Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Flash Player Security Error Screen Is it a Virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 8th, 2012, 8:49 pm

When I go to some websites and click video or image links, I get the following intermittently:

Adobe Flash Player has stopped a potentially unsafe operation. The address it tries to communicate with is different depending on the site. When the error box pops up, it crashes Firefox browser. Sometimes I can shut it down with Windows Task Manager, and sometimes I cannot, or Firefox browser windows will all close. I have tried uninstalling and reinstalling Flash several times as well as upgrading Firefox, etc to no avail. I think it may be some sort of virus. Can someone please help?

Image

Once again, I apologize for my error in posting the logs the first time, and hope someone can help me here.
Here are the logs:

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by robert at 9:14:09 on 2012-11-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6135 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Windows\System32\StkCSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
StartupFolder: C:\Users\robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} - hxxp://www.iradiopop.com/IRD/INDBrowser.CAB
DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} - hxxp://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0} : NameServer = 209.18.47.61,209.18.47.62
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8310BB86-6F61-479B-892F-306AB678E156} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q=
FF - prefs.js: network.proxy.ftp - localhost, 127.0.0.1
FF - prefs.js: network.proxy.gopher - localhost, 127.0.0.1
FF - prefs.js: network.proxy.http - localhost, 127.0.0.1
FF - prefs.js: network.proxy.socks - localhost, 127.0.0.1
FF - prefs.js: network.proxy.ssl - localhost, 127.0.0.1
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-27 08:42; {0153E448-190B-4987-BDE1-F256CADA672F}; C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-12 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-5 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-29 2413056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe [2011-9-19 24576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-5 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-5 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-6-12 12289472]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-29 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-29 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-5 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-5 428136]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-8-25 202632]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/20 13:55:44;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-12 1038088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2011-9-19 632704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-08 12:39:56 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B0D7FA7-179E-4393-9363-7DE56853AE7E}\mpengine.dll
2012-11-07 00:16:12 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-30 23:40:29 -------- d-----w- C:\Program Files (x86)\MediaMall
2012-10-30 23:39:43 -------- d-----w- C:\ProgramData\MediaMall
2012-10-27 12:42:25 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-10-20 11:55:06 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B82DBAC-1622-4E6F-9190-19C402D8BA56}\gapaengine.dll
2012-10-20 00:56:31 -------- d-----w- C:\Users\robert\AppData\Local\HP
2012-10-20 00:56:28 -------- d-----w- C:\Users\robert\AppData\Local\AuthenTec
2012-10-17 14:43:56 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-10-10 11:04:58 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 11:04:57 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 11:04:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 11:04:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 11:04:51 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 11:04:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 11:04:46 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 11:04:46 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 11:04:46 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 11:04:46 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 11:04:46 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 11:04:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-11-03 14:39:01 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-03 14:39:01 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-27 12:41:51 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-10-27 12:41:51 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-01 19:08:14 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-01 19:08:14 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-01 19:05:53 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-01 19:05:53 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 9:15:09.56 ===============

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by robert at 9:14:09 on 2012-11-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6135 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Windows\System32\StkCSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
StartupFolder: C:\Users\robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} - hxxp://www.iradiopop.com/IRD/INDBrowser.CAB
DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} - hxxp://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0} : NameServer = 209.18.47.61,209.18.47.62
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8310BB86-6F61-479B-892F-306AB678E156} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q=
FF - prefs.js: network.proxy.ftp - localhost, 127.0.0.1
FF - prefs.js: network.proxy.gopher - localhost, 127.0.0.1
FF - prefs.js: network.proxy.http - localhost, 127.0.0.1
FF - prefs.js: network.proxy.socks - localhost, 127.0.0.1
FF - prefs.js: network.proxy.ssl - localhost, 127.0.0.1
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-27 08:42; {0153E448-190B-4987-BDE1-F256CADA672F}; C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-12 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-5 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-29 2413056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe [2011-9-19 24576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-5 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-5 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-6-12 12289472]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-29 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-29 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-5 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-5 428136]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-8-25 202632]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/20 13:55:44;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-12 1038088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2011-9-19 632704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-08 12:39:56 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B0D7FA7-179E-4393-9363-7DE56853AE7E}\mpengine.dll
2012-11-07 00:16:12 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-30 23:40:29 -------- d-----w- C:\Program Files (x86)\MediaMall
2012-10-30 23:39:43 -------- d-----w- C:\ProgramData\MediaMall
2012-10-27 12:42:25 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-10-20 11:55:06 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B82DBAC-1622-4E6F-9190-19C402D8BA56}\gapaengine.dll
2012-10-20 00:56:31 -------- d-----w- C:\Users\robert\AppData\Local\HP
2012-10-20 00:56:28 -------- d-----w- C:\Users\robert\AppData\Local\AuthenTec
2012-10-17 14:43:56 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-10-10 11:04:58 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 11:04:57 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 11:04:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 11:04:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 11:04:51 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 11:04:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 11:04:46 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 11:04:46 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 11:04:46 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 11:04:46 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 11:04:46 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 11:04:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-11-03 14:39:01 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-03 14:39:01 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-27 12:41:51 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-10-27 12:41:51 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-01 19:08:14 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-01 19:08:14 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-01 19:05:53 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-01 19:05:53 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 9:15:09.56 ===============
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm
Advertisement
Register to Remove

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 9th, 2012, 6:39 am

bonnie,
Perhaps I was a bit hasty in my judgment on your previous post.
If you wish to continue, please proceed as follows:
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
--------------------------------------------
TDSSKiller - Log From Rootkit Removal Tool

  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt was probably created in the main directory of your C: drive.
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  • If it's present, Copy and paste the contents of that file in your next reply.

---------------------------------------------
Download the OTL Scanner
(If you already have a copy, use it if it's less than 2 weeks old. Otherwise delete it and download a new one. )

Please download OTL.exe by OldTimer and save it to your desktop.

---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

If the Extras.txt file does not show up, that's OK.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • log from RogueKiller
  • log from TDSSKiller, if available
  • OTL.txt
  • Extras.txt, if available on your desktop
Please feel free to use separate replies.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 9th, 2012, 8:43 am

askey thanks for helping. I'm really sorry about the mistake yesterday, but it was a terrible day.
Anyway, here is the first report you asked for:

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : robert [Admin rights]
Mode : Scan -- Date : 11/09/2012 07:38:51

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] GoogleCrashHandler64.exe -- C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[TASK][SUSP PATH] Update Check : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 -> FOUND
[PROXY FF] 8s4f2jle.default\ localhost, 127.0.0.1: -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0} : NameServer (209.18.47.61,209.18.47.62) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0} : NameServer (209.18.47.61,209.18.47.62) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] d15959b51e486789a82a807e5dc39930
[BSP] 139f9342507d5f69d78b8d4d1cc64ad7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700286 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1434595328 | Size: 14815 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] e9db50b585bb6053fe928f1845a2075a
[BSP] 139f9342507d5f69d78b8d4d1cc64ad7 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

Finished : << RKreport[1]_S_11092012_02d0738.txt >>
RKreport[1]_S_11092012_02d0738.txt
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 9th, 2012, 8:45 am

18:19:56.0056 1764 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:19:56.0368 1764 ============================================================
18:19:56.0368 1764 Current date / time: 2012/11/08 18:19:56.0368
18:19:56.0368 1764 SystemInfo:
18:19:56.0368 1764
18:19:56.0368 1764 OS Version: 6.1.7601 ServicePack: 1.0
18:19:56.0368 1764 Product type: Workstation
18:19:56.0368 1764 ComputerName: ROBERT-HP
18:19:56.0368 1764 UserName: robert
18:19:56.0368 1764 Windows directory: C:\Windows
18:19:56.0368 1764 System windows directory: C:\Windows
18:19:56.0368 1764 Running under WOW64
18:19:56.0368 1764 Processor architecture: Intel x64
18:19:56.0368 1764 Number of processors: 8
18:19:56.0368 1764 Page size: 0x1000
18:19:56.0368 1764 Boot type: Normal boot
18:19:56.0368 1764 ============================================================
18:19:57.0273 1764 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:19:57.0273 1764 ============================================================
18:19:57.0273 1764 \Device\Harddisk0\DR0:
18:19:57.0289 1764 MBR partitions:
18:19:57.0289 1764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:19:57.0289 1764 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x557BF000
18:19:57.0289 1764 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55823000, BlocksNum 0x1CEF800
18:19:57.0289 1764 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
18:19:57.0289 1764 ============================================================
18:19:57.0304 1764 C: <-> \Device\Harddisk0\DR0\Partition2
18:19:57.0351 1764 D: <-> \Device\Harddisk0\DR0\Partition3
18:19:57.0382 1764 F: <-> \Device\Harddisk0\DR0\Partition4
18:19:57.0382 1764 ============================================================
18:19:57.0382 1764 Initialize success
18:19:57.0382 1764 ============================================================
18:20:41.0343 6584 ============================================================
18:20:41.0343 6584 Scan started
18:20:41.0343 6584 Mode: Manual;
18:20:41.0343 6584 ============================================================
18:20:41.0593 6584 ================ Scan system memory ========================
18:20:41.0593 6584 System memory - ok
18:20:41.0593 6584 ================ Scan services =============================
18:20:41.0920 6584 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:20:41.0920 6584 !SASCORE - ok
18:20:42.0123 6584 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:20:42.0139 6584 1394ohci - ok
18:20:42.0186 6584 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:20:42.0186 6584 Accelerometer - ok
18:20:42.0248 6584 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:20:42.0248 6584 ACPI - ok
18:20:42.0295 6584 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:20:42.0310 6584 AcpiPmi - ok
18:20:42.0373 6584 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
18:20:42.0373 6584 adfs - ok
18:20:42.0498 6584 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
18:20:42.0513 6584 Adobe Version Cue CS4 - ok
18:20:42.0591 6584 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:20:42.0591 6584 AdobeARMservice - ok
18:20:42.0669 6584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:20:42.0669 6584 adp94xx - ok
18:20:42.0794 6584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:20:42.0810 6584 adpahci - ok
18:20:42.0872 6584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:20:42.0872 6584 adpu320 - ok
18:20:42.0903 6584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:20:42.0903 6584 AeLookupSvc - ok
18:20:43.0012 6584 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
18:20:43.0012 6584 AESTFilters - ok
18:20:43.0090 6584 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:20:43.0090 6584 AFD - ok
18:20:43.0168 6584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:20:43.0168 6584 agp440 - ok
18:20:43.0231 6584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:20:43.0231 6584 ALG - ok
18:20:43.0278 6584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:20:43.0278 6584 aliide - ok
18:20:43.0340 6584 [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:20:43.0340 6584 AMD External Events Utility - ok
18:20:43.0356 6584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:20:43.0356 6584 amdide - ok
18:20:43.0434 6584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:20:43.0434 6584 AmdK8 - ok
18:20:43.0590 6584 [ 06778049A44C316E8D016039B9D14667 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:20:43.0761 6584 amdkmdag - ok
18:20:43.0808 6584 [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:20:43.0808 6584 amdkmdap - ok
18:20:43.0855 6584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:20:43.0870 6584 AmdPPM - ok
18:20:43.0902 6584 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:20:43.0902 6584 amdsata - ok
18:20:43.0933 6584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:20:43.0948 6584 amdsbs - ok
18:20:43.0948 6584 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:20:43.0948 6584 amdxata - ok
18:20:44.0011 6584 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
18:20:44.0011 6584 AMPPAL - ok
18:20:44.0026 6584 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
18:20:44.0026 6584 AMPPALP - ok
18:20:44.0136 6584 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:20:44.0151 6584 AMPPALR3 - ok
18:20:44.0198 6584 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:20:44.0198 6584 AppID - ok
18:20:44.0229 6584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:20:44.0229 6584 AppIDSvc - ok
18:20:44.0276 6584 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:20:44.0276 6584 Appinfo - ok
18:20:44.0385 6584 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:44.0385 6584 Apple Mobile Device - ok
18:20:44.0432 6584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:20:44.0432 6584 arc - ok
18:20:44.0448 6584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:20:44.0448 6584 arcsas - ok
18:20:44.0588 6584 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:20:44.0650 6584 aspnet_state - ok
18:20:44.0713 6584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:44.0713 6584 AsyncMac - ok
18:20:44.0760 6584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:20:44.0760 6584 atapi - ok
18:20:44.0838 6584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:20:44.0853 6584 AudioEndpointBuilder - ok
18:20:44.0853 6584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:20:44.0853 6584 AudioSrv - ok
18:20:44.0916 6584 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:20:44.0916 6584 AxInstSV - ok
18:20:44.0962 6584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:20:44.0962 6584 b06bdrv - ok
18:20:45.0009 6584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:20:45.0009 6584 b57nd60a - ok
18:20:45.0087 6584 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:20:45.0103 6584 BCM43XX - ok
18:20:45.0196 6584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:20:45.0196 6584 BDESVC - ok
18:20:45.0243 6584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:20:45.0243 6584 Beep - ok
18:20:45.0306 6584 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:20:45.0321 6584 BFE - ok
18:20:45.0352 6584 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:20:45.0368 6584 BITS - ok
18:20:45.0415 6584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:20:45.0415 6584 blbdrive - ok
18:20:45.0493 6584 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:20:45.0508 6584 Bonjour Service - ok
18:20:45.0555 6584 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:20:45.0555 6584 bowser - ok
18:20:45.0618 6584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:20:45.0618 6584 BrFiltLo - ok
18:20:45.0649 6584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:20:45.0649 6584 BrFiltUp - ok
18:20:45.0696 6584 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:20:45.0696 6584 Browser - ok
18:20:45.0742 6584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:20:45.0742 6584 Brserid - ok
18:20:45.0774 6584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:20:45.0774 6584 BrSerWdm - ok
18:20:45.0805 6584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:20:45.0805 6584 BrUsbMdm - ok
18:20:45.0852 6584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:20:45.0852 6584 BrUsbSer - ok
18:20:45.0867 6584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:20:45.0883 6584 BTHMODEM - ok
18:20:45.0930 6584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:20:45.0930 6584 bthserv - ok
18:20:45.0961 6584 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:20:45.0961 6584 BTHSSecurityMgr - ok
18:20:46.0023 6584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:20:46.0023 6584 cdfs - ok
18:20:46.0086 6584 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:20:46.0086 6584 cdrom - ok
18:20:46.0148 6584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:20:46.0148 6584 CertPropSvc - ok
18:20:46.0210 6584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:20:46.0210 6584 circlass - ok
18:20:46.0273 6584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:20:46.0273 6584 CLFS - ok
18:20:46.0382 6584 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
18:20:46.0382 6584 CLKMSVC10_38F51D56 - ok
18:20:46.0444 6584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:46.0444 6584 clr_optimization_v2.0.50727_32 - ok
18:20:46.0476 6584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:20:46.0476 6584 clr_optimization_v2.0.50727_64 - ok
18:20:46.0554 6584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:46.0678 6584 clr_optimization_v4.0.30319_32 - ok
18:20:46.0710 6584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:20:46.0803 6584 clr_optimization_v4.0.30319_64 - ok
18:20:46.0866 6584 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
18:20:46.0866 6584 clwvd - ok
18:20:46.0912 6584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:20:46.0912 6584 CmBatt - ok
18:20:46.0928 6584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:20:46.0928 6584 cmdide - ok
18:20:46.0990 6584 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:20:47.0006 6584 CNG - ok
18:20:47.0053 6584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:20:47.0053 6584 Compbatt - ok
18:20:47.0100 6584 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:20:47.0100 6584 CompositeBus - ok
18:20:47.0131 6584 COMSysApp - ok
18:20:47.0240 6584 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
18:20:47.0256 6584 cpudrv64 - ok
18:20:47.0302 6584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:20:47.0302 6584 crcdisk - ok
18:20:47.0365 6584 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:20:47.0380 6584 CryptSvc - ok
18:20:47.0427 6584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:20:47.0443 6584 DcomLaunch - ok
18:20:47.0490 6584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:20:47.0490 6584 defragsvc - ok
18:20:47.0552 6584 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:20:47.0552 6584 DfsC - ok
18:20:47.0599 6584 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:20:47.0614 6584 Dhcp - ok
18:20:47.0677 6584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:20:47.0677 6584 discache - ok
18:20:47.0739 6584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:20:47.0739 6584 Disk - ok
18:20:47.0755 6584 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:20:47.0770 6584 Dnscache - ok
18:20:47.0802 6584 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:20:47.0802 6584 dot3svc - ok
18:20:47.0817 6584 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:20:47.0817 6584 DPS - ok
18:20:47.0864 6584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:20:47.0880 6584 drmkaud - ok
18:20:47.0958 6584 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:20:47.0958 6584 DXGKrnl - ok
18:20:47.0989 6584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:20:47.0989 6584 EapHost - ok
18:20:48.0051 6584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:20:48.0114 6584 ebdrv - ok
18:20:48.0160 6584 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:20:48.0160 6584 EFS - ok
18:20:48.0238 6584 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:20:48.0254 6584 ehRecvr - ok
18:20:48.0270 6584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:20:48.0270 6584 ehSched - ok
18:20:48.0316 6584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:20:48.0332 6584 elxstor - ok
18:20:48.0348 6584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:20:48.0348 6584 ErrDev - ok
18:20:48.0426 6584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:20:48.0426 6584 EventSystem - ok
18:20:48.0519 6584 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:20:48.0535 6584 EvtEng - ok
18:20:48.0582 6584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:20:48.0597 6584 exfat - ok
18:20:48.0613 6584 ezSharedSvc - ok
18:20:48.0644 6584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:20:48.0644 6584 fastfat - ok
18:20:48.0706 6584 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:20:48.0706 6584 Fax - ok
18:20:48.0753 6584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:20:48.0753 6584 fdc - ok
18:20:48.0816 6584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:20:48.0816 6584 fdPHost - ok
18:20:48.0816 6584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:20:48.0816 6584 FDResPub - ok
18:20:48.0878 6584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:20:48.0878 6584 FileInfo - ok
18:20:48.0894 6584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:20:48.0894 6584 Filetrace - ok
18:20:48.0925 6584 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:20:48.0925 6584 FLEXnet Licensing Service - ok
18:20:49.0018 6584 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:20:49.0018 6584 FLEXnet Licensing Service 64 - ok
18:20:49.0065 6584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:20:49.0065 6584 flpydisk - ok
18:20:49.0081 6584 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:20:49.0096 6584 FltMgr - ok
18:20:49.0174 6584 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:20:49.0190 6584 FontCache - ok
18:20:49.0252 6584 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:20:49.0252 6584 FontCache3.0.0.0 - ok
18:20:49.0330 6584 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
18:20:49.0330 6584 FPLService - ok
18:20:49.0346 6584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:20:49.0346 6584 FsDepends - ok
18:20:49.0408 6584 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:20:49.0408 6584 Fs_Rec - ok
18:20:49.0455 6584 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:20:49.0455 6584 fvevol - ok
18:20:49.0518 6584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:20:49.0518 6584 gagp30kx - ok
18:20:49.0564 6584 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:20:49.0564 6584 GEARAspiWDM - ok
18:20:49.0627 6584 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:20:49.0627 6584 gpsvc - ok
18:20:49.0736 6584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:20:49.0752 6584 gupdate - ok
18:20:49.0752 6584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:20:49.0752 6584 gupdatem - ok
18:20:49.0798 6584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:20:49.0798 6584 hcw85cir - ok
18:20:49.0845 6584 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:20:49.0861 6584 HdAudAddService - ok
18:20:49.0892 6584 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:20:49.0892 6584 HDAudBus - ok
18:20:49.0908 6584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:20:49.0908 6584 HidBatt - ok
18:20:49.0923 6584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:20:49.0923 6584 HidBth - ok
18:20:49.0954 6584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:20:49.0954 6584 HidIr - ok
18:20:49.0970 6584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:20:49.0986 6584 hidserv - ok
18:20:50.0032 6584 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:20:50.0032 6584 HidUsb - ok
18:20:50.0079 6584 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:20:50.0095 6584 hkmsvc - ok
18:20:50.0142 6584 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:20:50.0142 6584 HomeGroupListener - ok
18:20:50.0157 6584 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:20:50.0173 6584 HomeGroupProvider - ok
18:20:50.0313 6584 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:20:50.0313 6584 HP Support Assistant Service - ok
18:20:50.0360 6584 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:20:50.0376 6584 HPClientSvc - ok
18:20:50.0454 6584 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
18:20:50.0469 6584 hpCMSrv - ok
18:20:50.0547 6584 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:20:50.0547 6584 HPDrvMntSvc.exe - ok
18:20:50.0578 6584 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:20:50.0578 6584 hpdskflt - ok
18:20:50.0641 6584 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:20:50.0656 6584 hpqwmiex - ok
18:20:50.0703 6584 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:20:50.0703 6584 HpSAMD - ok
18:20:50.0719 6584 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
18:20:50.0719 6584 hpsrv - ok
18:20:50.0812 6584 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:20:50.0812 6584 HPWMISVC - ok
18:20:50.0875 6584 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:20:50.0875 6584 HTTP - ok
18:20:50.0906 6584 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:20:50.0906 6584 hwpolicy - ok
18:20:50.0968 6584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:20:50.0968 6584 i8042prt - ok
18:20:51.0015 6584 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:20:51.0015 6584 iaStor - ok
18:20:51.0140 6584 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:20:51.0140 6584 IAStorDataMgrSvc - ok
18:20:51.0202 6584 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:20:51.0218 6584 iaStorV - ok
18:20:51.0312 6584 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:20:51.0405 6584 IconMan_R - ok
18:20:51.0452 6584 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:20:51.0468 6584 idsvc - ok
18:20:51.0514 6584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:20:51.0514 6584 iirsp - ok
18:20:51.0546 6584 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:20:51.0546 6584 IKEEXT - ok
18:20:51.0624 6584 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:20:51.0624 6584 IntcDAud - ok
18:20:51.0686 6584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:20:51.0686 6584 intelide - ok
18:20:51.0936 6584 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
18:20:52.0138 6584 intelkmd - ok
18:20:52.0170 6584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:20:52.0170 6584 intelppm - ok
18:20:52.0232 6584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:20:52.0232 6584 IPBusEnum - ok
18:20:52.0279 6584 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:52.0279 6584 IpFilterDriver - ok
18:20:52.0326 6584 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:20:52.0341 6584 iphlpsvc - ok
18:20:52.0357 6584 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:20:52.0357 6584 IPMIDRV - ok
18:20:52.0388 6584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:20:52.0388 6584 IPNAT - ok
18:20:52.0482 6584 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:20:52.0497 6584 iPod Service - ok
18:20:52.0544 6584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:20:52.0544 6584 IRENUM - ok
18:20:52.0591 6584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:20:52.0591 6584 isapnp - ok
18:20:52.0622 6584 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:20:52.0622 6584 iScsiPrt - ok
18:20:52.0669 6584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:20:52.0669 6584 kbdclass - ok
18:20:52.0716 6584 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:20:52.0716 6584 kbdhid - ok
18:20:52.0762 6584 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:20:52.0762 6584 KeyIso - ok
18:20:52.0778 6584 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:20:52.0778 6584 KSecDD - ok
18:20:52.0825 6584 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:20:52.0825 6584 KSecPkg - ok
18:20:52.0872 6584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:20:52.0872 6584 ksthunk - ok
18:20:52.0903 6584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:20:52.0903 6584 KtmRm - ok
18:20:52.0965 6584 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:20:52.0981 6584 LanmanServer - ok
18:20:52.0996 6584 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:52.0996 6584 LanmanWorkstation - ok
18:20:53.0059 6584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:20:53.0059 6584 lltdio - ok
18:20:53.0090 6584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:20:53.0090 6584 lltdsvc - ok
18:20:53.0152 6584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:20:53.0152 6584 lmhosts - ok
18:20:53.0246 6584 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:20:53.0246 6584 LMS - ok
18:20:53.0308 6584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:20:53.0308 6584 LSI_FC - ok
18:20:53.0371 6584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:20:53.0371 6584 LSI_SAS - ok
18:20:53.0371 6584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:20:53.0371 6584 LSI_SAS2 - ok
18:20:53.0386 6584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:20:53.0386 6584 LSI_SCSI - ok
18:20:53.0418 6584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:20:53.0418 6584 luafv - ok
18:20:53.0496 6584 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:20:53.0496 6584 Mcx2Svc - ok
18:20:53.0527 6584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:20:53.0527 6584 megasas - ok
18:20:53.0589 6584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:20:53.0589 6584 MegaSR - ok
18:20:53.0652 6584 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:20:53.0652 6584 MEIx64 - ok
18:20:53.0698 6584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:20:53.0714 6584 MMCSS - ok
18:20:53.0730 6584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:20:53.0730 6584 Modem - ok
18:20:53.0776 6584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:20:53.0776 6584 monitor - ok
18:20:53.0823 6584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:20:53.0839 6584 mouclass - ok
18:20:53.0886 6584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:20:53.0886 6584 mouhid - ok
18:20:53.0932 6584 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:20:53.0932 6584 mountmgr - ok
18:20:54.0042 6584 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:20:54.0042 6584 MozillaMaintenance - ok
18:20:54.0120 6584 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:20:54.0120 6584 MpFilter - ok
18:20:54.0151 6584 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:20:54.0151 6584 mpio - ok
18:20:54.0182 6584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:20:54.0182 6584 mpsdrv - ok
18:20:54.0213 6584 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:20:54.0229 6584 MpsSvc - ok
18:20:54.0244 6584 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:20:54.0260 6584 MRxDAV - ok
18:20:54.0291 6584 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:54.0291 6584 mrxsmb - ok
18:20:54.0307 6584 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:54.0307 6584 mrxsmb10 - ok
18:20:54.0322 6584 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:54.0322 6584 mrxsmb20 - ok
18:20:54.0354 6584 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:20:54.0354 6584 msahci - ok
18:20:54.0385 6584 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:20:54.0385 6584 msdsm - ok
18:20:54.0416 6584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:20:54.0416 6584 MSDTC - ok
18:20:54.0463 6584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:20:54.0463 6584 Msfs - ok
18:20:54.0510 6584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:20:54.0510 6584 mshidkmdf - ok
18:20:54.0525 6584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:20:54.0525 6584 msisadrv - ok
18:20:54.0541 6584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:20:54.0556 6584 MSiSCSI - ok
18:20:54.0556 6584 msiserver - ok
18:20:54.0603 6584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:20:54.0603 6584 MSKSSRV - ok
18:20:54.0697 6584 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:20:54.0697 6584 MsMpSvc - ok
18:20:54.0744 6584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:54.0744 6584 MSPCLOCK - ok
18:20:54.0744 6584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:20:54.0744 6584 MSPQM - ok
18:20:54.0759 6584 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:20:54.0759 6584 MsRPC - ok
18:20:54.0790 6584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:20:54.0790 6584 mssmbios - ok
18:20:54.0837 6584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:20:54.0837 6584 MSTEE - ok
18:20:54.0853 6584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:20:54.0853 6584 MTConfig - ok
18:20:54.0868 6584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:20:54.0868 6584 Mup - ok
18:20:54.0946 6584 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:20:54.0946 6584 MyWiFiDHCPDNS - ok
18:20:54.0978 6584 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:20:54.0978 6584 napagent - ok
18:20:55.0040 6584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:20:55.0056 6584 NativeWifiP - ok
18:20:55.0243 6584 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:20:55.0258 6584 NDIS - ok
18:20:55.0305 6584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:20:55.0305 6584 NdisCap - ok
18:20:55.0352 6584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:55.0352 6584 NdisTapi - ok
18:20:55.0368 6584 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:55.0368 6584 Ndisuio - ok
18:20:55.0383 6584 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:55.0383 6584 NdisWan - ok
18:20:55.0430 6584 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:20:55.0430 6584 NDProxy - ok
18:20:55.0477 6584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:20:55.0477 6584 NetBIOS - ok
18:20:55.0508 6584 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:20:55.0508 6584 NetBT - ok
18:20:55.0555 6584 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:20:55.0555 6584 Netlogon - ok
18:20:55.0617 6584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:20:55.0617 6584 Netman - ok
18:20:55.0680 6584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:20:55.0695 6584 NetMsmqActivator - ok
18:20:55.0711 6584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:20:55.0711 6584 NetPipeActivator - ok
18:20:55.0742 6584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:20:55.0758 6584 netprofm - ok
18:20:55.0773 6584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:20:55.0773 6584 NetTcpActivator - ok
18:20:55.0773 6584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:20:55.0773 6584 NetTcpPortSharing - ok
18:20:55.0960 6584 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
18:20:56.0085 6584 NETwNs64 - ok
18:20:56.0163 6584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:20:56.0163 6584 nfrd960 - ok
18:20:56.0210 6584 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:20:56.0210 6584 NisDrv - ok
18:20:56.0257 6584 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:20:56.0272 6584 NisSrv - ok
18:20:56.0319 6584 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:20:56.0319 6584 NlaSvc - ok
18:20:56.0382 6584 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
18:20:56.0382 6584 NPF - ok
18:20:56.0397 6584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:20:56.0397 6584 Npfs - ok
18:20:56.0428 6584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:20:56.0428 6584 nsi - ok
18:20:56.0444 6584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:20:56.0444 6584 nsiproxy - ok
18:20:56.0491 6584 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:20:56.0506 6584 Ntfs - ok
18:20:56.0538 6584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:20:56.0553 6584 Null - ok
18:20:56.0584 6584 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
18:20:56.0584 6584 nusb3hub - ok
18:20:56.0616 6584 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:20:56.0616 6584 nusb3xhc - ok
18:20:56.0678 6584 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
18:20:56.0694 6584 NVENETFD - ok
18:20:56.0740 6584 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:20:56.0756 6584 nvraid - ok
18:20:56.0772 6584 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:20:56.0772 6584 nvstor - ok
18:20:56.0818 6584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:20:56.0818 6584 nv_agp - ok
18:20:56.0896 6584 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:20:56.0912 6584 odserv - ok
18:20:56.0943 6584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:20:56.0943 6584 ohci1394 - ok
18:20:56.0990 6584 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:20:57.0006 6584 ose - ok
18:20:57.0021 6584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:20:57.0021 6584 p2pimsvc - ok
18:20:57.0052 6584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:20:57.0052 6584 p2psvc - ok
18:20:57.0084 6584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:20:57.0084 6584 Parport - ok
18:20:57.0115 6584 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:20:57.0146 6584 partmgr - ok
18:20:57.0193 6584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:20:57.0193 6584 PcaSvc - ok
18:20:57.0208 6584 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:20:57.0208 6584 pci - ok
18:20:57.0255 6584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:20:57.0255 6584 pciide - ok
18:20:57.0286 6584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:20:57.0286 6584 pcmcia - ok
18:20:57.0349 6584 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
18:20:57.0349 6584 pcouffin - ok
18:20:57.0380 6584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:20:57.0380 6584 pcw - ok
18:20:57.0396 6584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:20:57.0411 6584 PEAUTH - ok
18:20:57.0536 6584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:20:57.0536 6584 PerfHost - ok
18:20:57.0567 6584 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:20:57.0583 6584 pla - ok
18:20:57.0661 6584 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:20:57.0661 6584 PlugPlay - ok
18:20:57.0692 6584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:20:57.0692 6584 PNRPAutoReg - ok
18:20:57.0739 6584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:20:57.0754 6584 PNRPsvc - ok
18:20:57.0786 6584 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:20:57.0786 6584 PolicyAgent - ok
18:20:57.0848 6584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:20:57.0848 6584 Power - ok
18:20:57.0895 6584 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:20:57.0895 6584 PptpMiniport - ok
18:20:57.0910 6584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:20:57.0910 6584 Processor - ok
18:20:57.0957 6584 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:20:57.0957 6584 ProfSvc - ok
18:20:57.0973 6584 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:20:57.0973 6584 ProtectedStorage - ok
18:20:58.0020 6584 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:20:58.0035 6584 Psched - ok
18:20:58.0098 6584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:20:58.0129 6584 ql2300 - ok
18:20:58.0144 6584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:20:58.0144 6584 ql40xx - ok
18:20:58.0176 6584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:20:58.0176 6584 QWAVE - ok
18:20:58.0191 6584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:20:58.0191 6584 QWAVEdrv - ok
18:20:58.0222 6584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:20:58.0222 6584 RasAcd - ok
18:20:58.0269 6584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:20:58.0285 6584 RasAgileVpn - ok
18:20:58.0347 6584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:20:58.0347 6584 RasAuto - ok
18:20:58.0394 6584 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:58.0394 6584 Rasl2tp - ok
18:20:58.0456 6584 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:20:58.0456 6584 RasMan - ok
18:20:58.0472 6584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:58.0472 6584 RasPppoe - ok
18:20:58.0519 6584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:20:58.0519 6584 RasSstp - ok
18:20:58.0550 6584 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:20:58.0550 6584 rdbss - ok
18:20:58.0566 6584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:20:58.0566 6584 rdpbus - ok
18:20:58.0612 6584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:58.0612 6584 RDPCDD - ok
18:20:58.0628 6584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:20:58.0628 6584 RDPENCDD - ok
18:20:58.0644 6584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:20:58.0644 6584 RDPREFMP - ok
18:20:58.0675 6584 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:20:58.0675 6584 RDPWD - ok
18:20:58.0737 6584 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:20:58.0737 6584 rdyboost - ok
18:20:58.0862 6584 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:20:58.0878 6584 RegSrvc - ok
18:20:58.0893 6584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:20:58.0893 6584 RemoteAccess - ok
18:20:58.0956 6584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:20:58.0971 6584 RemoteRegistry - ok
18:20:59.0049 6584 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
18:20:59.0049 6584 RoxioNow Service - ok
18:20:59.0080 6584 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
18:20:59.0080 6584 rpcapd - ok
18:20:59.0112 6584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:20:59.0112 6584 RpcEptMapper - ok
18:20:59.0127 6584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:20:59.0127 6584 RpcLocator - ok
18:20:59.0143 6584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:20:59.0143 6584 RpcSs - ok
18:20:59.0221 6584 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
18:20:59.0221 6584 RSPCIESTOR - ok
18:20:59.0268 6584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:20:59.0268 6584 rspndr - ok
18:20:59.0314 6584 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:20:59.0314 6584 RTL8167 - ok
18:20:59.0330 6584 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:20:59.0346 6584 SamSs - ok
18:20:59.0424 6584 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:20:59.0424 6584 SASDIFSV - ok
18:20:59.0486 6584 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:20:59.0486 6584 SASKUTIL - ok
18:20:59.0626 6584 [ F444EBA4C58AD1D6D1DA9850C2B5D829 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
18:20:59.0626 6584 SbieDrv - ok
18:20:59.0720 6584 [ 9E92ABAE6F6A63C4307FE7CC4AC95831 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
18:20:59.0720 6584 SbieSvc - ok
18:20:59.0751 6584 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:20:59.0751 6584 sbp2port - ok
18:20:59.0767 6584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:20:59.0782 6584 SCardSvr - ok
18:20:59.0798 6584 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:20:59.0798 6584 scfilter - ok
18:20:59.0829 6584 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:20:59.0845 6584 Schedule - ok
18:20:59.0860 6584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:20:59.0876 6584 SCPolicySvc - ok
18:20:59.0923 6584 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:20:59.0923 6584 sdbus - ok
18:20:59.0954 6584 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:20:59.0954 6584 SDRSVC - ok
18:21:00.0001 6584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:21:00.0001 6584 secdrv - ok
18:21:00.0016 6584 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:21:00.0016 6584 seclogon - ok
18:21:00.0063 6584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:21:00.0079 6584 SENS - ok
18:21:00.0110 6584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:21:00.0110 6584 SensrSvc - ok
18:21:00.0172 6584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:21:00.0172 6584 Serenum - ok
18:21:00.0219 6584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:21:00.0219 6584 Serial - ok
18:21:00.0266 6584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:21:00.0266 6584 sermouse - ok
18:21:00.0297 6584 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:21:00.0297 6584 SessionEnv - ok
18:21:00.0328 6584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:21:00.0328 6584 sffdisk - ok
18:21:00.0344 6584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:21:00.0344 6584 sffp_mmc - ok
18:21:00.0360 6584 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:21:00.0360 6584 sffp_sd - ok
18:21:00.0422 6584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:21:00.0422 6584 sfloppy - ok
18:21:00.0438 6584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:21:00.0453 6584 SharedAccess - ok
18:21:00.0469 6584 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:21:00.0484 6584 ShellHWDetection - ok
18:21:00.0531 6584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:21:00.0531 6584 SiSRaid2 - ok
18:21:00.0562 6584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:21:00.0562 6584 SiSRaid4 - ok
18:21:00.0594 6584 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:21:00.0609 6584 SkypeUpdate - ok
18:21:00.0656 6584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:21:00.0656 6584 Smb - ok
18:21:00.0718 6584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:21:00.0718 6584 SNMPTRAP - ok
18:21:00.0734 6584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:21:00.0734 6584 spldr - ok
18:21:00.0765 6584 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:21:00.0781 6584 Spooler - ok
18:21:00.0859 6584 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:21:00.0906 6584 sppsvc - ok
18:21:00.0937 6584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:21:00.0937 6584 sppuinotify - ok
18:21:00.0968 6584 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:21:00.0984 6584 srv - ok
18:21:00.0999 6584 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:21:00.0999 6584 srv2 - ok
18:21:01.0062 6584 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:21:01.0062 6584 SrvHsfHDA - ok
18:21:01.0093 6584 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:21:01.0108 6584 SrvHsfV92 - ok
18:21:01.0186 6584 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:21:01.0202 6584 SrvHsfWinac - ok
18:21:01.0233 6584 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:21:01.0233 6584 srvnet - ok
18:21:01.0296 6584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:21:01.0296 6584 SSDPSRV - ok
18:21:01.0311 6584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:21:01.0311 6584 SstpSvc - ok
18:21:01.0405 6584 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
18:21:01.0420 6584 STacSV - ok
18:21:01.0436 6584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:21:01.0436 6584 stexstor - ok
18:21:01.0530 6584 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
18:21:01.0530 6584 STHDA - ok
18:21:01.0592 6584 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:21:01.0608 6584 stisvc - ok
18:21:01.0654 6584 [ D2FBE517D8FE03552E9C6CF91C1540D2 ] StkCMini C:\Windows\system32\Drivers\StkCMini.sys
18:21:01.0701 6584 StkCMini - ok
18:21:01.0717 6584 [ 0E447EF3CC90B32BA478093B998C48FD ] StkSSrv C:\Windows\System32\StkCSrv.exe
18:21:01.0732 6584 StkSSrv - ok
18:21:01.0748 6584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:21:01.0764 6584 swenum - ok
18:21:01.0779 6584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:21:01.0795 6584 swprv - ok
18:21:01.0873 6584 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:21:01.0873 6584 SynTP - ok
18:21:01.0966 6584 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:21:01.0982 6584 SysMain - ok
18:21:01.0998 6584 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:21:01.0998 6584 TabletInputService - ok
18:21:02.0029 6584 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:21:02.0029 6584 TapiSrv - ok
18:21:02.0044 6584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:21:02.0044 6584 TBS - ok
18:21:02.0107 6584 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:21:02.0122 6584 Tcpip - ok
18:21:02.0200 6584 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:21:02.0216 6584 TCPIP6 - ok
18:21:02.0247 6584 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:21:02.0247 6584 tcpipreg - ok
18:21:02.0263 6584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:21:02.0263 6584 TDPIPE - ok
18:21:02.0294 6584 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:21:02.0294 6584 TDTCP - ok
18:21:02.0341 6584 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:21:02.0356 6584 tdx - ok
18:21:02.0356 6584 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:21:02.0356 6584 TermDD - ok
18:21:02.0388 6584 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:21:02.0403 6584 TermService - ok
18:21:02.0419 6584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:21:02.0419 6584 Themes - ok
18:21:02.0434 6584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:21:02.0434 6584 THREADORDER - ok
18:21:02.0497 6584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:21:02.0512 6584 TrkWks - ok
18:21:02.0544 6584 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:21:02.0544 6584 TrustedInstaller - ok
18:21:02.0575 6584 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:21:02.0575 6584 tssecsrv - ok
18:21:02.0606 6584 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:21:02.0606 6584 TsUsbFlt - ok
18:21:02.0622 6584 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:21:02.0622 6584 TsUsbGD - ok
18:21:02.0668 6584 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:21:02.0668 6584 tunnel - ok
18:21:02.0700 6584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:21:02.0700 6584 uagp35 - ok
18:21:02.0715 6584 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:21:02.0715 6584 udfs - ok
18:21:02.0746 6584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:21:02.0746 6584 UI0Detect - ok
18:21:02.0793 6584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:21:02.0793 6584 uliagpkx - ok
18:21:02.0856 6584 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:21:02.0856 6584 umbus - ok
18:21:02.0918 6584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:21:02.0918 6584 UmPass - ok
18:21:03.0012 6584 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:21:03.0043 6584 UNS - ok
18:21:03.0058 6584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:21:03.0074 6584 upnphost - ok
18:21:03.0121 6584 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:21:03.0136 6584 USBAAPL64 - ok
18:21:03.0199 6584 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:21:03.0199 6584 usbaudio - ok
18:21:03.0261 6584 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:21:03.0277 6584 usbccgp - ok
18:21:03.0324 6584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:21:03.0339 6584 usbcir - ok
18:21:03.0386 6584 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:21:03.0386 6584 usbehci - ok
18:21:03.0433 6584 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:21:03.0433 6584 usbhub - ok
18:21:03.0448 6584 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:21:03.0448 6584 usbohci - ok
18:21:03.0495 6584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:21:03.0495 6584 usbprint - ok
18:21:03.0558 6584 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:21:03.0558 6584 USBSTOR - ok
18:21:03.0589 6584 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:21:03.0589 6584 usbuhci - ok
18:21:03.0651 6584 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:21:03.0667 6584 usbvideo - ok
18:21:03.0682 6584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:21:03.0698 6584 UxSms - ok
18:21:03.0729 6584 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:21:03.0745 6584 VaultSvc - ok
18:21:03.0760 6584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:21:03.0760 6584 vdrvroot - ok
18:21:03.0792 6584 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:21:03.0792 6584 vds - ok
18:21:03.0823 6584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:21:03.0823 6584 vga - ok
18:21:03.0838 6584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:21:03.0838 6584 VgaSave - ok
18:21:03.0870 6584 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:21:03.0870 6584 vhdmp - ok
18:21:03.0916 6584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:21:03.0916 6584 viaide - ok
18:21:03.0963 6584 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:21:03.0963 6584 volmgr - ok
18:21:03.0994 6584 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:21:03.0994 6584 volmgrx - ok
18:21:04.0010 6584 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:21:04.0026 6584 volsnap - ok
18:21:04.0072 6584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:21:04.0072 6584 vsmraid - ok
18:21:04.0119 6584 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:21:04.0135 6584 VSS - ok
18:21:04.0150 6584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:21:04.0150 6584 vwifibus - ok
18:21:04.0213 6584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:21:04.0213 6584 vwififlt - ok
18:21:04.0260 6584 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:21:04.0275 6584 vwifimp - ok
18:21:04.0322 6584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:21:04.0338 6584 W32Time - ok
18:21:04.0353 6584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:21:04.0353 6584 WacomPen - ok
18:21:04.0416 6584 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:21:04.0416 6584 WANARP - ok
18:21:04.0416 6584 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:21:04.0416 6584 Wanarpv6 - ok
18:21:04.0494 6584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:21:04.0509 6584 WatAdminSvc - ok
18:21:04.0556 6584 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:21:04.0572 6584 wbengine - ok
18:21:04.0603 6584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:21:04.0603 6584 WbioSrvc - ok
18:21:04.0618 6584 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:21:04.0618 6584 wcncsvc - ok
18:21:04.0634 6584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:21:04.0650 6584 WcsPlugInService - ok
18:21:04.0665 6584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:21:04.0665 6584 Wd - ok
18:21:04.0696 6584 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:21:04.0712 6584 Wdf01000 - ok
18:21:04.0743 6584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:21:04.0743 6584 WdiServiceHost - ok
18:21:04.0743 6584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:21:04.0743 6584 WdiSystemHost - ok
18:21:04.0806 6584 [ 5E1640435DD54D00451156CA5340B109 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
18:21:04.0806 6584 wdkmd - ok
18:21:04.0821 6584 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:21:04.0821 6584 WebClient - ok
18:21:04.0852 6584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:21:04.0852 6584 Wecsvc - ok
18:21:04.0868 6584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:21:04.0868 6584 wercplsupport - ok
18:21:04.0930 6584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:21:04.0930 6584 WerSvc - ok
18:21:04.0977 6584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:21:04.0977 6584 WfpLwf - ok
18:21:05.0024 6584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:21:05.0024 6584 WIMMount - ok
18:21:05.0040 6584 WinDefend - ok
18:21:05.0040 6584 WinHttpAutoProxySvc - ok
18:21:05.0086 6584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:21:05.0086 6584 Winmgmt - ok
18:21:05.0180 6584 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:21:05.0211 6584 WinRM - ok
18:21:05.0289 6584 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
18:21:05.0289 6584 WinUsb - ok
18:21:05.0320 6584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:21:05.0336 6584 Wlansvc - ok
18:21:05.0398 6584 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:21:05.0398 6584 wlcrasvc - ok
18:21:05.0476 6584 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:21:05.0508 6584 wlidsvc - ok
18:21:05.0523 6584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:21:05.0523 6584 WmiAcpi - ok
18:21:05.0554 6584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:21:05.0554 6584 wmiApSrv - ok
18:21:05.0570 6584 WMPNetworkSvc - ok
18:21:05.0617 6584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:21:05.0617 6584 WPCSvc - ok
18:21:05.0632 6584 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:21:05.0648 6584 WPDBusEnum - ok
18:21:05.0664 6584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:21:05.0664 6584 ws2ifsl - ok
18:21:05.0695 6584 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:21:05.0695 6584 wscsvc - ok
18:21:05.0695 6584 WSearch - ok
18:21:05.0773 6584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:21:05.0788 6584 wuauserv - ok
18:21:05.0820 6584 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:21:05.0820 6584 WudfPf - ok
18:21:05.0866 6584 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:21:05.0866 6584 WUDFRd - ok
18:21:05.0898 6584 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:21:05.0898 6584 wudfsvc - ok
18:21:05.0913 6584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:21:05.0913 6584 WwanSvc - ok
18:21:05.0960 6584 ================ Scan global ===============================
18:21:05.0991 6584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:21:06.0022 6584 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:21:06.0038 6584 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:21:06.0069 6584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:21:06.0085 6584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:21:06.0085 6584 [Global] - ok
18:21:06.0085 6584 ================ Scan MBR ==================================
18:21:06.0100 6584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:21:06.0319 6584 \Device\Harddisk0\DR0 - ok
18:21:06.0319 6584 ================ Scan VBR ==================================
18:21:06.0319 6584 [ 278764E342AE9826F515F99072F5E531 ] \Device\Harddisk0\DR0\Partition1
18:21:06.0319 6584 \Device\Harddisk0\DR0\Partition1 - ok
18:21:06.0334 6584 [ 3594864B253D60DAAC04509B06D624C0 ] \Device\Harddisk0\DR0\Partition2
18:21:06.0334 6584 \Device\Harddisk0\DR0\Partition2 - ok
18:21:06.0366 6584 [ 30F8046B2AB6988566AFBD94BA7839B3 ] \Device\Harddisk0\DR0\Partition3
18:21:06.0366 6584 \Device\Harddisk0\DR0\Partition3 - ok
18:21:06.0381 6584 [ 2D7F9975D8650441207C56B1365EC380 ] \Device\Harddisk0\DR0\Partition4
18:21:06.0381 6584 \Device\Harddisk0\DR0\Partition4 - ok
18:21:06.0381 6584 ============================================================
18:21:06.0381 6584 Scan finished
18:21:06.0381 6584 ============================================================
18:21:06.0397 6396 Detected object count: 0
18:21:06.0397 6396 Actual detected object count: 0
18:34:52.0949 7416 Deinitialize success
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

OTL Report

Unread postby bonnie » November 9th, 2012, 9:09 am

OTL logfile created on: 11/9/2012 7:50:22 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.54% Memory free
15.90 Gb Paging File | 14.11 Gb Available in Paging File | 88.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 542.85 Gb Free Space | 79.38% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: ROBERT-HP | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/11/08 18:04:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
PRC - [2012/10/27 07:41:52 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/11 11:24:35 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 13:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/08 14:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/11/08 22:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 06:11:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/14 05:09:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 05:09:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 05:09:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 08:10:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/05/12 05:14:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 05:13:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 05:13:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 05:13:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 05:13:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 05:13:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/19 19:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/08 05:41:59 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/08/25 15:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/06/12 12:34:59 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/29 14:19:55 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/11/29 14:19:52 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/12 15:36:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2012/11/02 06:52:44 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/29 14:17:50 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/12 15:34:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 20:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/25 15:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/12 12:35:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/06/12 12:34:59 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/12 12:34:59 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/29 14:19:55 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/29 14:17:50 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/11/29 14:16:20 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/11/29 14:16:20 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/13 06:34:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 19:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/06/28 08:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110913&iesrc={referrer:source}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:7.0.3.5
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: gvoice@elijahclark.com:5.2
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.9
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - prefs.js..extensions.enabledItems: downintab@max.max:1.00
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: craigzilla@studioshorts.com:1.1.1
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.gopher: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.http: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.ssl: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 13:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/31 08:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/08 14:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 14:22:10 | 000,000,000 | ---D | M]

[2012/09/21 16:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Extensions
[2012/10/31 10:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions
[2012/10/09 07:48:40 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/10/31 08:59:24 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/06/25 16:32:57 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/08/01 06:02:36 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/08/26 09:33:26 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/09/25 12:13:01 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com
[2012/09/19 09:33:50 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\amznUWL2@amazon.com.xpi
[2011/09/12 12:17:53 | 000,183,939 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\autoproxy@autoproxy.org.xpi
[2012/03/30 08:36:21 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\checkplaces@andyhalford.com.xpi
[2011/09/12 12:17:49 | 000,063,300 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\craigzilla@studioshorts.com.xpi
[2011/09/12 12:17:54 | 000,019,018 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\downintab@max.max.xpi
[2012/09/05 09:17:38 | 000,027,538 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\gvoice@elijahclark.com.xpi
[2012/01/07 07:41:32 | 000,207,020 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\seostatus@rubyweb.xpi
[2011/09/12 12:17:54 | 000,242,569 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2011/09/12 12:17:55 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012/10/31 10:48:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/10 22:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2011/09/13 06:58:19 | 000,001,945 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins\bing-zugo.xml
[2012/09/21 15:40:37 | 000,002,519 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins\Search_Results.xml
[2012/11/02 06:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/02 06:52:28 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/11/02 06:52:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/14 13:41:55 | 000,216,720 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/10/27 07:42:01 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/02 06:52:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/21 15:40:37 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/11/02 06:52:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... 06&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/02/16 05:58:50 | 000,441,357 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15167 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} http://www.iradiopop.com/IRD/INDBrowser.CAB (INDBrowser Control)
O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB (VBIRDPlayer.Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8310BB86-6F61-479B-892F-306AB678E156}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell - "" = AutoRun
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell\AutoRun\command - "" = G:\TVRadio.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/09 07:38:25 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\RK_Quarantine
[2012/11/08 18:04:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2012/11/08 18:02:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2012/11/08 14:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 09:12:29 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2012/11/02 06:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/31 08:36:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/30 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/10/30 18:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/10/27 07:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/19 19:56:31 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\HP
[2012/10/19 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\AuthenTec
[2012/10/18 11:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/10/17 09:43:56 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011/09/13 06:34:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\robert\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/11/09 07:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 07:32:55 | 000,666,112 | ---- | M] () -- C:\Users\robert\Desktop\RogueKiller.exe
[2012/11/09 07:31:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000UA.job
[2012/11/09 07:18:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 07:18:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 07:12:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 07:11:14 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrobert.job
[2012/11/09 07:10:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/09 07:10:28 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/08 18:04:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2012/11/08 18:04:02 | 000,681,984 | ---- | M] () -- C:\Users\robert\Desktop\CKScanner.exe
[2012/11/08 18:02:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2012/11/08 12:35:15 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000Core.job
[2012/11/08 09:12:33 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2012/11/07 08:30:12 | 000,042,032 | ---- | M] () -- C:\Users\robert\Desktop\adobe-error.jpg
[2012/11/07 05:33:42 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/07 05:33:42 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/07 05:33:42 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/05 14:01:32 | 005,511,843 | ---- | M] () -- C:\Users\robert\Desktop\The E-Minis Unfair Advantage.pdf
[2012/11/05 10:11:34 | 000,002,176 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/11/03 09:39:01 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/03 09:39:01 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/01 17:24:28 | 010,083,110 | ---- | M] () -- C:\Users\robert\Desktop\responding-to-climate-change-synthesis.pdf
[2012/10/27 07:42:10 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/10/27 07:41:57 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/10/27 07:41:57 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/10/27 07:41:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 12:21:15 | 000,001,861 | ---- | M] () -- C:\Users\robert\Desktop\thinkorswim from TD AMERITRADE.lnk
[2012/10/22 13:23:30 | 000,000,107 | ---- | M] () -- C:\Users\robert\Desktop\Learning Center.URL
[2012/10/18 18:28:05 | 001,582,136 | ---- | M] () -- C:\Users\robert\Desktop\LFS-BOOK-7.0.pdf
[2012/10/18 18:26:47 | 001,574,765 | ---- | M] () -- C:\Users\robert\Desktop\gmail-guide.pdf
[2012/10/13 15:14:49 | 000,138,214 | ---- | M] () -- C:\Users\robert\Desktop\Tina_Logans_Advice_To_Novice_Traders.pdf
[2012/10/13 15:10:01 | 002,997,967 | ---- | M] () -- C:\Users\robert\Desktop\JoeVitale-AttractMoneyNow.pdf
[2012/10/13 15:04:31 | 000,803,250 | ---- | M] () -- C:\Users\robert\Desktop\Caloriegate.pdf
[2012/10/12 07:22:20 | 002,261,443 | ---- | M] () -- C:\Users\robert\Desktop\sfuserguide2_0.pdf

========== Files Created - No Company Name ==========

[2012/11/09 07:32:51 | 000,666,112 | ---- | C] () -- C:\Users\robert\Desktop\RogueKiller.exe
[2012/11/08 18:04:00 | 000,681,984 | ---- | C] () -- C:\Users\robert\Desktop\CKScanner.exe
[2012/11/07 08:29:59 | 000,042,032 | ---- | C] () -- C:\Users\robert\Desktop\adobe-error.jpg
[2012/11/05 14:01:16 | 005,511,843 | ---- | C] () -- C:\Users\robert\Desktop\The E-Minis Unfair Advantage.pdf
[2012/11/01 17:24:28 | 010,083,110 | ---- | C] () -- C:\Users\robert\Desktop\responding-to-climate-change-synthesis.pdf
[2012/10/22 13:23:30 | 000,000,107 | ---- | C] () -- C:\Users\robert\Desktop\Learning Center.URL
[2012/10/18 18:28:05 | 001,582,136 | ---- | C] () -- C:\Users\robert\Desktop\LFS-BOOK-7.0.pdf
[2012/10/18 18:26:46 | 001,574,765 | ---- | C] () -- C:\Users\robert\Desktop\gmail-guide.pdf
[2012/10/13 15:14:49 | 000,138,214 | ---- | C] () -- C:\Users\robert\Desktop\Tina_Logans_Advice_To_Novice_Traders.pdf
[2012/10/13 15:10:01 | 002,997,967 | ---- | C] () -- C:\Users\robert\Desktop\JoeVitale-AttractMoneyNow.pdf
[2012/10/13 15:04:28 | 000,803,250 | ---- | C] () -- C:\Users\robert\Desktop\Caloriegate.pdf
[2012/10/12 07:22:20 | 002,261,443 | ---- | C] () -- C:\Users\robert\Desktop\sfuserguide2_0.pdf
[2012/09/23 16:44:40 | 000,002,176 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/02 09:26:07 | 000,000,288 | ---- | C] () -- C:\Users\robert\AppData\Roaming\.backup.dm
[2012/08/19 15:45:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2012/08/19 15:45:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2012/08/19 15:45:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2012/07/11 07:32:01 | 000,000,076 | ---- | C] () -- C:\Windows\Setup Wizard.INI
[2012/06/12 12:36:08 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/12 12:36:08 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/12 12:36:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/12 12:36:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/14 14:17:56 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2012/02/15 07:47:00 | 000,007,608 | ---- | C] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg
[2011/12/21 11:13:39 | 000,005,120 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 11:13:13 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/21 11:13:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/21 11:12:58 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/21 11:12:18 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011/11/01 18:55:31 | 000,060,304 | ---- | C] () -- C:\Users\robert\g2mdlhlpx.exe
[2011/09/30 21:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/21 21:11:17 | 000,000,115 | ---- | C] () -- C:\Windows\iwatch.ini
[2011/09/19 10:31:04 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011/09/13 06:34:42 | 000,007,859 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.cat
[2011/09/13 06:34:42 | 000,001,167 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.inf
[2011/09/12 09:43:50 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/05 16:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/05 16:46:22 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/05 16:45:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/05 16:41:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/21 14:43:27 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/25 17:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/02/22 18:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2012/08/10 22:32:56 | 000,000,596 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/03 15:43:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\avidemux
[2012/06/21 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\calibre
[2011/12/06 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\CintaNotes
[2011/11/23 20:11:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2012/11/09 07:12:30 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Dropbox
[2012/09/01 15:08:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\f-secure
[2012/03/28 09:14:12 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\FileZilla
[2011/11/30 06:31:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\funkitron
[2011/09/14 22:00:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IDT
[2012/10/10 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ImgBurn
[2011/09/13 06:50:45 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IrfanView
[2012/03/27 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\KompoZer
[2011/12/28 09:28:36 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Mobipocket
[2011/12/28 11:44:21 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Notepad++
[2011/10/02 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\OpenOffice.org
[2011/12/22 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\OverDrive
[2011/12/11 13:48:29 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PrimoPDF
[2011/11/02 20:24:33 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\RampRT
[2011/11/02 20:00:31 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\RegServers
[2012/09/02 09:30:16 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SanDisk SecureAccess
[2012/03/27 19:21:26 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SEO Backlink Checker
[2012/05/05 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Stellarium
[2011/09/12 09:34:34 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Synaptics
[2012/06/25 06:00:06 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SystemRequirementsLab
[2011/09/13 06:34:59 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Vso
[2012/05/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WebApp
[2011/11/09 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Windows Live Writer
[2011/09/13 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WordWeb
[2011/09/13 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========



< End of report >
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Extras Report

Unread postby bonnie » November 9th, 2012, 9:10 am

OTL Extras logfile created on: 11/9/2012 7:50:22 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.54% Memory free
15.90 Gb Paging File | 14.11 Gb Available in Paging File | 88.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 542.85 Gb Free Space | 79.38% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: ROBERT-HP | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00417936-032D-4942-97DC-BE2EAA280776}" = lport=137 | protocol=17 | dir=in | app=system |
"{177123BF-47FF-41FE-8349-44D1EA338F3A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{29AE13EC-3085-4A90-B564-E1BB8B64DC26}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A78443E-34E5-46BF-B522-C3447B49AB71}" = rport=138 | protocol=17 | dir=out | app=system |
"{2D08D80E-568C-45B5-96D7-F3E8AA1245EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2F779211-F841-452E-BA05-CFBE21CCD6F8}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3A027150-1368-4FE4-A8B8-9B6AF833E2C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{55B54AEE-488E-48A9-BAB1-7A446A90F831}" = lport=138 | protocol=17 | dir=in | app=system |
"{58082316-27F8-4F97-A28E-11ABCF3EA8EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C032DAE-3740-49E7-81E9-8AD06D562C94}" = rport=445 | protocol=6 | dir=out | app=system |
"{62E54321-5182-4E24-8391-EE05B126332F}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{644FBB2E-7A52-4F58-913F-213586430C5D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{655FD17F-E275-46F2-8683-AC8EAC9A7978}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{677A7480-5114-4BBD-BD76-FCAEA067B46B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{727EC74D-5F69-4542-9232-482D8FA0C21D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F4ED2B4-BBF9-4CA5-8EB1-BFC282A25FA6}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{82B20512-E824-41FD-A71C-5E8B7ECA67EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{91E701A1-686B-4587-BA98-16B8DA3028D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{A4434578-0F65-4073-9D0D-96CF7A796ADF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C2804859-D6D6-4C65-BA4E-B1AD0C986053}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E532F5BD-6DB0-45F0-A6BF-33CF48589943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8DA49A-9438-48CA-93BF-1CAD73DB6C7B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0AD2C35A-6D71-46C4-AED5-A9445F8ECE50}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D8E72A3-7D1C-4D87-80EC-E1DB43C15816}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{18BC55AF-21C9-4129-A75E-B13198BC0486}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1E543E7D-F9D4-4060-9896-AAAA2F8BAF5A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{2A8EA6BA-4F39-4E3C-BC1B-C38EC299585D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{317C1EB3-A653-40DA-943E-5773F026DC1C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3515A621-3BEF-4216-8238-7C34DA3D5E0A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{469E7FA6-8835-4D3A-971F-0637188F4969}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{54E8B167-0B45-44C1-8DF3-9500776B81A0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6FA82F8C-274F-4467-99D1-95602CC0545E}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{738CEB08-F687-4F47-9793-2C369B94EF43}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{77D7C794-AE1D-4E44-95B4-A6DFBA3D7E63}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{78A40D94-D42C-4766-94AF-7D03F29BAD79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{86AF4F9B-F416-49B0-8D32-EDAD92A5E9D0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9EDA278D-1263-47F1-AC93-0AE70F780010}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{A50366EE-ED8C-4D8B-A75C-33E0EFA262F0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A8250C84-E832-43B8-B817-5DC4EE32E3F6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BBCDCCCB-172C-41D2-B72A-484F648E6FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BEDCD25D-6F42-452F-8070-2AEEDEBCCDC0}" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C634149D-2840-4105-B470-262859F3E072}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD36D2B7-F2C6-4383-BD10-D857F2DD85FC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2EE4647-263B-4861-8645-C6F1E0EFCB42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D7776677-CD4C-465A-8017-7F99230EFD62}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E02D752D-2CC6-4EBE-A037-2C4133F3D58A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E248442D-ACB2-4DE2-B52E-625F57627040}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{E47CD307-7A90-44C5-98FD-DCDD122D6481}" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E8E4F810-9E4B-4680-9169-7CC3E414DE06}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{F1501188-3896-4CFC-9BB5-F3A0B680076B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F190AF56-4F9A-4036-87F6-6A976416165E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F6227FE2-2E02-4575-B576-2AEE16C8F655}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{F81DB3FF-48CF-4B03-9E61-EA74B9BCE4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{F8839607-756E-4710-A691-1F5CDD45AAFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9C300F8-DF28-4FE0-AFFE-718F8E01D2AC}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"TCP Query User{813E6DF8-E3D6-4A7C-B183-29F613EA8949}G:\tvradio.exe" = protocol=6 | dir=in | app=g:\tvradio.exe |
"TCP Query User{939AE9C9-5BCB-44FC-BAD4-9E05F912AECE}C:\program files (x86)\microsoft office\office12\excel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\excel.exe |
"TCP Query User{A61A0227-0049-4C28-A9B6-016BFF2EC4FB}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A8C3BF72-FD86-461D-85ED-892A0B2DC905}C:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{C99F5B99-23B4-4784-9439-C5364328B411}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{D12F9ABA-B57D-442F-96DE-ADD601E171CD}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{01F1332C-E848-4489-BEB9-856B8DE43B4A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{260C2F63-A20D-4D7A-BE02-6E5F522029FB}C:\program files (x86)\microsoft office\office12\excel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\excel.exe |
"UDP Query User{34C32CD3-701A-4170-8D3B-EA9511B196B5}G:\tvradio.exe" = protocol=17 | dir=in | app=g:\tvradio.exe |
"UDP Query User{4096FC23-38FE-4213-A283-463061A9134A}C:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{59BCB70A-CE7C-4E81-865A-9A0AA91881BA}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6D7911D9-CA70-4E42-B378-EF0B75A50F7B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Sandboxie" = Sandboxie 3.74 (64-bit)
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0296D4D2-DA68-2DFD-5AC1-6FB04354A86E}" = PX Profile Update
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional
"{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian
"{180CAD6C-B0ED-42A9-8C4A-CF49C6682A06}_is1" = Free Screen Video Capture by Topviewsoft 4.1.7
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian
"{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel(R) Wireless Display
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian
"{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy
"{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}" = calibre
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish
"{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish
"{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish
"{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECA76BEF-EE19-4C12-8C11-AD3B11B23176}" = TA-Lib Pro Excel
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Amazon Kindle" = Amazon Kindle
"AMCap" = AMCap
"AutoHotkey" = AutoHotkey 1.1.04.00
"Avi2Dvd" = Avi2Dvd 0.6.4
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"CamStudio" = CamStudio
"CintaNotes_is1" = CintaNotes 1.5.2
"ClipX" = ClipX
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"DVDFab 7_is1" = DVDFab 7.0.8.0 (14/07/2010)
"EasyBits Magic Desktop" = Magic Desktop
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"FileZilla Client" = FileZilla Client 3.5.3
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"IrfanView" = IrfanView (remove only)
"KeepNote_is1" = KeepNote 0.7.4
"KeyNote_is1" = KeyNote 1.6.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Print Server Driver" = Print Server Driver
"ProInst" = Intel PROSet Wireless
"QuoteTracker_is1" = QuoteTracker
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 15.0" = RealPlayer
"ResourceHacker_is1" = Resource Hacker Version 3.5.2
"Security Task Manager" = Security Task Manager 1.8d
"SendToKindle" = Amazon Send to Kindle
"SEO Backlink Checker_is1" = SEO Backlink Checker 1.0
"Stellarium_is1" = Stellarium 0.11.2
"TA-Lib Pro Excel" = TA-Lib Pro Excel 2.5.0
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"TraderXL Pro Package_is1" = TraderXL Pro Package 6.1.35
"TraderXL_is1" = TraderXL 1.0.16
"USB2.0 ATV" = USB2.0 ATV
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"WordWeb" = WordWeb Pro
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2012 6:59:54 AM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/25/2012 1:14:57 PM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/26/2012 6:38:46 AM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/27/2012 7:09:21 AM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/27/2012 8:53:20 PM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2012 5:57:17 AM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/29/2012 6:35:34 AM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/29/2012 8:31:32 AM | Computer Name = robert-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/29/2012 8:31:32 AM | Computer Name = robert-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 8/29/2012 8:31:32 AM | Computer Name = robert-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 8/29/2012 6:22:08 PM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 12/3/2011 10:35:06 PM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/24/2012 2:31:27 PM | Computer Name = robert-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 4/24/2012 2:31:28 PM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/13/2012 5:41:42 AM | Computer Name = robert-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization:
20 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 7/17/2012 1:40:59 PM | Computer Name = robert-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/20893b40_1289_43d3_bdda_ea847b4422e4/tj+iuksxkkzu3qavykdsijd9_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8139 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

Error - 10/3/2012 10:23:19 AM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/3/2012 11:38:09 AM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/3/2012 1:33:28 PM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Connection Manager Events ]
Error - 1/19/2012 12:22:20 AM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/18 23:22:20.488|000009E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/19/2012 10:23:00 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/19 21:23:00.397|00000CFC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/19/2012 11:23:10 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/19 22:23:10.034|00001470|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/20/2012 8:16:06 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/20 19:16:06.108|000012B4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/21/2012 10:14:16 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/21 21:14:16.927|00000B74|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/22/2012 10:00:22 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/22 21:00:22.195|00000BFC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/23/2012 8:48:46 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/23 19:48:46.505|00001780|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/23/2012 8:48:48 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/23 19:48:48.377|00001780|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/23/2012 10:01:04 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/23 21:01:04.372|00000C9C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/24/2012 8:34:21 AM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/24 07:34:21.051|000003F0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Software Framework Events ]
Error - 10/18/2012 10:50:44 AM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/10/18 10:50:44.263|00001890|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/18/2012 12:45:43 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/10/18 12:45:43.514|00000700|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/18/2012 12:51:33 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/10/18 12:51:33.675|000016DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/18/2012 12:54:22 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/10/18 12:54:22.552|00001D60|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/18/2012 12:54:23 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/10/18 12:54:23.608|0000023C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/18/2012 12:54:51 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/10/18 12:54:51.315|00000754|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/18/2012 12:55:40 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/10/18 12:55:40.019|00001F90|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/19/2012 8:52:51 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/10/19 20:52:51.984|00001234|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 11/1/2012 3:13:44 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/11/01 15:13:44.835|00000600|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 11/1/2012 5:56:05 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2012/11/01 17:56:05.158|00000F48|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 10/31/2012 9:54:29 PM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/1/2012 5:35:47 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/2/2012 7:49:03 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/3/2012 6:23:17 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/4/2012 6:13:28 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/5/2012 7:17:21 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/6/2012 7:25:58 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/7/2012 6:29:35 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/8/2012 3:26:30 PM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 11/9/2012 8:12:12 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.


< End of report >
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 9th, 2012, 6:25 pm

bonnie,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

CamStudio
ffdshow

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    [2012/09/21 16:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Extensions
    [2012/10/31 10:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions
    [2011/09/13 06:58:19 | 000,001,945 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins\bing-zugo.xml
    CHR - homepage: http://www.searchnu.com/406
    CHR - homepage: http://www.searchnu.com/406
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

OTL Moved Files

Unread postby bonnie » November 9th, 2012, 7:24 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\robert\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\components folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome\icons\default folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome\icons folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults\palettes folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\docs folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\locale\en-US folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\locale folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\wizard folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\semrush folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\pageinfo folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\options folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\diagnosis folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\density folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\yandex folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\yahoo folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\toolbar folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\socials folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\seobar folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\pageinfo folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\options folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\notifications folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\linkinfo folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\google folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\diagnosis folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\density folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\lib folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\searchplugins folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\modules folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\META-INF folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\components folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\window folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\position folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\icons folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\buttons folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\locale\en-US folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\locale folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\prestosavings folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpweatherbug folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpweather folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btptoolbarbutton folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpbutton folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins\bing-zugo.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\robert\Desktop\cmd.bat deleted successfully.
C:\Users\robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: robert
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: robert
->Flash cache emptied: 74496 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: robert
->Temp folder emptied: 173759181 bytes
->Temporary Internet Files folder emptied: 249079376 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66696877 bytes
->Google Chrome cache emptied: 59129396 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120407506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66717 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 638.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11092012_181142

Files\Folders moved on Reboot...
C:\Users\robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 9th, 2012, 7:33 pm

OTL logfile created on: 11/9/2012 6:26:22 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.32% Memory free
15.90 Gb Paging File | 13.84 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 544.17 Gb Free Space | 79.57% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: ROBERT-HP | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/11/08 18:04:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
PRC - [2012/11/03 09:39:01 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/11/02 06:52:45 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/27 07:41:52 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/11 11:24:35 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/07/31 03:19:26 | 000,041,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 13:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/08 14:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/11/08 22:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/03 09:39:00 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/11/02 06:52:32 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/16 06:11:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/14 05:09:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 05:09:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 08:10:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/05/12 05:14:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 05:13:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 05:13:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 05:13:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 05:13:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 05:13:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/19 19:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/08 05:41:59 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/08/25 15:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/06/12 12:34:59 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/29 14:19:55 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/11/29 14:19:52 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/12 15:36:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2012/11/02 06:52:44 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/29 14:17:50 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/12 15:34:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 20:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/25 15:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/12 12:35:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/06/12 12:34:59 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/12 12:34:59 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/29 14:19:55 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/29 14:17:50 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/11/29 14:16:20 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/11/29 14:16:20 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/13 06:34:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 19:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/06/28 08:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110913&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.9
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - prefs.js..extensions.enabledItems: downintab@max.max:1.00
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: craigzilla@studioshorts.com:1.1.1
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.gopher: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.http: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.ssl: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 13:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/31 08:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/08 14:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 14:22:10 | 000,000,000 | ---D | M]

[2012/11/09 18:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Extensions
[2012/09/21 15:40:37 | 000,002,519 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins\Search_Results.xml
[2012/11/02 06:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/02 06:52:28 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/11/02 06:52:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/14 13:41:55 | 000,216,720 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/10/27 07:42:01 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/02 06:52:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/21 15:40:37 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/11/02 06:52:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... 06&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/02/16 05:58:50 | 000,441,357 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15167 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} http://www.iradiopop.com/IRD/INDBrowser.CAB (INDBrowser Control)
O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB (VBIRDPlayer.Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8310BB86-6F61-479B-892F-306AB678E156}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell - "" = AutoRun
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell\AutoRun\command - "" = G:\TVRadio.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/09 18:11:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/09 07:38:25 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\RK_Quarantine
[2012/11/08 18:04:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2012/11/08 18:02:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2012/11/08 14:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 09:12:29 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2012/11/02 06:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/31 08:36:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/30 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/10/30 18:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/10/27 07:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/10/19 19:56:31 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\HP
[2012/10/19 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\AuthenTec
[2012/10/18 11:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2011/09/13 06:34:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\robert\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/11/09 18:27:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 18:27:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 18:20:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 18:19:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/09 18:19:28 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/09 17:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 17:31:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000UA.job
[2012/11/09 17:06:31 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000Core.job
[2012/11/09 07:32:55 | 000,666,112 | ---- | M] () -- C:\Users\robert\Desktop\RogueKiller.exe
[2012/11/09 07:11:14 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrobert.job
[2012/11/08 18:04:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2012/11/08 18:04:02 | 000,681,984 | ---- | M] () -- C:\Users\robert\Desktop\CKScanner.exe
[2012/11/08 18:02:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2012/11/08 09:12:33 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2012/11/07 08:30:12 | 000,042,032 | ---- | M] () -- C:\Users\robert\Desktop\adobe-error.jpg
[2012/11/07 05:33:42 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/07 05:33:42 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/07 05:33:42 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/05 14:01:32 | 005,511,843 | ---- | M] () -- C:\Users\robert\Desktop\The E-Minis Unfair Advantage.pdf
[2012/11/05 10:11:34 | 000,002,176 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/11/01 17:24:28 | 010,083,110 | ---- | M] () -- C:\Users\robert\Desktop\responding-to-climate-change-synthesis.pdf
[2012/10/27 07:41:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/10/23 12:21:15 | 000,001,861 | ---- | M] () -- C:\Users\robert\Desktop\thinkorswim from TD AMERITRADE.lnk
[2012/10/22 13:23:30 | 000,000,107 | ---- | M] () -- C:\Users\robert\Desktop\Learning Center.URL
[2012/10/18 18:28:05 | 001,582,136 | ---- | M] () -- C:\Users\robert\Desktop\LFS-BOOK-7.0.pdf
[2012/10/18 18:26:47 | 001,574,765 | ---- | M] () -- C:\Users\robert\Desktop\gmail-guide.pdf
[2012/10/13 15:14:49 | 000,138,214 | ---- | M] () -- C:\Users\robert\Desktop\Tina_Logans_Advice_To_Novice_Traders.pdf
[2012/10/13 15:10:01 | 002,997,967 | ---- | M] () -- C:\Users\robert\Desktop\JoeVitale-AttractMoneyNow.pdf
[2012/10/13 15:04:31 | 000,803,250 | ---- | M] () -- C:\Users\robert\Desktop\Caloriegate.pdf
[2012/10/12 07:22:20 | 002,261,443 | ---- | M] () -- C:\Users\robert\Desktop\sfuserguide2_0.pdf

========== Files Created - No Company Name ==========

[2012/11/09 07:32:51 | 000,666,112 | ---- | C] () -- C:\Users\robert\Desktop\RogueKiller.exe
[2012/11/08 18:04:00 | 000,681,984 | ---- | C] () -- C:\Users\robert\Desktop\CKScanner.exe
[2012/11/07 08:29:59 | 000,042,032 | ---- | C] () -- C:\Users\robert\Desktop\adobe-error.jpg
[2012/11/05 14:01:16 | 005,511,843 | ---- | C] () -- C:\Users\robert\Desktop\The E-Minis Unfair Advantage.pdf
[2012/11/01 17:24:28 | 010,083,110 | ---- | C] () -- C:\Users\robert\Desktop\responding-to-climate-change-synthesis.pdf
[2012/10/22 13:23:30 | 000,000,107 | ---- | C] () -- C:\Users\robert\Desktop\Learning Center.URL
[2012/10/18 18:28:05 | 001,582,136 | ---- | C] () -- C:\Users\robert\Desktop\LFS-BOOK-7.0.pdf
[2012/10/18 18:26:46 | 001,574,765 | ---- | C] () -- C:\Users\robert\Desktop\gmail-guide.pdf
[2012/10/13 15:14:49 | 000,138,214 | ---- | C] () -- C:\Users\robert\Desktop\Tina_Logans_Advice_To_Novice_Traders.pdf
[2012/10/13 15:10:01 | 002,997,967 | ---- | C] () -- C:\Users\robert\Desktop\JoeVitale-AttractMoneyNow.pdf
[2012/10/13 15:04:28 | 000,803,250 | ---- | C] () -- C:\Users\robert\Desktop\Caloriegate.pdf
[2012/10/12 07:22:20 | 002,261,443 | ---- | C] () -- C:\Users\robert\Desktop\sfuserguide2_0.pdf
[2012/09/23 16:44:40 | 000,002,176 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/02 09:26:07 | 000,000,288 | ---- | C] () -- C:\Users\robert\AppData\Roaming\.backup.dm
[2012/08/19 15:45:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2012/08/19 15:45:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2012/08/19 15:45:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2012/07/11 07:32:01 | 000,000,076 | ---- | C] () -- C:\Windows\Setup Wizard.INI
[2012/06/12 12:36:08 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/12 12:36:08 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/12 12:36:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/12 12:36:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/14 14:17:56 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2012/02/15 07:47:00 | 000,007,608 | ---- | C] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg
[2011/12/21 11:13:39 | 000,005,120 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 11:13:13 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/21 11:13:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/21 11:12:18 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011/11/01 18:55:31 | 000,060,304 | ---- | C] () -- C:\Users\robert\g2mdlhlpx.exe
[2011/09/30 21:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/21 21:11:17 | 000,000,115 | ---- | C] () -- C:\Windows\iwatch.ini
[2011/09/19 10:31:04 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011/09/13 06:34:42 | 000,007,859 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.cat
[2011/09/13 06:34:42 | 000,001,167 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.inf
[2011/09/12 09:43:50 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/05 16:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/05 16:46:22 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/05 16:45:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/05 16:41:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/21 14:43:27 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/25 17:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/02/22 18:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/03 15:43:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\avidemux
[2012/06/21 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\calibre
[2011/12/06 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\CintaNotes
[2011/11/23 20:11:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2012/11/09 18:21:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Dropbox
[2012/09/01 15:08:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\f-secure
[2012/03/28 09:14:12 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\FileZilla
[2011/11/30 06:31:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\funkitron
[2011/09/14 22:00:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IDT
[2012/10/10 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ImgBurn
[2011/09/13 06:50:45 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IrfanView
[2012/03/27 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\KompoZer
[2011/12/28 09:28:36 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Mobipocket
[2011/12/28 11:44:21 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Notepad++
[2011/10/02 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\OpenOffice.org
[2011/12/22 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\OverDrive
[2011/12/11 13:48:29 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PrimoPDF
[2011/11/02 20:24:33 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\RampRT
[2011/11/02 20:00:31 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\RegServers
[2012/09/02 09:30:16 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SanDisk SecureAccess
[2012/03/27 19:21:26 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SEO Backlink Checker
[2012/05/05 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Stellarium
[2011/09/12 09:34:34 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Synaptics
[2012/06/25 06:00:06 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SystemRequirementsLab
[2011/09/13 06:34:59 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Vso
[2012/05/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WebApp
[2011/11/09 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Windows Live Writer
[2011/09/13 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WordWeb
[2011/09/13 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========



< End of report >
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 9th, 2012, 7:46 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 18:38 on 09/11/2012 by robert
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 9th, 2012, 8:28 pm

I just noticed that I'm missing all of my addons in Firefox. One is called Reminderfox which contains a bunch of medical appointments for family. Will I be able to get those back?
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 10th, 2012, 8:06 am

bonnie,
Easy Bits Magic Desktop software is commonly installed without permission.
If you did not install it intentionally, I would Uninstall it.

Most Users have to Uninstall and Re-Install Chrome to get rid of Searchnu/Searchqu, etc.
We will try to kill it without the a re-install first.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    CHR - homepage: http://www.searchnu.com/406
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
---------------------------------------------
Let's see if we can find the location of the Quarantined Firefox add-ons
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *11092012_181142*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 8:39 am

No I didn't install Easy Bits Magic Desktop Software. Had trouble finding it in Programs and Features, but used search, found it, uninstalled it.

Here's OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Use Chrome's Settings page to change the HomePage.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\robert\Desktop\cmd.bat deleted successfully.
C:\Users\robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: robert
->Temp folder emptied: 2714 bytes
->Temporary Internet Files folder emptied: 36473 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56656397 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11102012_073229

Files\Folders moved on Reboot...
C:\Users\robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 8:45 am

SystemLook 30.07.11 by jpshortstuff
Log created at 07:41 on 10/11/2012 by robert
Administrator - Elevation successful

========== filefind ==========

Searching for "*11092012_181142*"
C:\_OTL\MovedFiles\11092012_181142.log --a---- 34242 bytes [23:13 09/11/2012] [23:21 09/11/2012] AA92C80917A44BAFC1088322BB23CFB2

-= EOF =-
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 10th, 2012, 9:32 am

bonnie,
---------------------------------------------
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :contents
    C:\_OTL\MovedFiles\11092012_181142.log
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 133 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware