,@3X[Q3)gvqHc,AxXRu6F@6mv7=e*bkceo!EafG*r8N{GC%GmcUWy2fMdK@=C@]T~RUiI)h*,)%HI23oa9MoM-FB&a%`N9!dc8QpV@5bZGaMe'recn]XjqT0]8h]x!^$a60i7ZMG*wJQ(9B'rNdA6nUTCpck?K8n]=Fjjuz0[7Uuf$cJk?V6k9yC)h$9z2VDZ%BuBY`4.=Ot4e3iXFkKjzNr__'oHA.Cne5_!V$5{kb-SqZi
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D32692670D0F6CA47A36BF0EE68D82C8\Features]
"ServiceFeature"="?uR6[fyJ49klO4S%?qXg3o%H[y,Zm?D2zMx%ca6_[zyLrvfH(9+?Q2daC&dkibpe_l[aXA]+m~jjPtaOukhVgWx7y@?Mo^x?31L'*{wo[S3g,An{y0X0'qHL7sCJhFrsV96R?]0IuSXPEq)@@1*IFA~?me!+TvK]~KzIp68WO?YRJDOh'L)K%c!CRGoTa9cM2$7ENS{q=1^A&KZW)=kMP_s01@SH1='^^=$cD@Vwt@C^JohIqY0Y,qX^O=o2-,,V}@Bkn+n?78GRi8ieK@G3vDp^4IgY8smS^Ac0'oIq!1aVldO(MU~H?AeNot$7P{ND{ZRMDWIkY84rU?LfSGPTFnp1s?R4^9sjNisf,7ng7J_6&^3lg8.+eyxJt%A+a9PE@Eqqc@y^B-^(Mz[VuRzZXfSM-A3.QJ0^i}J'b%uR1B274A&K@&dM2u*gSP^}F_I!eAg7MO.=P)!yT}mbBn,Js9LG{Jo0a3q$(K%`EO)tp9q(iII7.i73h_bLN0DpF@%cvG62kp.]HSnJmuj9u?@v2r_KU`t?BDwTlnKQL@+hdOlQTFIEYa@R7ccQ7?[0,hR,lp9."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\Features]
"NetFx_Core_x86"="2bH9udR2w@L`!Fr`$CwYDQzPu~vx'9F^ni_KqNz+9l,AZ2=Od==bStauA7UO651Wahf$J?6$'Ljzqr]XT~kyEA+,e=*H*$9[&~1zf=*mv8vWF?udTV[1RFKck$-tyK{mu=&NeXi[?g^Fttp?nlVPX8*gvj28f[Tb=epgYL`kq8.n2VYgG,5^,(q9faYu6=}E%lsX^{1Wqe')b_.&`@52M_Fks)OHj9hj1QP1s?{8@.R3ikgg(MQ0qhm&F@)Vr=nrsk5qOCsx1ns]-A^ky`'wy?%TLk6x3}dTy9r5Q{ZK?tznQ$rCX?Gog?{kdYOP~Cj753[o^X0JH=G(Y2RUgSNi1u['oxHOS=*3t+xhCI@]jAN1.0PF{?Zgj^,ufCF6(@TSr9.Q'AO@ulPJ2,[d3`~80vxjD?$YEj$y7=Q?`LD%D?HHQ9irO-Hxt5_+kP?lP!B=7Ar}@LE{1{H-V9d`rLJ@F=`Mv5HT?_0o8KsrnQoi)=dIV5DqM[Oicm77DcFz[=yaT2?AiB,8%7k{MAO-8@['DD1hnioo$$A$u(}NE@S1O8wvHTaJ8V%w.Z~5I9]e%@-Ym,N2kAqFL&=-O@iD?KG4Jjh9zJR`=Gr}5Az6m9n=s0Sns{a~`JxN?AZu5QQ_(VA]2lLI0B@fH?A`7Ngksq6gC(c(I_axM?[R$9*f8{_.lpMfZ?7cE@S@1$Pp2L^+kLzX5.,uV@817!p-NBizW1@i^`iBi?rBjQQssH]Ena^$`*cZdA`U4pKab=^&M8Rq7ycg{=rB4`)9+Yk]*R^C1~P(h(mtg}a&lrLWs'TF&(Jt`=utGFkLt7~Pn&Dx-GJcw?nkfvuy^B,IGk%n+br+Q?,vIu0u7H0C9@0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\Features]
"NetFx_Core_amd64"="rZGp.1-M4=9Z&Q,k8hgTGe%6pD1ETAxL7.LeRU%Pxr6rKYRk[@*bGK_JPf6_O[T-WvmUG?.STkoJV$9D`yFM`V.(j?5]i'AKuKOKJQ-fL.MGAAWWvkZC2t!Y(91'3NpGO@ya,]$={]vm~'4%3T4${9abEM2D[=-`K$G57Hu9s=S{H(o0N{9N~fV*-Hs{V?3%V$t[Ck5op]XV@.B&eAamG0w~l+4C,ILfh.XH8?H^yLFUFeeFsMnUG[BZk9=ie-@.qI`Mzf~zKE2[K9oG2i^PZD6Cy`gTB%vs!9eOHbPGNCdrFehZCV[CI9=iGMmp~o*_f+bLx~GL)?G'5llsk=TgvsW]-w4tf@5g9=8DxUDE[6H10?f}S?Ao'NH&H9XU=yG{l!X`*@8Do^MI%@u5h@tabNWwh9UV@cKg2$,@@z^ka[f0$@y+P]J`9A[I-]]W)C4i@=uV(Z'Bk*DB66kX7KR&T96=VYuK{5NOo)s&axf,F@kkwdQ+etxd~8,fE~OqL?fT-)p^.0}j,9+VIN}}`=5yB+aX!fzw]e].xIS6]@X']'5n}XFEea34%y&9g@~xwAh(U+o2^SqbrG2qMA!CAU(CCT2zKVcJTDunW9.$w=G]Y$c^E3bF)($!Y8D23M[]^!WQC?$Y=dv)g@=XB`m]^(6=}S^rkKvvq@WOppB?9gC]3sawa,zM&=?)b05izq?*]s.{wpVLMADR](oo71*=gzB5aN,TV?VyUOd8F.VNcw*5)qPh1?Uyw@N1&CXY05AP&FY_*A{CXoIJ,2G**~mM-~P(h(ykRwa&lrLW})*P0QMxx8UiF^%DcJCV}gU~YFU=D='._NPn&kEhlaq=HxAH*9R,4W%QNDaWC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E76AA5B70AEFBB04AB5BAC6546A585C9\Features]
"F_Common32"="C.AN57LVT@[9Y6]m5pWRP,*Ie3Qi%=C2bliGO&=cdP2wpll.m8RCf{]F`.RimI?Ds4ZWe8N`Vn)0LpeZn1]8PRl'2A~mJsn7E(jihV$z9)i@o=8O$-U8?~X5}Vs+F1t$m@&`5'j}9..zW{)U2*NfR@o+ylLxZDuZI3Z$uFMv]@r=VG`'ZTMAP?Gb*]imX8CtW}NWIg]BA-0El]96z@}j*sScU4%.40wj&Ny]t=E'egrB1Sb7f+07Q+Dfz?,HxHF6[kBU(DFAe5oGa?T3QVF3QyuE9ZA3g]*H8A2k?6*'46ZJ)^4`uaLv5(Kn?ivN-g68DNjQ)a*8E9i-rR!N5P5zsU]~BiK3E?~7p-B0-G]5JQL@A'OlW9_0.8T4ZT_O`0~_fsQ%&@Jc{$O2KZTqHxXGvHhn)?u`Ca=H(civPU!VQR@Dx@D2s(^dC=LPD6!^hEq*@AY9}hCpxk'oISa.@TXa7@S&6o2Cm5k8}~hej=RF2(buJ29J-54jXyR9{Q=IKA.xd0KCaUUQWU1l]D*9H?!RsN!JR5XBdSn^_v!C79z7Qf(1Dtxj5f5SNw[S2('aRbYH]IaZ3F8gimkvk@U=5~umq3i@)IibZ&^6p?SA]k@f@u7P&3TzYZ_4A9ytA(ii@YGb-,JJr=[S2(R&!u,m}jgT*bj$0m4cM=YitLNbie60m*l3zwuaK9,-}MuV(HCHMcIT-'J3!=1R1JDu%oo$"

-= EOF =-




D.1. Contents of the first ESETScan.txt on Chrome. where I mistakenly left "Remove found threats" checked:

E:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\6.0\19\7b779d13-3665b201 a variant of Java/JShrink.A application cleaned by deleting - quarantined
E:\System Volume Information\_restore{55C25166-F53F-4813-8140-0C60833AEE26}\RP297\A0102599.exe a variant of MSIL/Injector.AVU trojan cleaned by deleting - quarantined
F:\DIGITALSTORM-PC\Backup Set 2013-07-29 210920\Backup Files 2013-08-04 190001\Backup files 1.zip multiple threats deleted - quarantined
F:\DIGITALSTORM-PC\Backup Set 2013-08-18 234753\Backup Files 2013-08-18 234753\Backup files 1.zip multiple threats deleted - quarantined
F:\DIGITALSTORM-PC\Backup Set 2013-09-01 225437\Backup Files 2013-09-01 225437\Backup files 1.zip multiple threats deleted - quarantined
F:\DIGITALSTORM-PC\Backup Set 2013-09-15 190000\Backup Files 2013-09-15 190000\Backup files 1.zip multiple threats deleted - quarantined
F:\DIGITALSTORM-PC\Backup Set 2013-10-06 190000\Backup Files 2013-10-06 190000\Backup files 1.zip multiple threats deleted - quarantined
F:\DIGITALSTORM-PC\Backup Set 2013-10-27 232924\Backup Files 2013-10-27 232924\Backup files 1.zip multiple threats deleted - quarantined


D.2. After re-running ESET Online Scanner on Internet Explorer, it found no threats and did not produce a log.


E. No changes yet - still get the second Yahoo/Spigot search tab when opening Chrome.


Thanks again for your help, pgmigg, and sorry I didn't read your fine instructions closely enough.
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 17th, 2013, 2:03 am

Hello Mao55,

Thanks again for your help, pgmigg, and sorry I didn't read your fine instructions closely enough.
You are very welcome! :)

A. I made a mistake running the ESET Online Scanner, which I hope didn't screw things up. First, the instructions fr this Step 3 include for browsers Internet Explorer and Mozilla Firefox, but not Chrome. I do not have Mozilla Firefox, but I do have Internet Explorer. However, I rarely use IE, and use Chrome instead, and that's where I got the infection with the Yahoo/Spigot tab. So I thought I'd run ESET on both browsers. I did Chrome first, and that's where I made the mistake. In Step 3. 6., the second line is "UNCHECK "Remove found threats". I left it checked, and just my luck it did seem to "find" something in my System Volume Information and deleted it. *Sigh* FWIW, I then ran ESET on IE, following the instructions exactly, and no threats were found. Let me know if I really damaged something, or if there's anything I should do about this.
Please don't worry - we are human and making mistakes is our nature. In my last post I made a typo in Step 2 and a mistake in Step 3 too . ;)

Now I would like to repeat a small peace of my Welcome post:
Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
Right now you are lucky and nothing was catastrophic...

Let continue:

Step 1.
FRST - Farbar Recovery Scanner Tool Image
Please download FRST64.exe ... by Farbar. Save it to your desktop.
  1. Double-click to run it. When the tool opens click Yes to disclaimer.
  2. Press Scan button.
  3. ... A log will be created FRST.txt in the same directory the tool is run.
  4. Please copy/paste FRST.txt it to your reply.
  5. The first time the tool is run, it makes also another log... Addition.txt.
  6. Please copy/paste Addition.txt in your reply.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Users\David\AppData\Local\Slick Savings\*.*
    C:\Users\David\AppData\Roaming\Slick Savings\*.*
    C:\Program Files (x86)\Common Files\Spigot 
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Common Files\Spigot\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Common Files\Spigot\GC\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj]
    "path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj]
    "path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp]
    "path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj]
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *spigot*
    
    :folderfind
    *spigot*
    
    :Regfind
    spigot
    mhkaekfpcppmmioggniknbnbdbcigpkk
    pfndaklgolladniicklehhancnlgocpp
    icdlfehblmklkikfigmjhbmmpmkmpooj
    hbcennhacfaagdopikcegfcobcadeocj
    {4593F72F-836C-4A7E-8F54-B3B1CE3D1CB5}
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the FRST.txt [/b] log file
  3. Contents of the Addition.txt log file
  4. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  5. Contents of the SystemLook.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 17th, 2013, 5:42 pm

I hear you about the reminder to follow instructions and ask questions. Sorry.

With that in mind, the link that you provided for FRST64.exe yields a message that the version of FRST64.exe is outdated, and it's strongly recommended to d/l the latest version. I would presume that OK to do, but given my previous misadventure, I thought I'd double-check with you first.

Thanks.
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 271 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware