Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Missing favourites in IE and trojan found

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Missing favourites in IE and trojan found

Unread postby steveqae » December 8th, 2013, 11:34 am

I have been having a few problems, there are some of my favourites missing from IE and slow to launch some websites, I have run a scan with super AntiSpyWare which found two Trojans which were removed, could you please check my system for ant thing that should not be there.
Below is the log of dds.scr as requested.

Regards

Steve


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Steve at 15:28:31.86 on 08/12/2013
Internet Explorer: 9.11.9600.16428 BrowserJavaVersion: 10.45.2
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.1370 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\crypserv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Steve\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\JL Alpine Advent Calendar 2013\JL Alpine Advent Calendar 2013.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SMA\Sunny Explorer\SunnyExplorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z13HIR3L\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = https://www.google.co.uk/
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Speckie: {8ce7f568-67fa-4432-ba39-f5afd68e7b8b} - c:\users\steve\appdata\roaming\speckie\bin32\Speckie32.dll
BHO: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Logitech SetPoint: {af949550-9094-4807-95ec-d1c317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: MemberPluginBHO Class: {c3e5e149-27b7-49d1-8420-b02ac52af663} - c:\program files\memberplugin\MemberPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SacReminder] c:\programdata\officeguardian\reminder\SacReminder.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [<NO NAME>]
uRun: [SearchProtection] "c:\users\steve\appdata\roaming\search protection\SearchProtection.EXE" /autostart
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [AppleIEDAV] c:\program files\common files\apple\internet services\AppleIEDAV.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\8ac91b4d-12df-47c8-b0b6-53b1d23435a8.exe /check
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\jlalpi~1.lnk - c:\program files\jl alpine advent calendar 2013\JL Alpine Advent Calendar 2013.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - c:\users\steve\appdata\roaming\speckie\bin32\Speckie32.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Core/Player/ ... _Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://192.171.163.3/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {5857DF30-BD72-4E2F-AA8F-CD8289F319FA} = 8.26.56.26,156.154.70.22
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\ed49kxgs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=gr ... =714647&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-17 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-17 178304]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-25 108816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-17 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-17 403440]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-8-14 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-3-25 242240]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-10-28 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-25 157264]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-25 230448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2012-1-31 143952]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-11 65640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-17 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-17 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-17 50344]
R2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-2 1678040]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2013-12-8 1407256]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\logitech\solarapp\L4301_Solar.exe [2010-10-26 319568]
R2 MSSQL$EONENERGYFIT;SQL Server (EONENERGYFIT);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-11-27 14652704]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-8-25 1817560]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-8-25 171928]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2013-11-24 689464]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2013-10-30 1739576]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-8-9 174936]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2013-10-2 144600]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2013-10-10 33320]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2013-5-23 42264]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2013-5-23 10136]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-11-27 33568]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2013-5-27 193640]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2013-9-18 12320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-4 135664]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-8-25 1033688]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2009-12-6 39632]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-6-18 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-6-18 8456]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-10-20 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2013-2-5 1512448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-4 135664]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-19 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2013-10-17 118680]
S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [2010-2-7 30329]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-4-8 14848]
S3 Rockusb;Driver for Rockusb Device;c:\windows\system32\drivers\rockusb.sys [2013-4-11 44656]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-5-27 13464]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-4-8 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-5 1343400]
.
=============== Created Last 30 ================
.
2013-12-08 12:01:07 -------- d-----w- c:\windows\pss
2013-12-07 23:40:45 -------- d-----w- c:\program files\NISSAN_Connect_PC_Tool
2013-12-06 09:51:30 7772552 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a9cd82a4-6f44-4735-a0f9-4d870eecf53c}\mpengine.dll
2013-12-05 23:46:51 -------- d-----r- c:\program files\Skype
2013-11-30 10:21:08 -------- d-----w- c:\users\steve\appdata\local\Avg2014
2013-11-27 21:26:05 -------- d-----w- c:\windows\Migration
2013-11-27 21:21:25 955168 ----a-w- c:\windows\system32\nvspcap.dll
2013-11-26 23:57:38 -------- d-----w- c:\windows\system32\RTCOM
2013-11-26 23:55:59 13416 ----a-w- c:\windows\system32\RtkCoLDR.dll
2013-11-26 23:54:57 357712 ----a-w- c:\windows\system32\KAAPORT.dll
2013-11-26 23:53:20 502584 ----a-w- c:\windows\system32\audioLibVc.dll
2013-11-26 23:53:19 95840 ----a-w- c:\windows\system32\AERTARen.dll
2013-11-26 23:53:19 182472 ----a-w- c:\windows\system32\AERTACap.dll
2013-11-26 23:53:18 188696 ----a-w- c:\windows\system32\AcpiServiceVnA.dll
2013-11-26 17:44:56 25400 ----a-w- c:\windows\system32\authuitu.dll
2013-11-26 17:44:50 36152 ----a-w- c:\windows\system32\uxtuneup.dll
2013-11-26 17:42:39 36664 ----a-w- c:\windows\system32\TURegOpt.exe
2013-11-26 17:41:28 -------- d-----w- c:\program files\TuneUp Utilities 2014
2013-11-26 17:40:03 -------- d-sh--w- c:\progra~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-25 22:06:53 -------- d-----w- c:\users\steve\appdata\roaming\JLAdventCalendarAlpine2013
2013-11-25 22:06:14 -------- d-----w- c:\program files\JL Alpine Advent Calendar 2013
2013-11-25 09:49:50 -------- d-----w- c:\program files\Glary Utilities 4
2013-11-24 23:45:35 -------- d-----w- c:\program files\Virgin Media
2013-11-22 23:22:02 -------- d-----w- c:\program files\Foolish IT
2013-11-22 17:47:54 -------- d-----w- c:\program files\Garmin GPS Plugin
2013-11-17 22:01:48 -------- d-----w- c:\users\steve\appdata\roaming\AVAST Software
2013-11-17 21:53:51 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-17 21:53:50 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-17 21:53:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-17 21:53:49 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-17 21:53:47 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-17 21:53:18 43152 ----a-w- c:\windows\avastSS.scr
2013-11-11 08:59:28 590112 ----a-w- c:\windows\system32\nvStreaming.exe
2013-11-09 17:53:11 -------- d-----w- c:\users\steve\appdata\roaming\SUPERAntiSpyware.com
2013-11-09 17:52:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-11-09 17:52:47 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2013-11-08 21:10:52 -------- d-----w- c:\progra~2\Oracle
2013-11-08 21:10:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-08 19:30:24 -------- d-----w- c:\program files\iPod
2013-11-08 19:30:22 -------- d-----w- c:\program files\iTunes
2013-11-08 19:30:22 -------- d-----w- c:\progra~2\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M ====================
.
2013-11-19 09:38:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 09:38:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-11 14:26:52 4321056 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 14:26:52 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2013-11-11 14:26:50 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 14:26:50 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 14:26:50 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 05:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-10-02 17:02:14 1678040 ----a-w- c:\windows\system32\BtwRSupportService.exe
2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-17 21:23:16 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
2013-09-17 21:23:16 1049376 ----a-w- c:\windows\system32\nvdispco3232723.dll
2013-09-12 06:28:37 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-11 21:21:54 863344 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2013-09-11 21:21:54 501872 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2013-09-11 21:21:54 28776 ----a-w- c:\windows\system32\aspnet_counters.dll
2013-09-11 21:21:54 18000 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
.
============= FINISH: 15:30:31.54 ===============
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth
Advertisement
Register to Remove

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 8th, 2013, 1:18 pm

Hello Steve,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 8th, 2013, 6:14 pm

Hello Steve,

Below is the log of dds.scr as requested.
Before we continue I would like to draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help. You can find there that you should post two logs after running DDS scanner - DDS.txt you posted already and Attach.txt you forgot to post somehow... :(

Please post the Attach.txt in next reply.

Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of Attach.txt log file
  3. Contents of CKFiles.txt log file

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 9th, 2013, 6:00 am

Hi, sorry about not posting the attach.txt file (I thought they were both the same)

Below are the files requested.

Steve



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 31/10/2009 11:08:18
System Uptime: 08/12/2013 16:51:04 (8 hours ago)
.
Motherboard: FUJITSU SIEMENS | | MS-7504VP-PV
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 391 GiB total, 195.064 GiB free.
D: is FIXED (NTFS) - 196 GiB total, 121.934 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 34.937 GiB free.
F: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
N: is FIXED (NTFS) - 233 GiB total, 158.399 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001004C_PID&6D07\8&12C2E6DC&0&1499E2C604FE_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001004C_PID&6D07\8&12C2E6DC&0&1499E2C604FE_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00E7\8&12C2E6DC&0&3CF72A489B81_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00E7\8&12C2E6DC&0&3CF72A489B81_C00000000
Service:
.
==== System Restore Points ===================
.
RP1275: 13/10/2013 17:07:20 - Windows Update
RP1276: 14/10/2013 23:37:57 - avast! Free Antivirus Setup
RP1277: 15/10/2013 00:07:50 - Windows Update
RP1278: 18/10/2013 17:09:54 - Windows Update
RP1279: 22/10/2013 16:53:27 - Windows Update
RP1280: 25/10/2013 16:59:18 - Windows Update
RP1282: 28/10/2013 09:42:35 - Installed Rapport
RP1283: 28/10/2013 17:28:02 - Windows Update
RP1284: 01/11/2013 17:12:47 - Windows Update
RP1285: 04/11/2013 17:18:19 - Windows Update
RP1286: 08/11/2013 17:30:46 - Windows Update
RP1287: 08/11/2013 21:09:00 - Installed Java 7 Update 45
RP1288: 12/11/2013 17:23:21 - Windows Update
RP1289: 13/11/2013 10:02:49 - Windows Update
RP1290: 16/11/2013 17:00:27 - Windows Update
RP1292: 17/11/2013 21:52:20 - avast! antivirus system restore point
RP1293: 19/11/2013 10:06:32 - Windows Update
RP1294: 22/11/2013 10:16:31 - Windows Update
RP1296: 25/11/2013 09:42:20 - Installed Rapport
RP1297: 26/11/2013 09:40:24 - Windows Update
RP1298: 26/11/2013 17:33:00 - Removed TuneUp Utilities 2011
RP1299: 26/11/2013 17:35:03 - Removed TuneUp Utilities Language Pack (en-US)
RP1300: 26/11/2013 17:40:35 - Installed TuneUp Utilities 2014
RP1302: 26/11/2013 23:32:48 - DriverUpdate Installing Drivers
RP1303: 27/11/2013 21:23:36 - Windows Update
RP1304: 02/12/2013 17:11:18 - Garmin Express
RP1305: 02/12/2013 17:13:56 - Garmin Express
RP1306: 03/12/2013 10:03:10 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
A-Men Technologies USB-to-Serial
Adblock Plus for IE
Adblock Plus for IE (32-bit)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions 2.0
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop Elements 10
Adobe Reader XI (11.0.05)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 12.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
ALTools Update
ALZip 8.51
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
AXIS Media Control 6.0.3 Redist
Bejeweled 3
Big City Adventure - London Story
Bing Maps 3D
Bonjour
Bookworm Deluxe
calibre
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3100 series MP Drivers
Canon MG3100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CCleaner
Compatibility Pack for the 2007 Office system
Connect
ConvertXtoDVD 4.1.19.365
CryptoPrevent v4.2.6
Cucusoft Ultimate DVD + Video Converter Suite 7.13.7.7
D3DX10
DAEMON Tools Lite
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DriverUpdate
DVD Identifier
EaseUS Partition Master 9.1.1 Home Edition
Elements 10 Organizer
Elevated Installer
eReg
FileHippo.com Update Checker
Firebird SQL Server - MAGIX Edition
Flash Movie Player 1.5
Free DWG Viewer 7.1
Free Picture Resize Starter 4.5
Garmin Communicator Plugin
Garmin Express
Garmin Express Tray
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GeForce Experience NvStream Client Components
Glary Utilities PRO 4.0
Google Chrome
Google Drive
Google Earth
Google Update Helper
High-Definition Video Playback 10
Huge Pine USB to UART Driver
Internet Explorer Member Plugin
Internet TV for Windows Media Center
iTunes
iTunes Lyrics Importer
Jacquie Lawson Alpine Advent Calendar 2013
Java 7 Update 45
Java Auto Updater
Jewel Quest Heritage 1.00
Jigsaw Puzzle Platinum
Junk Mail filter update
K-Lite Codec Pack 9.9.5 (Full)
kuler
Logitech Harmony Remote
Logitech Harmony Remote Software 7
Logitech SetPoint 6.60
Logitech Solar App 1.0
Logitech Unifying Software 2.10
Logitech Vid HD
Logitech Webcam Software
Lyrics Plugin for Windows Media Player
Magic ISO Maker v5.5 (build 0281)
MAGIX Movie Edit Pro 2013 Premium
MAGIX Speed burnR (MSI)
MAGIX Video deluxe Premium 2013 Update
Malwarebytes Anti-Malware version 1.75.0.1300
MarkAble 2.2.8
Microsoft .NET Framework 4.5.1
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft AutoRoute 2010
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Reader
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (EONENERGYFIT)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2013
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works 6-9 Converter
Microsoft_VC100_CRT_SP1_x86
Movie Maker
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
neroxml
NISSAN Connect PC Tool
Nokia Connectivity Cable Driver
Nokia Suite
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 331.82
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Stereoscopic 3D Driver
NVIDIA Virtual Audio 1.2.9
OGA Notifier 2.0.0048.0
Opera 12.16
PC Connectivity Solution
Photo Common
Photo Gallery
Photoshop Camera Raw
Picasa 3
PL-2303 USB-to-Serial
PSE10 STI Installer
PVSonyDll
QuickTime
Radialpoint Security Advisor 2.5.23
RAMA
Rapport
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recuva
Remote Control USB Driver
RoboForm 7-6-4 (All Users)
RPS CRT
Safari
Search Protection
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SHIELD Streaming
Skype Click to Call
Skype™ 6.11
SkyPlayer for Windows Media Center
SlimCleaner
SlimDrivers
SmartSound Quicktracks Plugin
Software Suite
Speckie
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Suite Shared Configuration CS4
Sunny Explorer
SUPERAntiSpyware
swMSM
System Recovery
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Trusteer Endpoint Protection
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
TweakUAC
UBitMenu UK
UndeleteMyFiles Pro
Universal Viewer Free version 5.7.3.0
Update Detector 1.10.0.30
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 Capture Device
VC80CRTRedist - 8.0.50727.6195
Virgin Media Digital Home Support 2.1.27
Virgin Media Service Manager 3.7.47
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.7
WIDCOMM Bluetooth Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
xplorer² lite 32 bit
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
08/12/2013 23:21:50, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
08/12/2013 14:18:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
08/12/2013 14:18:47, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/12/2013 14:18:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
08/12/2013 14:18:15, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/12/2013 09:51:49, Error: Service Control Manager [7000] - The Process creation detector. service failed to start due to the following error: The system cannot find the file specified.
07/12/2013 23:12:10, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
05/12/2013 12:23:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
04/12/2013 14:35:17, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
03/12/2013 17:54:11, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
03/12/2013 17:54:11, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
03/12/2013 09:56:20, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
.
==== End Of File ===========================






CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\games\jewel quest heritage\audio\stonecracks.ogg
scanner sequence 3.NA.11.HIAPVZ
----- EOF -----
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 9th, 2013, 1:18 pm

Hello Steve,

Microsoft Office Enterprise 2007
Can you tell me how you obtained your copy of Microsoft Office Enterprise 2007?

MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Answer to my question about Microsoft Office.
  3. Contents of a log created by MGADiag.exe

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 9th, 2013, 8:30 pm

A. I do not have any problems executing the instructions.
B. Office was installed by a colleague shortly after I purchased the computer, I was told it was a genuine copy, is there a problem with it?
C.Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-9PBTG-BPFFY-PD9H8
Windows Product Key Hash: 6MZhTphHvJEQIjpZsms2wU1HAmc=
Windows Product ID: 00359-OEM-8882234-94842
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {5F476F56-6E2B-41F9-BDEA-C43D6FD27709}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-800a_E2AD56EA-766-191_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files\Opera\Opera.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5F476F56-6E2B-41F9-BDEA-C43D6FD27709}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PD9H8</PKey><PID>00359-OEM-8882234-94842</PID><PIDType>3</PIDType><SID>S-1-5-21-675794104-3854591097-1926455036</SID><SYSTEM><Manufacturer>FUJITSU SIEMENS</Manufacturer><Model>Amilo Desktop PI3745A</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V3.0V</Version><SMBIOSVersion major="2" minor="5"/><Date>20090410000000.000000+000</Date></BIOS><HWID>68713907018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>FSC </OEMID><OEMTableID>PC </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5D65FE14D58F586</Val><Hash>BAoDbPc0n8rFHidSDI0n88MWyd0=</Hash><Pid>89388-707-0270147-65625</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00176-822-394842-02-2057-7600.0000-3212009
Installation ID: 011164329462100814622465002611687071582013517930158111
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: PD9H8
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 09/12/2013 19:17:49

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:18:2013 18:19
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OgAAAAQAAgABAAEAAgACAAAAAgABAAEA6GHqshIfFT+7RXcWxnTCmgD5RrF39vGWLeKEhZW0kpNMWA==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 041009 APIC1334
FACP 041009 FACP1334
HPET 041009 OEMHPET0
MCFG 041009 OEMMCFG
WDRT 041009 NV-WDRT
SLIC FSC PC
OEMB 041009 OEMB1334
NVHD 041009 NVHDCP
SSDT DpgPmm CpuPm
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 10th, 2013, 12:54 am

Hello Steve,

Office was installed by a colleague shortly after I purchased the computer, I was told it was a genuine copy, is there a problem with it?
Yes, there is a problem.
Unfortunately Microsoft Office Enterprise 2007 cannot be licensed for personal use, it can only be licensed by Enterprise customers and so you will need to fully remove the software if you wish to continue to receive help.

Please let me know your decision.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 11th, 2013, 1:01 pm

I have removed Microsoft Office Enterprise 2007 as requested, however to enable me to access my documents I have installed LibreOffice and converted all my documents etc. to this format. I hope this is not a problem.

Steve
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 12th, 2013, 11:10 am

Hello Steve,

I have removed Microsoft Office Enterprise 2007 as requested, however to enable me to access my documents I have installed LibreOffice and converted all my documents etc. to this format. I hope this is not a problem.
No, it is not a problem! :) Let start...

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Spybot - Search & Destroy
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
TDSSKiller - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file
  3. Contents of a Extras.txt log file
  4. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 12th, 2013, 4:17 pm

I have tried to submit the scans but get the message they are to large, even individually.
Steve
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby pgmigg » December 12th, 2013, 5:47 pm

Hello Steve,

I have tried to submit the scans but get the message they are to large, even individually.
Please cut the logs for any number of parts...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 12th, 2013, 5:50 pm

OK part 1 of otl

OTL logfile created on: 12/12/2013 17:09:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 52.67% Memory free
6.50 Gb Paging File | 4.53 Gb Available in Paging File | 69.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390.78 Gb Total Space | 199.15 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive D: | 196.39 Gb Total Space | 121.93 Gb Free Space | 62.09% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 35.84 Gb Free Space | 15.39% Space Free | Partition Type: NTFS
Drive N: | 232.88 Gb Total Space | 158.40 Gb Free Space | 68.02% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/12 17:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2013/12/04 21:00:31 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/02 18:59:50 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/12/02 18:59:50 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/11/25 22:05:53 | 000,142,336 | ---- | M] () -- C:\Program Files\JL Alpine Advent Calendar 2013\JL Alpine Advent Calendar 2013.exe
PRC - [2013/11/17 21:53:14 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/17 21:53:14 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/14 08:31:48 | 001,407,256 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2013/11/14 08:31:46 | 002,033,944 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2013/11/11 14:26:53 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/11/11 14:26:52 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/30 09:45:42 | 001,942,328 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
PRC - [2013/10/30 09:45:40 | 001,739,576 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/02 17:02:14 | 001,678,040 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
PRC - [2013/09/15 13:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/14 02:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/09/04 15:23:44 | 001,315,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
PRC - [2013/09/03 21:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Users\Steve\AppData\Roaming\Search Protection\SearchProtection.exe
PRC - [2013/08/25 15:49:40 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/08/13 15:54:32 | 004,225,288 | ---- | M] (Eyeo GmbH) -- C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
PRC - [2013/08/02 00:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/06/27 20:13:26 | 002,295,576 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2013/06/13 19:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/22 05:07:18 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/04 17:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/14 17:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/07 07:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/10/26 21:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
PRC - [2010/07/29 17:45:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/07/29 17:45:48 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/07/29 17:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/21 00:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2010/01/21 00:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/26 11:23:44 | 000,825,152 | R--- | M] (SAC) -- C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe
PRC - [2006/05/23 21:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
PRC - [2005/09/09 23:19:26 | 000,073,728 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2000/01/01 00:00:00 | 014,652,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/25 22:05:53 | 000,142,336 | ---- | M] () -- C:\Program Files\JL Alpine Advent Calendar 2013\JL Alpine Advent Calendar 2013.exe
MOD - [2013/11/17 21:53:15 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/28 09:45:34 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/10/09 11:52:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 11:52:03 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/15 08:34:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 08:33:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 08:33:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 08:51:29 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/11 08:50:55 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/02/05 21:57:56 | 000,269,824 | ---- | M] () -- C:\Program Files\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/25 13:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2013/12/10 23:06:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/02 18:59:50 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/11/26 08:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/17 21:53:14 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/14 08:31:48 | 001,407,256 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/11/08 15:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/10/30 09:45:40 | 001,739,576 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/10/30 09:45:38 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/02 17:02:14 | 001,678,040 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\System32\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2013/09/11 02:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 19:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 10:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013/03/22 05:07:18 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/02/07 07:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/10/26 21:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010/07/29 17:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/06/05 09:47:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/11 16:02:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 00:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010/01/21 00:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2006/05/23 21:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
SRV - [2005/09/09 23:19:26 | 000,073,728 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2000/01/01 00:00:00 | 014,652,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (usbcamcl)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 4\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (devlower)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (add3lwco)
DRV - [2013/12/02 19:00:04 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/12/02 19:00:04 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/12/02 19:00:02 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/11/27 21:51:34 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/11/17 21:53:19 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/17 21:53:19 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/17 21:53:19 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/17 21:53:19 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/17 21:53:18 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/17 21:53:18 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/11/17 21:53:18 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/17 21:53:18 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/10/28 09:45:30 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/09/18 11:14:34 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2013/08/16 08:20:55 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/08/09 19:02:12 | 000,174,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2013/05/23 06:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/05/23 06:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/05/23 06:12:30 | 000,042,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2013/05/23 06:12:30 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2013/03/25 10:12:52 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/01/23 09:31:50 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2013/01/23 09:31:50 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2013/01/23 09:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2013/01/23 09:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012/12/29 20:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012/12/10 10:04:45 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/10/17 13:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/26 11:02:08 | 000,044,656 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (Rockusb)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/17 21:14:16 | 000,143,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/13 07:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/03 00:00:00 | 000,039,632 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CH341SER.SYS -- (CH341SER)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/27 14:57:28 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/07/26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/05/27 11:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/04/03 12:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007/09/05 05:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/09/26 18:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/09/18 13:48:22 | 000,030,329 | ---- | M] (NAVMAN) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Navcar.sys -- (Navcar)
DRV - [2006/08/01 21:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/04/06 08:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2005/01/06 12:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/07/30 00:35:52 | 000,031,654 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2004/07/08 16:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 03:15:30 | 000,076,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/07/26 15:23:20 | 000,036,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/07/16 09:56:58 | 000,045,406 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TOSPORTE.SYS -- (tosporte)
DRV - [2003/06/21 10:13:04 | 000,062,063 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/05/23 05:20:12 | 000,034,944 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TOSRFUSB.SYS -- (Tosrfusb)
DRV - [2002/10/18 08:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2000/01/01 00:00:00 | 010,446,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2000/01/01 00:00:00 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2000/01/01 00:00:00 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2000/01/01 00:00:00 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2000/01/01 00:00:00 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\SearchScopes,DefaultScope = {B67893DA-2EEB-483D-9094-BA01FCB121A9}
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\SearchScopes\{B67893DA-2EEB-483D-9094-BA01FCB121A9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/11/04 23:47:33 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/03/22 11:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/07/15 09:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/17 21:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 00:40:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/10/11 08:59:27 | 000,000,000 | ---D | M]

[2010/04/02 15:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/01/16 23:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/13 23:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/03/10 00:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/02 15:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/11/22 19:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ed49kxgs.default\extensions
[2013/11/17 23:30:23 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ed49kxgs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/18 08:43:44 | 000,000,921 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ed49kxgs.default\searchplugins\yahoo.xml
[2013/12/05 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/05 23:47:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/05 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/05 23:47:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/17 22:23:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/17 21:53:27 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=ch ... =714647&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... n&command={searchTerms},
CHR - homepage: https://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Floorplanner = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag\13_0\
CHR - Extension: Google Docs = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Adblock Plus = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Adblock Plus = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Adblock Plus = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\
CHR - Extension: Google+ = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: avast! Online Security = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: New Tab Redirect! = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Maps = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Planner 5D = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: SkyDrive = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk\1.0.3_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/27 08:46:29 | 000,449,243 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Speckie) - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Steve\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (MemberPluginBHO Class) - {C3E5E149-27B7-49D1-8420-B02AC52AF663} - C:\Program Files\MemberPlugin\MemberPlugin.dll (Edward Hibbert (edward@ehibbert.org.uk))
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\8ac91b4d-12df-47c8-b0b6-53b1d23435a8.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [AppleIEDAV] C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [SacReminder] C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe (SAC)
O4 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000..\Run: [SearchProtection] C:\Users\Steve\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar 2013.lnk = C:\Program Files\JL Alpine Advent Calendar 2013\JL Alpine Advent Calendar 2013.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9 - Extra 'Tools' menuitem : Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Speckie Settings - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:\Users\Steve\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.bp.2020.net/Core/Core/Player/ ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://192.171.163.3/activex/AxisCamControl.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5857DF30-BD72-4E2F-AA8F-CD8289F319FA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5857DF30-BD72-4E2F-AA8F-CD8289F319FA}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\tmtbim - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{210c988d-42c5-11e2-b994-00190e09486d}\Shell - "" = AutoRun
O33 - MountPoints2\{210c988d-42c5-11e2-b994-00190e09486d}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{5695e597-9db9-11e1-8f9c-00190e09486d}\Shell - "" = AutoRun
O33 - MountPoints2\{5695e597-9db9-11e1-8f9c-00190e09486d}\Shell\AutoRun\command - "" = K:\dvdrun.exe
O33 - MountPoints2\{5695e597-9db9-11e1-8f9c-00190e09486d}\Shell\launchMP\command - "" = K:\Setup_ST.exe
O33 - MountPoints2\{5695e597-9db9-11e1-8f9c-00190e09486d}\Shell\readit\command - "" = K:\dvdrun.exe VIEW=readme.htm
O33 - MountPoints2\{5e347b97-c60f-11de-974b-002421b3cddb}\Shell - "" = AutoRun
O33 - MountPoints2\{5e347b97-c60f-11de-974b-002421b3cddb}\Shell\AutoRun\command - "" = O:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 12th, 2013, 5:51 pm

part 2 of otl

========== Files/Folders - Created Within 30 Days ==========

[2013/12/12 17:06:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2013/12/12 17:01:42 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2013/12/11 10:09:11 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/11 10:09:10 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/12/11 10:09:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/11 10:09:08 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/11 10:09:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/12/11 10:09:07 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/12/11 10:09:07 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/12/11 10:09:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/12/11 10:09:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/12/11 10:09:06 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/11 10:09:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/12/11 10:09:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/12/11 10:09:03 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/11 10:09:01 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/11 09:58:49 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/12/11 09:55:29 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/12/11 09:55:22 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 09:55:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/12/11 09:55:05 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 09:54:42 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 09:54:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/10 11:46:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\LibreOffice
[2013/12/10 11:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
[2013/12/10 11:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4
[2013/12/09 19:18:07 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/12/09 19:18:07 | 000,000,000 | ---D | C] -- \MGADiagToolOutput
[2013/12/09 19:16:20 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\MGADiag.exe
[2013/12/08 17:26:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2013/12/08 12:01:07 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/12/07 23:40:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NISSAN Connect PC Tool
[2013/12/07 23:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\NISSAN_Connect_PC_Tool
[2013/12/05 23:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/05 23:46:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/12/05 23:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/12/02 19:00:04 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/11/30 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Avg2014
[2013/11/29 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/11/27 21:26:05 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/27 21:21:25 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvspcap.dll
[2013/11/27 21:16:28 | 000,033,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvvad32v.sys
[2013/11/27 21:16:28 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvaudcap32v.dll
[2013/11/27 21:16:27 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233182.dll
[2013/11/27 21:16:27 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233182.dll
[2013/11/27 21:16:26 | 022,951,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/11/27 21:16:26 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/11/27 21:16:26 | 010,446,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/11/27 21:16:26 | 009,663,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/11/27 21:16:26 | 009,619,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/11/27 21:16:26 | 002,947,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/11/27 21:16:26 | 002,747,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/11/27 21:16:26 | 000,609,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/11/27 21:16:26 | 000,562,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/11/26 23:57:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2013/11/26 23:56:17 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013/11/26 23:56:16 | 001,824,000 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2013/11/26 23:56:15 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2013/11/26 23:56:15 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2013/11/26 23:56:15 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2013/11/26 23:56:14 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/11/26 23:56:14 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/11/26 23:56:14 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/11/26 23:56:14 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/11/26 23:56:14 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2013/11/26 23:56:13 | 000,604,928 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sltech32.dll
[2013/11/26 23:56:13 | 000,218,368 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2013/11/26 23:56:10 | 000,938,752 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2013/11/26 23:56:10 | 000,823,040 | ---- | C] (DTS, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2013/11/26 23:56:09 | 000,919,600 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2013/11/26 23:56:09 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2013/11/26 23:56:08 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2013/11/26 23:56:08 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2013/11/26 23:56:05 | 001,596,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013/11/26 23:56:02 | 002,547,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013/11/26 23:55:59 | 000,124,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2013/11/26 23:55:59 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2013/11/26 23:55:58 | 000,782,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013/11/26 23:55:57 | 002,328,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013/11/26 23:55:55 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2013/11/26 23:55:55 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2013/11/26 23:55:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2013/11/26 23:55:55 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2013/11/26 23:55:53 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2013/11/26 23:55:53 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2013/11/26 23:55:41 | 038,385,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2013/11/26 23:55:38 | 007,162,128 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2013/11/26 23:55:38 | 000,352,016 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2013/11/26 23:55:38 | 000,106,768 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2013/11/26 23:55:38 | 000,091,920 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2013/11/26 23:55:38 | 000,062,224 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2013/11/26 23:55:37 | 000,877,880 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[2013/11/26 23:55:34 | 005,773,592 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll
[2013/11/26 23:55:33 | 000,852,016 | ---- | C] (Sony Corporation) -- C:\Windows\System32\MISS_APO.dll
[2013/11/26 23:55:30 | 000,761,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVoiceAPO20.dll
[2013/11/26 23:55:30 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2013/11/26 23:55:29 | 000,926,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxSpeechAPO.dll
[2013/11/26 23:55:27 | 003,444,992 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnN.dll
[2013/11/26 23:55:17 | 027,369,216 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2013/11/26 23:55:15 | 001,677,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2013/11/26 23:55:07 | 013,881,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2013/11/26 23:55:05 | 001,935,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013/11/26 23:55:03 | 000,859,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2013/11/26 23:55:02 | 001,097,984 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2013/11/26 23:55:02 | 000,873,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2013/11/26 23:55:01 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2013/11/26 23:55:01 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013/11/26 23:55:01 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013/11/26 23:54:57 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2013/11/26 23:54:34 | 002,395,680 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2013/11/26 23:54:34 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2013/11/26 23:54:34 | 000,346,048 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2013/11/26 23:54:33 | 000,426,944 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2013/11/26 23:54:33 | 000,403,392 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2013/11/26 23:54:32 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2013/11/26 23:54:31 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2013/11/26 23:54:30 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2013/11/26 23:54:29 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2013/11/26 23:54:26 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2013/11/26 23:54:26 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2013/11/26 23:54:26 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2013/11/26 23:54:25 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2013/11/26 23:54:25 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2013/11/26 23:54:22 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2013/11/26 23:54:21 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2013/11/26 23:54:15 | 006,176,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2013/11/26 23:54:14 | 000,272,048 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2013/11/26 23:54:11 | 001,489,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2013/11/26 23:54:11 | 000,219,312 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2013/11/26 23:54:08 | 000,092,584 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2013/11/26 23:53:19 | 000,182,472 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2013/11/26 23:53:19 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2013/11/26 17:44:56 | 000,025,400 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013/11/26 17:44:50 | 000,036,152 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2013/11/26 17:42:39 | 000,036,664 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013/11/26 17:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
[2013/11/26 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2014
[2013/11/26 17:40:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/11/25 22:06:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\JLAdventCalendarAlpine2013
[2013/11/25 22:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\JL Alpine Advent Calendar 2013
[2013/11/25 09:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4
[2013/11/25 09:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities 4
[2013/11/24 23:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media
[2013/11/24 23:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2013/11/22 23:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2013/11/22 23:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foolish IT
[2013/11/22 17:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2013/11/20 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Garmin POI national trust
[2013/11/20 19:22:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Garmin
[2013/11/19 10:08:06 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/19 10:08:06 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/19 10:08:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/19 10:08:06 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/19 10:08:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/19 10:08:05 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/19 10:08:05 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/19 10:08:05 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/19 10:08:05 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/19 10:08:05 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/19 10:08:05 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/19 10:08:05 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/19 10:08:05 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/19 10:08:05 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/19 10:08:05 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/19 10:08:05 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/19 10:08:05 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/19 10:08:05 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/19 10:08:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/19 10:08:04 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/19 10:08:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/19 10:08:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/19 10:08:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/19 10:08:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/19 10:08:04 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/19 10:08:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/19 10:08:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/19 10:08:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/19 10:08:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/17 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\AVAST Software
[2013/11/17 21:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/17 21:53:53 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/17 21:53:50 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/17 21:53:50 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/17 21:53:49 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/17 21:53:48 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/17 21:53:47 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/17 21:53:33 | 000,269,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/17 21:53:18 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/13 09:23:45 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/13 09:23:44 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 09:23:34 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/13 09:23:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/13 09:23:25 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/13 09:23:25 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/10/31 12:53:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Steve\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/12/12 17:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2013/12/12 17:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/12 17:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/12 17:01:42 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2013/12/12 15:41:44 | 000,023,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/12 15:41:44 | 000,023,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/12 15:37:35 | 000,724,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/12 15:37:35 | 000,147,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/12 15:36:12 | 000,001,135 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar 2013.lnk
[2013/12/12 15:32:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/12 15:31:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/12 15:29:54 | 000,000,752 | ---- | M] () -- C:\Windows\WININIT.INI
[2013/12/12 09:29:35 | 000,727,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/10 23:06:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/10 23:06:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/10 11:41:48 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.1.lnk
[2013/12/09 19:16:20 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\MGADiag.exe
[2013/12/09 16:30:28 | 000,001,057 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\vso_ts_preview.xml
[2013/12/09 09:52:53 | 000,468,480 | ---- | M] () -- C:\Users\Steve\Desktop\CKScanner.exe
[2013/12/08 17:26:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2013/12/08 14:16:47 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2013/12/08 12:08:29 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Digital Home Support.lnk
[2013/12/07 23:40:47 | 000,001,989 | ---- | M] () -- C:\Users\Steve\Desktop\NISSAN Connect PC Tool.lnk
[2013/12/07 23:37:58 | 000,979,379 | ---- | M] () -- C:\Users\Steve\Desktop\Nissan-manual-gb.pdf
[2013/12/05 23:46:52 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/05 22:11:52 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 16:58:28 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/02 19:00:04 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/12/02 17:12:52 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2013/11/27 21:51:34 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/26 23:58:24 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2013/11/26 17:42:32 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2013/11/26 17:42:32 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
[2013/11/26 09:23:02 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/26 09:22:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/26 08:53:56 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/26 08:52:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/26 08:38:07 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/26 08:36:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/26 08:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/26 08:29:55 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/26 08:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/26 08:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/26 08:16:12 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/26 08:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/26 07:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/26 06:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/25 22:06:18 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\JL Alpine Advent Calendar 2013.lnk
[2013/11/25 09:50:09 | 000,001,028 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2013/11/24 10:03:19 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/23 18:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/22 23:22:02 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2013/11/19 10:08:06 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/19 10:08:06 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/19 10:08:06 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/19 10:08:06 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/19 10:08:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/19 10:08:05 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/19 10:08:05 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/19 10:08:05 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/19 10:08:05 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/19 10:08:05 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/19 10:08:05 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/19 10:08:05 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/19 10:08:05 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/19 10:08:05 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/19 10:08:05 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/19 10:08:05 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/19 10:08:05 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/19 10:08:05 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/19 10:08:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/19 10:08:05 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/19 10:08:04 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/19 10:08:04 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/19 10:08:04 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/19 10:08:04 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/19 10:08:04 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/19 10:08:04 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/19 10:08:04 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/19 10:08:03 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/19 10:08:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/19 10:08:03 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/17 21:54:19 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/17 21:53:19 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/17 21:53:19 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/17 21:53:19 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/17 21:53:19 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/17 21:53:18 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/17 21:53:18 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/17 21:53:18 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/17 21:53:18 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/17 21:53:18 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/17 21:53:18 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/17 21:50:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/16 00:37:21 | 000,000,000 | ---- | M] () -- C:\END

========== Files Created - No Company Name ==========

[2013/12/10 11:41:48 | 000,002,581 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.1.lnk
[2013/12/09 09:52:53 | 000,468,480 | ---- | C] () -- C:\Users\Steve\Desktop\CKScanner.exe
[2013/12/08 12:08:29 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Digital Home Support.lnk
[2013/12/07 23:40:47 | 000,001,989 | ---- | C] () -- C:\Users\Steve\Desktop\NISSAN Connect PC Tool.lnk
[2013/12/07 23:37:56 | 000,979,379 | ---- | C] () -- C:\Users\Steve\Desktop\Nissan-manual-gb.pdf
[2013/12/03 16:58:28 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/26 23:58:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/11/26 23:56:06 | 005,681,192 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013/11/26 23:55:53 | 000,681,905 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/11/26 23:53:20 | 000,502,584 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll
[2013/11/26 23:53:18 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll
[2013/11/26 17:42:32 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2013/11/26 17:42:32 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
[2013/11/26 17:42:31 | 000,002,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
[2013/11/25 22:06:53 | 000,001,135 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar 2013.lnk
[2013/11/25 22:06:18 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Alpine Advent Calendar 2013.lnk
[2013/11/25 22:06:18 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\JL Alpine Advent Calendar 2013.lnk
[2013/11/25 09:50:09 | 000,001,028 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2013/11/25 09:50:09 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk
[2013/11/25 09:50:03 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2013/11/22 23:22:02 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2013/11/19 10:08:05 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/17 21:54:19 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/17 21:53:51 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/17 21:53:50 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/16 00:37:21 | 000,000,000 | ---- | C] () -- C:\END
[2013/11/16 00:37:21 | 000,000,000 | ---- | C] () -- \END
[2013/08/24 23:30:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2013/05/27 18:21:04 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/15 17:20:27 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/11 22:31:57 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/06/18 23:24:00 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/06/18 23:24:00 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/06/18 23:24:00 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/06/18 23:24:00 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/06/18 23:24:00 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/02/05 16:30:04 | 000,000,020 | ---- | C] () -- C:\Users\Steve\defogger_reenable
[2010/12/25 14:31:29 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/25 15:43:27 | 000,000,600 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\winscp.rnd
[2010/10/21 19:26:24 | 000,000,550 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\prefsdb.dat
[2010/05/30 10:01:27 | 000,001,024 | ---- | C] () -- C:\Users\Steve\.rnd
[2010/04/17 20:12:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/14 16:56:10 | 000,000,026 | ---- | C] () -- \UpdaterforApp.ini
[2009/12/28 00:08:55 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/12/28 00:08:55 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009/10/31 13:04:54 | 000,001,057 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\vso_ts_preview.xml
[2009/10/31 12:53:18 | 000,087,608 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\inst.exe
[2009/10/31 12:53:18 | 000,007,887 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.cat
[2009/10/31 12:53:18 | 000,001,144 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.inf
[2009/10/31 07:37:03 | 000,000,009 | ---- | C] () -- \DVD.TAG
[2009/10/30 23:55:48 | 000,001,024 | ---- | C] () -- \.rnd
[2009/07/14 02:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 02:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/05/26 09:50:55 | 000,383,786 | RHS- | C] () -- \bootmgr
[2009/05/23 09:53:00 | 000,000,033 | ---- | C] () -- \_del.wtc
[2002/07/01 14:13:30 | 000,000,229 | -HS- | C] () -- C:\Users\Steve\AppData\Roaming\matrox_drv16.dat

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/28 08:09:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/04/28 08:09:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/04/17 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\.oit
[2013/08/21 22:33:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Absolute Uninstaller
[2011/02/12 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Aerohills
[2010/03/29 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Anabel
[2011/02/04 10:47:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AnvSoft
[2010/03/25 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Apowersoft
[2011/06/29 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Art2_
[2013/08/14 22:42:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ATViewer
[2013/11/17 22:01:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVAST Software
[2013/01/15 18:29:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\avidemux
[2010/10/11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Awem
[2012/06/01 13:58:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Bidgood Svcs
[2010/10/08 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Big Fish Games
[2010/01/18 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\blg
[2011/06/21 15:45:59 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Blue Tea Games
[2011/08/27 15:53:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Boolat Games
[2011/07/14 16:05:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BrokenHearts
[2013/06/28 23:35:42 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\calibre
[2011/05/27 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Camel101
[2012/12/29 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canon
[2010/02/18 16:23:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Cat's Eye Games
[2011/12/15 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CBS Interactive
[2013/07/03 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CheckPoint
[2010/02/12 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\com.adobe.ExMan
[2010/03/30 15:18:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/10 23:35:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\cryptlib
[2013/01/17 21:23:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2011/01/11 15:37:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dekovir
[2010/08/06 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DiskSpaceFan
[2010/09/03 15:19:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dragon Altar Games
[2013/02/06 23:38:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DVDVideoSoft
[2011/11/23 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EfrenStudios
[2011/03/17 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Elephant Games
[2011/05/09 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Enki Games
[2011/07/08 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ERS G-Studio
[2011/06/02 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ERS Game Studios
[2010/01/31 17:55:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EscapeTheMuseum2
[2012/11/07 23:15:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\eTeks
[2010/03/02 10:53:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Faerie Solitaire
[2010/10/25 15:08:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FileZilla
[2013/05/28 09:53:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FixCleaner
[2011/08/19 16:07:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Floodlight Games
[2010/10/06 12:09:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FlyWheelGames
[2010/09/29 16:00:59 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Foxit Software
[2010/04/24 15:29:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FreezeTag
[2010/02/04 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Friday's games
[2013/05/28 09:56:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FrostWire
[2010/01/15 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\funkitron
[2011/02/27 11:51:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Game Mill Entertainment
[2009/11/06 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GameInvest
[2010/12/29 15:58:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GameMill Entertainment
[2009/11/11 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Games
[2011/05/27 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GarageGames
[2013/05/12 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GARMIN
[2011/06/13 15:52:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GestaltGames
[2012/04/21 23:32:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GetRightToGo
[2013/11/25 09:50:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GlarySoft
[2010/02/11 21:32:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GlobalSCAPE
[2010/03/23 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GloomBeacon
[2012/01/27 21:11:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Gogii
[2011/03/04 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Gogii Games
[2010/01/15 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Gold Casual Games
[2010/08/07 14:35:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Green Clover Games
[2012/06/20 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HandBrake
[2011/11/25 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Happy Muffin Top
[2011/02/15 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HdO Adventure
[2012/03/03 00:34:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IGC
[2010/09/06 22:26:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\iMaxGen
[2009/12/26 15:17:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IObit
[2009/12/02 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Island
[2011/09/09 14:38:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Jetdogs Studios
[2013/11/26 09:17:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\JLAdventCalendarAlpine2013
[2011/09/03 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\JodieDrake
[2010/08/01 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\KranX Productions
[2010/10/09 15:48:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LaJangada
[2011/08/27 13:53:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2010/11/18 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LegacyInteractive
[2013/12/10 11:46:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LibreOffice
[2010/12/14 15:28:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Little Worlds Online
[2011/03/07 11:51:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LogSys
[2011/07/05 15:16:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ludia
[2010/01/10 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MA
[2010/07/29 17:32:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Magic3
[2011/09/03 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MagicMatch
[2013/01/13 00:33:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MAGIX
[2010/11/04 17:07:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MAI
[2010/07/10 10:26:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mariaglorum
[2010/12/14 15:37:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MasterThief
[2011/11/25 00:28:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MediaMonkey
[2013/04/03 22:25:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\mention
[2011/06/29 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Meridian93
[2010/08/16 10:17:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Merscom
[2009/12/21 00:11:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MP3toiPodAudioBookConverter
[2010/08/13 08:52:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mutant Arcade
[2010/11/10 17:01:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mystery of Mortlake Mansion
[2010/03/13 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MysteryStudio
[2011/07/17 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Namco
[2010/11/10 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NexusFile
[2013/01/17 16:30:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\No Company Name
[2012/08/16 22:42:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nokia
[2010/09/25 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nokia Ovi Suite
[2012/08/16 22:42:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nokia Suite
[2011/01/11 14:56:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nolo
[2010/04/17 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nuance
[2011/02/13 15:12:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Old Castle
[2013/05/16 23:28:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Opera
[2011/08/13 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Orneon
[2012/12/09 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Panasonic
[2010/09/25 22:32:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PC Suite
[2010/10/21 19:26:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\perfect future studio
[2011/01/16 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Phantasmat_bf_ce1
[2013/05/07 23:25:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\player
[2011/07/05 15:24:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PlayFirst
[2010/04/04 16:06:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Playrix Entertainment
[2010/10/09 15:58:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PoBros
[2010/01/15 16:13:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Princess Isabella
[2012/06/25 14:46:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Radialpoint
[2010/04/20 09:23:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\S300-S400 Series
[2010/01/18 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Salehoo
[2011/09/03 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Saqqarah
[2013/10/14 23:00:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Search Protection
[2012/11/22 09:53:20 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SecondLife
[2013/01/15 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Serif
[2010/11/08 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ShinyTales
[2010/08/29 09:49:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sierra
[2010/07/24 15:52:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Silverback Productions
[2010/04/30 16:40:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Simple Star
[2010/07/13 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Skunk Studios
[2011/09/03 15:29:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sleepwalker Games
[2011/04/14 11:23:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SMA
[2011/03/01 15:33:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Songbird2
[2010/08/19 10:38:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Specialbit
[2012/12/31 11:08:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Speckie
[2010/12/31 00:30:21 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SpinTop
[2011/09/03 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\StoneLoops!
[2010/03/22 23:25:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SulusGames
[2010/08/30 15:40:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TheFixerUpper
[2010/02/11 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Thinstall
[2010/04/19 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Thunderbird
[2011/02/17 17:10:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TikisLab
[2011/10/02 08:36:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\tinySpell
[2009/12/13 23:43:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TomTom
[2010/11/02 17:43:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Top Evidence
[2010/07/25 16:36:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Total Eclipse
[2011/01/23 20:32:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2013/11/26 17:42:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TuneUp Software
[2012/06/20 22:29:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TuneUpMedia
[2009/11/22 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\UBitMenu
[2011/05/17 10:10:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ulead Systems
[2009/11/01 21:37:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\URSoft
[2013/12/08 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2009/12/06 16:24:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\V-Games
[2010/10/28 16:04:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Valusoft
[2012/02/02 20:15:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Virgin Media
[2009/12/25 00:01:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Virtual City
[2010/10/26 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Virtual Prophecy
[2010/09/30 19:10:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vogat Interactive
[2013/12/09 16:30:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vso
[2011/02/01 11:18:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WhiteBirdsProductions
[2010/03/20 16:52:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinAVI
[2010/10/20 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer
[2010/04/22 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinPatrol
[2011/01/01 17:29:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\World-LooM
[2012/09/06 23:34:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\YoWindow
[2010/04/17 19:58:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Zeon
[2012/01/31 22:14:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\{{userdatapath.company}}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2398E95B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DB2748F7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:905BCB57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E21433CE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E6BEADB7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:91E29860
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:75798D9A

< End of report >
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 12th, 2013, 5:52 pm

extras.

OTL Extras logfile created on: 12/12/2013 17:09:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 52.67% Memory free
6.50 Gb Paging File | 4.53 Gb Available in Paging File | 69.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390.78 Gb Total Space | 199.15 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive D: | 196.39 Gb Total Space | 121.93 Gb Free Space | 62.09% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 35.84 Gb Free Space | 15.39% Space Free | Partition Type: NTFS
Drive N: | 232.88 Gb Total Space | 158.40 Gb Free Space | 68.02% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056480AC-D4D6-441C-8CCD-469E51DB3771}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12460466-3400-4BDC-B363-DF8DDAD67F3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52F3BD15-89F2-41B7-A765-2E2168E4F37C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{55058E8F-B34C-4E35-AE52-9A6F5DEEC317}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5ED25410-947A-4296-BEFF-2797447F84B2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EDD5C34-6D98-4A53-BFBE-B4A64DAEED6D}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{6401CEC9-C1FA-4931-93B8-BAAFA75E8C95}" = rport=139 | protocol=6 | dir=out | app=system |
"{65CBB4BB-D837-4200-BE29-C5FD11D21C84}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E9C3135-CFDA-4900-96DB-38CEE44132C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77687ECF-7400-471B-BA2B-F5E26D4456AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E3070DB-7207-4F88-A725-6E40C9C1A215}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9244DEB6-D3EA-4BFF-B9BA-47B864C653F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{97349405-E679-4191-AB63-D8952CDDB947}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5A85412-DA99-4422-885B-27EC5DE46837}" = lport=138 | protocol=17 | dir=in | app=system |
"{ABEDCA1A-91BF-4ABB-9C68-C875F2A9343F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AE2A005C-0B1D-47B5-A0C3-CC865C9CE087}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AFD78DBD-420F-4BC3-BE3E-A45EF9E5B9BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C2412D89-1666-4463-84F7-FB8DAAC48381}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C7071CDB-E6BC-4332-8735-F7978791D672}" = rport=445 | protocol=6 | dir=out | app=system |
"{C83CF178-326D-477C-BCD2-7CF0124ABA3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8F2A2ED-46EE-4F20-9624-1F804D883498}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC723F2E-80B6-4C5F-97A1-2A0D972D0D3E}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBF0BB9D-66C6-41D9-A5BF-D029140E36CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA67A9DC-2B2F-48AA-A881-DA0B772F6A79}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{EC3C852E-B718-4271-B521-633AEED28208}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F21F6118-5D21-437E-92C0-0E65A2824B6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5FFFC22-D464-444D-BEDC-243F19070232}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9A5F8F6-1DCA-4A4F-AC2A-AFFE5D472728}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FA1B0ED7-1FA4-43D6-A19E-81466DAA4A5B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FE9460F1-EC93-4C82-AEFC-722939BA8A1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0753C980-DC31-4D05-831B-5D205ECBFFA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D0FE540-3106-429D-BEAB-8146006C2174}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1760BEBC-F33E-4DE5-A989-1DE822BEA1BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe |
"{2F66441B-3028-4F38-8A6A-8D9FDB703CAF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{3507D21E-C3D5-4114-A5A1-48606A71F98D}" = dir=in | app=c:\users\steve\appdata\local\microsoft\skydrive\skydrive.exe |
"{38FC2A8A-ECEE-495E-B924-A31E93790747}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{393A136F-03A8-4D87-90AC-DFD9605772DF}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{3AB40045-A3C3-4BE8-9EDE-5223D64DA499}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3E736B7B-7803-4073-8372-57040B51F228}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41039609-4378-4732-B724-94284FE20B1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47F54F60-401A-49A8-B3F5-E9E69EFC38EE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4A559AB4-5E01-4D83-A471-D7E86F5B553C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5040CC4A-0C1A-4D6C-BB76-785C8DB83491}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5263C752-DCE4-4F67-A20F-52720B603171}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69E8B279-5C7C-4FC3-9CAF-65C1776168E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A7C5341-6233-4477-9B38-BE90C7FB0867}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7B71E2BD-1054-452F-8238-8FB27A6E4D2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D0C2330-A2AE-4680-AD67-41F97DDE7AFA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{80B4CF34-42A6-47A0-8B6B-8E13923F517F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8223817F-ED5C-42F1-8B92-E75127B04E28}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{9E21BCEC-253A-438A-AE9F-C324020653F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E2C7BD4-0E6C-4AE1-AD1A-988ADF82A7CE}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{A623067F-205C-45AB-836F-6BE783141A15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A720B73B-D71C-4200-A50A-35315AE1D5EA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe |
"{B528F003-49BB-48A0-A3EE-4D6400010F9A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B770E3A2-05D5-40FF-AFAF-8AEFF75E347F}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{BE855E21-DD8E-4F87-A98B-AC23660625F4}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{C3369B74-B732-4D25-899B-BCF4A034081F}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{C67BE008-A7BC-40DE-AE8C-FB4C863FBC3C}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{CC50DC5F-1E9B-47A8-83EB-E581373A2972}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CCA946E3-ED93-4501-A9CC-8C8B29C617F1}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{D18F955F-AE19-4449-AC45-34092BE815A4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DD24AA90-1FB2-41CA-937F-9B7B7508DB64}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{DE8E838A-3863-4BF3-ACAA-E05DA608A974}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E01D62A6-F863-438E-B60B-C55F13CBE780}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E55AD9A4-0487-48D7-AFE5-1D12F404C186}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EA06FAD1-0FAC-4614-B77C-DA8DA77C9F08}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{EC56B29E-121E-4F2B-AFF6-8BFED1BF3C2C}" = protocol=6 | dir=out | app=system |
"{FEC60D6A-5A47-4843-BA97-0EFDE20CA573}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{1B9572FF-9807-4462-AF9F-BE86E7F7C2FF}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |
"TCP Query User{6A9E2347-66E3-4CB3-82C2-47FD4ED54C6C}C:\program files\sma\sunny explorer\sunnyexplorer.exe" = protocol=6 | dir=in | app=c:\program files\sma\sunny explorer\sunnyexplorer.exe |
"TCP Query User{8407B6CD-5401-47FB-A7D5-E2081AD4A9C5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{06372CA8-1D29-4949-9250-006C294F90FC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5D6A0477-460C-4E74-949C-4DF044745769}C:\program files\sma\sunny explorer\sunnyexplorer.exe" = protocol=17 | dir=in | app=c:\program files\sma\sunny explorer\sunnyexplorer.exe |
"UDP Query User{D4146E11-360B-4D59-B794-4AD38595B380}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{032A13FF-D26D-4844-9597-7EF698627985}" = Garmin Communicator Plugin
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14C8CE46-C68C-461B-BCA9-E276A85851C6}" = TuneUp Utilities 2014 (en-US)
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16C65FAB-A00A-4372-838C-759646710519}" = Logitech Harmony Remote
"{1805BD6D-C441-4A1C-802D-AFF0232DAACD}" = A-Men Technologies USB-to-Serial
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1ce01891-839b-4ad1-b629-2e608ba0c6ba}" = Adblock Plus for IE
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EONENERGYFIT)
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AB18A98-082D-41A1-B269-7FA8AD3AA30C}" = Garmin Express Tray
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4653FE0D-2762-41B6-A757-8C4F00B790C3}" = Adblock Plus for IE (32-bit)
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}" = LibreOffice 4.1.3.2
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.2.6
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CA74EDC-CFC3-4FA0-AED7-1415CA19F250}" = Garmin POI Loader
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5E31A5FD-EE7F-4E2C-B74F-DF93B6B3AF46}" = LibreOffice 4.1 Help Pack (English (United Kingdom))
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6f60b921-2ae3-43fe-a6fb-ad849bd91451}" = Garmin Express
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7C15DE71-ADA4-4B10-9F83-C9BF5E86B3BA}" = RAMA
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E052F74-10A7-42E7-84EB-01C172F5AB5D}" = SlimDrivers
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{850A14FC-F410-47F7-94E4-38F4D3F270D4}" = DriverUpdate
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AD7B42A-01A4-44EA-98FA-4437712168FC}" = calibre
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9F0C8CCB-53C7-4E86-B106-15517D35CE14}" = Sunny Explorer
"{A053FEDE-4A1A-4628-B178-F6D3D0B6CFCC}" = Speckie
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1EC58E-B2AC-4959-A4C2-C38202A25239}" = Garmin WebUpdater
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B3931BE3-3189-4A07-833C-50527AC4F2F4}" = Garmin Express
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7DCFAFF-D984-4A8A-96DC-A55869C37103}" = System Recovery
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF286606-9E68-472C-BAEA-41162F2BF4D1}" = Windows Live Family Safety
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C21DB59E-3130-43E2-88C6-BE7451D44A52}" = SlimCleaner
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4252591-969D-D1F8-7CD0-8112A0D9B2BB}" = Jacquie Lawson Alpine Advent Calendar 2013
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}" = Microsoft AutoRoute 2010
"{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}" = Microsoft Streets & Trips 2013
"{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1" = UBitMenu UK
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}" = Windows Live MIME IFilter
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}" = Huge Pine USB to UART Driver
"{F0A18904-452A-4188-8259-58BA54D0D79B}" = Internet Explorer Member Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E9C364-0DFD-434B-AF0D-3F5D095B3F8F}" = Elevated Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AI RoboForm" = RoboForm 7-6-4 (All Users)
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip 8.51
"Avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AXIS Media Control SDK_is1" = AXIS Media Control 6.0.3 Redist
"Bejeweled 31.0.8.6128" = Bejeweled 3
"Big City Adventure - London Story1.0" = Big City Adventure - London Story
"Bookworm Deluxe_is1" = Bookworm Deluxe
"Canon MG3100 series User Registration" = Canon MG3100 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.13.7.7
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DVD Identifier_is1" = DVD Identifier
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FileHippo.com" = FileHippo.com Update Checker
"Flash Movie Player" = Flash Movie Player 1.5
"Glary Utilities 4" = Glary Utilities PRO 4.0
"Google Chrome" = Google Chrome
"iLyrics" = iTunes Lyrics Importer
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Jewel Quest Heritage 1.00" = Jewel Quest Heritage 1.00
"Jigsaw Puzzle Platinum" = Jigsaw Puzzle Platinum
"JLAdventCalendarAlpine2013" = Jacquie Lawson Alpine Advent Calendar 2013
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.5 (Full)
"Logitech Unifying" = Logitech Unifying Software 2.10
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MarkAble2_is1" = MarkAble 2.2.8
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NISSAN Connect PC Tool" = NISSAN Connect PC Tool
"Nokia Suite" = Nokia Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.16.1860" = Opera 12.16
"Picasa 3" = Picasa 3
"Picture Resize_is1" = Free Picture Resize Starter 4.5
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.23
"Rapport_msi" = Trusteer Endpoint Protection
"Recuva" = Recuva
"SolarApp" = Logitech Solar App 1.0
"sp6" = Logitech SetPoint 6.60
"SpeedFan" = SpeedFan (remove only)
"TuneUp Utilities" = TuneUp Utilities 2014
"TweakUAC_is1" = TweakUAC
"UndeleteMyFiles Pro_is1" = UndeleteMyFiles Pro
"Universal Viewer Free_is1" = Universal Viewer Free version 5.7.3.0
"Update Detector" = Update Detector 1.10.0.30
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"xplorer2l" = xplorer² lite 32 bit
"YU2010_is1" = Your Uninstaller! 7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-675794104-3854591097-1926455036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2013 15:26:26 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 11/12/2013 15:26:27 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2013 15:26:27 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997

Error - 11/12/2013 15:26:27 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997

Error - 11/12/2013 15:26:28 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2013 15:26:28 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2996

Error - 11/12/2013 15:26:28 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2996

Error - 12/12/2013 05:32:05 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2013 07:01:51 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2013 08:33:17 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2013 11:33:45 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/12/2013 15:19:19 | Computer Name = Steve-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/12/2013 17:55:58 | Computer Name = Steve-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/12/2013 07:00:11 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
Core Update Service service to connect.

Error - 12/12/2013 07:00:11 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7000
Description = The Garmin Core Update Service service failed to start due to the
following error: %%1053

Error - 12/12/2013 07:00:59 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 12/12/2013 07:00:59 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 12/12/2013 07:01:31 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Updating Service service to connect.

Error - 12/12/2013 07:01:31 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error: %%1053

Error - 12/12/2013 11:32:42 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
Core Update Service service to connect.

Error - 12/12/2013 11:32:42 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7000
Description = The Garmin Core Update Service service failed to start due to the
following error: %%1053


< End of report >
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth

Re: Missing favourites in IE and trojan found

Unread postby steveqae » December 12th, 2013, 5:55 pm

TDSSKiller

17:02:21.0583 0x1c94 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
17:02:39.0954 0x1c94 ============================================================
17:02:39.0954 0x1c94 Current date / time: 2013/12/12 17:02:39.0954
17:02:39.0954 0x1c94 SystemInfo:
17:02:39.0954 0x1c94
17:02:39.0954 0x1c94 OS Version: 6.1.7601 ServicePack: 1.0
17:02:39.0954 0x1c94 Product type: Workstation
17:02:39.0955 0x1c94 ComputerName: STEVE-PC
17:02:39.0955 0x1c94 UserName: Steve
17:02:39.0955 0x1c94 Windows directory: C:\Windows
17:02:39.0955 0x1c94 System windows directory: C:\Windows
17:02:39.0955 0x1c94 Processor architecture: Intel x86
17:02:39.0955 0x1c94 Number of processors: 4
17:02:39.0955 0x1c94 Page size: 0x1000
17:02:39.0955 0x1c94 Boot type: Normal boot
17:02:39.0955 0x1c94 ============================================================
17:02:41.0265 0x1c94 KLMD registered as C:\Windows\system32\drivers\47536555.sys
17:02:41.0427 0x1c94 System UUID: {10CDEDFC-9702-DAC0-EF5D-144EE9AC44D3}
17:02:42.0144 0x1c94 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:02:42.0153 0x1c94 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:02:42.0186 0x1c94 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:02:42.0323 0x1c94 ============================================================
17:02:42.0323 0x1c94 \Device\Harddisk0\DR0:
17:02:42.0323 0x1c94 MBR partitions:
17:02:42.0323 0x1c94 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1200800, BlocksNum 0x30D8F000
17:02:42.0323 0x1c94 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x31F8F800, BlocksNum 0x188C8000
17:02:42.0323 0x1c94 \Device\Harddisk1\DR1:
17:02:42.0332 0x1c94 MBR partitions:
17:02:42.0332 0x1c94 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:02:42.0332 0x1c94 \Device\Harddisk2\DR2:
17:02:42.0332 0x1c94 MBR partitions:
17:02:42.0332 0x1c94 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:02:42.0333 0x1c94 ============================================================
17:02:42.0377 0x1c94 C: <-> \Device\Harddisk0\DR0\Partition1
17:02:42.0420 0x1c94 D: <-> \Device\Harddisk0\DR0\Partition2
17:02:42.0438 0x1c94 E: <-> \Device\Harddisk1\DR1\Partition1
17:02:42.0506 0x1c94 N: <-> \Device\Harddisk2\DR2\Partition1
17:02:42.0506 0x1c94 ============================================================
17:02:42.0506 0x1c94 Initialize success
17:02:42.0506 0x1c94 ============================================================
17:02:54.0075 0x17e0 ============================================================
17:02:54.0075 0x17e0 Scan started
17:02:54.0075 0x17e0 Mode: Manual;
17:02:54.0075 0x17e0 ============================================================
17:02:54.0075 0x17e0 KSN ping started
17:02:56.0792 0x17e0 KSN ping finished: true
17:02:57.0748 0x17e0 ================ Scan system memory ========================
17:02:57.0748 0x17e0 System memory - ok
17:02:57.0748 0x17e0 ================ Scan services =============================
17:02:57.0805 0x17e0 [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:02:57.0809 0x17e0 !SASCORE - ok
17:02:57.0954 0x17e0 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:02:57.0958 0x17e0 1394ohci - ok
17:02:58.0036 0x17e0 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:02:58.0039 0x17e0 ACDaemon - ok
17:02:58.0057 0x17e0 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:02:58.0074 0x17e0 ACPI - ok
17:02:58.0092 0x17e0 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:02:58.0094 0x17e0 AcpiPmi - ok
17:02:58.0170 0x17e0 [ C245E08EC469A52A622EFDC9787A0DCC, 378EFDFA1CC133123464F820805212ED73264EFD78511F1A0DDC8DCEEC176759 ] AdobeActiveFileMonitor10.0 C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
17:02:58.0175 0x17e0 AdobeActiveFileMonitor10.0 - ok
17:02:58.0226 0x17e0 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:02:58.0228 0x17e0 AdobeARMservice - ok
17:02:58.0293 0x17e0 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:02:58.0299 0x17e0 AdobeFlashPlayerUpdateSvc - ok
17:02:58.0335 0x17e0 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:02:58.0352 0x17e0 adp94xx - ok
17:02:58.0375 0x17e0 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:02:58.0392 0x17e0 adpahci - ok
17:02:58.0408 0x17e0 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:02:58.0413 0x17e0 adpu320 - ok
17:02:58.0443 0x17e0 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:02:58.0445 0x17e0 AeLookupSvc - ok
17:02:58.0476 0x17e0 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc C:\Windows\system32\drivers\Afc.sys
17:02:58.0478 0x17e0 Afc - ok
17:02:58.0510 0x17e0 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
17:02:58.0518 0x17e0 AFD - ok
17:02:58.0544 0x17e0 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:02:58.0546 0x17e0 agp440 - ok
17:02:58.0579 0x17e0 [ FBE4016F9EF3AB3DB547E40A936B6CD9, 59B3C18382B6079C83FA9EE31E56D6987A701E46FAA7865BE619C2F8ECB889D3 ] ahcix86s C:\Windows\system32\drivers\ahcix86s.sys
17:02:58.0584 0x17e0 ahcix86s - ok
17:02:58.0596 0x17e0 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:02:58.0598 0x17e0 aic78xx - ok
17:02:58.0614 0x17e0 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
17:02:58.0616 0x17e0 ALG - ok
17:02:58.0638 0x17e0 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
17:02:58.0639 0x17e0 aliide - ok
17:02:58.0655 0x17e0 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:02:58.0657 0x17e0 amdagp - ok
17:02:58.0677 0x17e0 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
17:02:58.0679 0x17e0 amdide - ok
17:02:58.0693 0x17e0 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:02:58.0696 0x17e0 AmdK8 - ok
17:02:58.0707 0x17e0 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:02:58.0709 0x17e0 AmdPPM - ok
17:02:58.0734 0x17e0 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:02:58.0737 0x17e0 amdsata - ok
17:02:58.0757 0x17e0 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:02:58.0762 0x17e0 amdsbs - ok
17:02:58.0773 0x17e0 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:02:58.0775 0x17e0 amdxata - ok
17:02:58.0797 0x17e0 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
17:02:58.0799 0x17e0 AppID - ok
17:02:58.0808 0x17e0 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:02:58.0810 0x17e0 AppIDSvc - ok
17:02:58.0838 0x17e0 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
17:02:58.0840 0x17e0 Appinfo - ok
17:02:58.0925 0x17e0 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:02:58.0928 0x17e0 Apple Mobile Device - ok
17:02:58.0946 0x17e0 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:02:58.0949 0x17e0 arc - ok
17:02:58.0969 0x17e0 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:02:58.0972 0x17e0 arcsas - ok
17:02:59.0047 0x17e0 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:02:59.0049 0x17e0 aspnet_state - ok
17:02:59.0089 0x17e0 [ 74202D5A696A412733B387BD18400E4C, 8E85AF6EC5E5E45E9D5AB781D812B480E4242B2B2D8607270FB175E24FD0A0D9 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:02:59.0090 0x17e0 aswFsBlk - ok
17:02:59.0104 0x17e0 [ AA3397F034871DE76A74585774029580, 166635E38E062856F8453A1E3EC253AD4A11B2D43CBE8EDB0191EC1AEC498F68 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:02:59.0106 0x17e0 aswMonFlt - ok
17:02:59.0138 0x17e0 [ 2206985EF126AB90F3D7F1A020589DC9, F9BAA1E5B087977A113B9F46C3F6C9E41D36D87DBCF5BA4632FE1BD6099E6424 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
17:02:59.0140 0x17e0 aswRdr - ok
17:02:59.0213 0x17e0 [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
17:02:59.0239 0x17e0 aswRvrt - ok
17:02:59.0293 0x17e0 [ BB27A67D7F465D2720D74B5223DD91E4, 41B06E71477F85908F926A3C80324AAF5D014B61B29073720A6E2D90190D0B82 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:02:59.0310 0x17e0 aswSnx - ok
17:02:59.0334 0x17e0 [ 259E864BFB9268CD7CEFA5849A3B374B, EF1BE2581A53A6FCCE64ECE63AF2CF3D84592D472694102FD147ADE57C0F4697 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:02:59.0344 0x17e0 aswSP - ok
17:02:59.0375 0x17e0 [ AB499F3325E62E157F8E8302065B1B30, 512D6C7324815F8589F8647199373102613810DB33C1FD1379E339F2BAA18F46 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:02:59.0377 0x17e0 aswTdi - ok
17:02:59.0397 0x17e0 [ BADA8FD627F1D0E22308211C33F0BDB5, F88751280969B8963DCFC684C99C7CCF396B50FD0AC0F869628A009557438609 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
17:02:59.0405 0x17e0 aswVmm - ok
17:02:59.0417 0x17e0 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:59.0419 0x17e0 AsyncMac - ok
17:02:59.0448 0x17e0 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
17:02:59.0449 0x17e0 atapi - ok
17:02:59.0490 0x17e0 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:02:59.0500 0x17e0 AudioEndpointBuilder - ok
17:02:59.0531 0x17e0 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:02:59.0542 0x17e0 Audiosrv - ok
17:02:59.0596 0x17e0 [ 4D41D30E2FAB3307967C7A0B045DC874, 620482D08544478862C78285E17DEE9BC3466DF8B62BD502B0C17AE6501D2B5E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:02:59.0598 0x17e0 avast! Antivirus - ok
17:02:59.0645 0x17e0 [ 311C5A8D894563CD2712CD297A34FAFB, 6E001F1D5BE331E991ACA1823B385B58D558301B2A0AF3BDC99131130B5B5AFD ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
17:02:59.0646 0x17e0 avgtp - ok
17:02:59.0675 0x17e0 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:02:59.0679 0x17e0 AxInstSV - ok
17:02:59.0718 0x17e0 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:02:59.0736 0x17e0 b06bdrv - ok
17:02:59.0762 0x17e0 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:02:59.0779 0x17e0 b57nd60x - ok
17:02:59.0825 0x17e0 [ 8777206E69B0557608BDFCAEB91337BC, EE8D6E3899A088C6BF7C2F3489E23265D84AD8915042B77A41C0F0162C164805 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
17:02:59.0842 0x17e0 bcbtums - ok
17:02:59.0941 0x17e0 [ 9B7D60D8F30F86826B600162FC5152CC, BB20F8864968274FEC7439D64F94B5B6F04444174495B39A4FAE814973421473 ] BcmBtRSupport C:\Windows\system32\BtwRSupportService.exe
17:02:59.0979 0x17e0 BcmBtRSupport - ok
17:03:00.0010 0x17e0 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
17:03:00.0014 0x17e0 BDESVC - ok
17:03:00.0029 0x17e0 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
17:03:00.0031 0x17e0 Beep - ok
17:03:00.0071 0x17e0 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
17:03:00.0082 0x17e0 BFE - ok
17:03:00.0114 0x17e0 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
17:03:00.0131 0x17e0 BITS - ok
17:03:00.0144 0x17e0 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:03:00.0147 0x17e0 blbdrive - ok
17:03:00.0224 0x17e0 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:03:00.0233 0x17e0 Bonjour Service - ok
17:03:00.0297 0x17e0 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:03:00.0300 0x17e0 bowser - ok
17:03:00.0308 0x17e0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:03:00.0311 0x17e0 BrFiltLo - ok
17:03:00.0321 0x17e0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:03:00.0323 0x17e0 BrFiltUp - ok
17:03:00.0348 0x17e0 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
17:03:00.0352 0x17e0 Browser - ok
17:03:00.0370 0x17e0 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:03:00.0386 0x17e0 Brserid - ok
17:03:00.0398 0x17e0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:03:00.0400 0x17e0 BrSerWdm - ok
17:03:00.0410 0x17e0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:03:00.0412 0x17e0 BrUsbMdm - ok
17:03:00.0418 0x17e0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:03:00.0420 0x17e0 BrUsbSer - ok
17:03:00.0451 0x17e0 [ DB99076533FFB38CBEC8AC88E4535850, 632C21EF7A587A6FA27A3604B1F5D4A01F47B46007F7FD4A2A464534288FBE8A ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
17:03:00.0454 0x17e0 BthAvrcp - ok
17:03:00.0481 0x17e0 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:03:00.0483 0x17e0 BthEnum - ok
17:03:00.0497 0x17e0 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:03:00.0500 0x17e0 BTHMODEM - ok
17:03:00.0528 0x17e0 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:03:00.0531 0x17e0 BthPan - ok
17:03:00.0564 0x17e0 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:03:00.0581 0x17e0 BTHPORT - ok
17:03:00.0601 0x17e0 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
17:03:00.0603 0x17e0 bthserv - ok
17:03:00.0620 0x17e0 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:03:00.0623 0x17e0 BTHUSB - ok
17:03:00.0675 0x17e0 [ F549C3FB145A4928E40BB1518B2034DC, FAD5B228B43FEC582DBDD91903216C1B170AC3C426E1F3420985988559F2AC49 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
17:03:00.0678 0x17e0 btusbflt - ok
17:03:00.0724 0x17e0 [ 40CC43B70F7B9D386BFA13A3E231A567, 1E0C13889767C40E4939042978D090CA67519D39F659992241CAC90E7AF95666 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
17:03:00.0729 0x17e0 btwampfl - ok
17:03:00.0773 0x17e0 [ CF8799A563F734984D4E053CACEC1426, F41824AAB4F1D77B9CFB2E2DD4715C219F924B94CA5272D03E202ED960B76DE5 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:03:00.0776 0x17e0 btwaudio - ok
17:03:00.0813 0x17e0 [ 9ED9932043D599AEA04F6EA2D86964A1, A57A3617B16A5FD9853555C1F042537A63BEC44797615E9A8D84D733C4B464D0 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
17:03:00.0817 0x17e0 btwavdt - ok
17:03:00.0888 0x17e0 [ 110496CF8143FEA63B7A31DAD175829B, 405EB5939572AB33C48F5BF594E051C890668762A7D6E7F8AA9C62C18E65FB0E ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:03:00.0903 0x17e0 btwdins - ok
17:03:00.0935 0x17e0 [ DE53089F0678CB5F0AFEB867ACB0FB05, 62AE8B22A96B8D22A5A843C855956423BF2281339C2D921A4650F318D6AEA783 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:03:00.0937 0x17e0 btwl2cap - ok
17:03:00.0960 0x17e0 [ 373D1BB0F7DC8F1931F9B7E0DE3E9A30, E45F7980182B2EC515E2219CDBAFAC2DEA44B4791770B9E8B5BDAACC55583BA1 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:03:00.0962 0x17e0 btwrchid - ok
17:03:00.0974 0x17e0 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:03:00.0977 0x17e0 cdfs - ok
17:03:01.0005 0x17e0 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:03:01.0009 0x17e0 cdrom - ok
17:03:01.0031 0x17e0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
17:03:01.0034 0x17e0 CertPropSvc - ok
17:03:01.0061 0x17e0 [ A3E467EF4A30CCF8AE674AC879CC56FE, 0F74725EF943F940114762558D2AB9BD16E35D38228DCC59F68DEBADC1EAB3B1 ] CH341SER C:\Windows\system32\Drivers\CH341SER.SYS
17:03:01.0063 0x17e0 CH341SER - ok
17:03:01.0087 0x17e0 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:03:01.0089 0x17e0 circlass - ok
17:03:01.0119 0x17e0 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
17:03:01.0126 0x17e0 CLFS - ok
17:03:01.0171 0x17e0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:03:01.0174 0x17e0 clr_optimization_v2.0.50727_32 - ok
17:03:01.0200 0x17e0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:03:01.0204 0x17e0 clr_optimization_v4.0.30319_32 - ok
17:03:01.0212 0x17e0 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:03:01.0213 0x17e0 CmBatt - ok
17:03:01.0238 0x17e0 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:03:01.0239 0x17e0 cmdide - ok
17:03:01.0271 0x17e0 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
17:03:01.0281 0x17e0 CNG - ok
17:03:01.0288 0x17e0 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:03:01.0290 0x17e0 Compbatt - ok
17:03:01.0300 0x17e0 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:03:01.0303 0x17e0 CompositeBus - ok
17:03:01.0308 0x17e0 COMSysApp - ok
17:03:01.0326 0x17e0 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:03:01.0328 0x17e0 crcdisk - ok
17:03:01.0353 0x17e0 Crypkey License - ok
17:03:01.0394 0x17e0 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:03:01.0399 0x17e0 CryptSvc - ok
17:03:01.0443 0x17e0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
17:03:01.0456 0x17e0 DcomLaunch - ok
17:03:01.0489 0x17e0 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
17:03:01.0506 0x17e0 defragsvc - ok
17:03:01.0538 0x17e0 devlower - ok
17:03:01.0586 0x17e0 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:03:01.0589 0x17e0 DfsC - ok
17:03:01.0621 0x17e0 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:03:01.0628 0x17e0 Dhcp - ok
17:03:01.0645 0x17e0 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
17:03:01.0647 0x17e0 discache - ok
17:03:01.0672 0x17e0 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:03:01.0675 0x17e0 Disk - ok
17:03:01.0719 0x17e0 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:03:01.0724 0x17e0 Dnscache - ok
17:03:01.0754 0x17e0 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
17:03:01.0771 0x17e0 dot3svc - ok
17:03:01.0807 0x17e0 [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:03:01.0811 0x17e0 Dot4 - ok
17:03:01.0851 0x17e0 [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
17:03:01.0853 0x17e0 Dot4Print - ok
17:03:01.0866 0x17e0 [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:03:01.0868 0x17e0 dot4usb - ok
17:03:01.0892 0x17e0 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
17:03:01.0898 0x17e0 DPS - ok
17:03:01.0927 0x17e0 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:03:01.0928 0x17e0 drmkaud - ok
17:03:01.0998 0x17e0 [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:03:02.0005 0x17e0 dtsoftbus01 - ok
17:03:02.0050 0x17e0 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:03:02.0077 0x17e0 DXGKrnl - ok
17:03:02.0101 0x17e0 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
17:03:02.0106 0x17e0 EapHost - ok
17:03:02.0221 0x17e0 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:03:02.0313 0x17e0 ebdrv - ok
17:03:02.0341 0x17e0 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS C:\Windows\System32\lsass.exe
17:03:02.0346 0x17e0 EFS - ok
17:03:02.0408 0x17e0 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:03:02.0419 0x17e0 ehRecvr - ok
17:03:02.0449 0x17e0 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
17:03:02.0452 0x17e0 ehSched - ok
17:03:02.0476 0x17e0 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:03:02.0494 0x17e0 elxstor - ok
17:03:02.0531 0x17e0 [ 539CA34FBC74EC366A0D751028C32A08, 5A52964970564D363B9D676A182892B3CE61B3A1BAA67BEF59DFA29F15ED5815 ] epmntdrv C:\Windows\system32\epmntdrv.sys
17:03:02.0534 0x17e0 epmntdrv - ok
17:03:02.0556 0x17e0 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:03:02.0558 0x17e0 ErrDev - ok
17:03:02.0604 0x17e0 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013, FB06406AD9CCD946155C4E8CA769E0430589A4E4BBBDA2C90A67C84E0D2F8EE0 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
17:03:02.0606 0x17e0 EuGdiDrv - ok
17:03:02.0653 0x17e0 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
17:03:02.0661 0x17e0 EventSystem - ok
17:03:02.0679 0x17e0 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
17:03:02.0684 0x17e0 exfat - ok
17:03:02.0724 0x17e0 Fabs - ok
17:03:02.0749 0x17e0 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:03:02.0754 0x17e0 fastfat - ok
17:03:02.0790 0x17e0 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
17:03:02.0815 0x17e0 Fax - ok
17:03:02.0835 0x17e0 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:03:02.0837 0x17e0 fdc - ok
17:03:02.0852 0x17e0 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
17:03:02.0855 0x17e0 fdPHost - ok
17:03:02.0866 0x17e0 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
17:03:02.0870 0x17e0 FDResPub - ok
17:03:02.0884 0x17e0 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:03:02.0887 0x17e0 FileInfo - ok
17:03:02.0902 0x17e0 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:03:02.0904 0x17e0 Filetrace - ok
17:03:03.0018 0x17e0 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
17:03:03.0110 0x17e0 FirebirdServerMAGIXInstance - ok
17:03:03.0157 0x17e0 [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:03:03.0182 0x17e0 FLEXnet Licensing Service - ok
17:03:03.0200 0x17e0 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:03:03.0201 0x17e0 flpydisk - ok
17:03:03.0221 0x17e0 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:03:03.0226 0x17e0 FltMgr - ok
17:03:03.0275 0x17e0 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
17:03:03.0296 0x17e0 FontCache - ok
17:03:03.0331 0x17e0 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:03:03.0333 0x17e0 FontCache3.0.0.0 - ok
17:03:03.0408 0x17e0 [ 7DFF82ACDAB23414ABC2A95FEF8982F8, 9B2ACC7AA63085B4A571D084406FE48FE184243A1AF80C2492038CFF3737FEE5 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:03:03.0416 0x17e0 ForceWare Intelligent Application Manager (IAM) - ok
17:03:03.0443 0x17e0 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:03:03.0445 0x17e0 FsDepends - ok
17:03:03.0488 0x17e0 [ 2ED0BABD4CD98ED820FD0D0BCBE96721, A5B955F77BBD299DEF0F25047EF5C6E63AD3D25E4E783D974AA8BB64878D97D7 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:03:03.0490 0x17e0 fssfltr - ok
17:03:03.0595 0x17e0 [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:03:03.0644 0x17e0 fsssvc - ok
17:03:03.0668 0x17e0 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:03:03.0671 0x17e0 Fs_Rec - ok
17:03:03.0701 0x17e0 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:03:03.0706 0x17e0 fvevol - ok
17:03:03.0731 0x17e0 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:03:03.0734 0x17e0 gagp30kx - ok
17:03:03.0799 0x17e0 [ 876D29312C0A297EEE28F3DA30A994E8, 09FD1AA8BA3BD8222CAB1FB915EF673D7A1C1604B0D7E78AB5F3A965D9D94886 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
17:03:03.0805 0x17e0 Garmin Core Update Service - ok
17:03:03.0828 0x17e0 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:03:03.0830 0x17e0 GEARAspiWDM - ok
17:03:03.0834 0x17e0 getPlusHelper - ok
17:03:03.0859 0x17e0 [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio C:\Windows\system32\giveio.sys
17:03:03.0862 0x17e0 giveio - ok
17:03:03.0905 0x17e0 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
17:03:03.0920 0x17e0 gpsvc - ok
17:03:04.0028 0x17e0 [ CEC45180029F1012054A41CEEEA9CEAB, FCE330FB9E4A9BA0BD1C31D94A5A73034175DB5FF4115009B3B3FFE327E31995 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
17:03:04.0030 0x17e0 grmnusb - ok
17:03:04.0087 0x17e0 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:03:04.0090 0x17e0 gupdate - ok
17:03:04.0104 0x17e0 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:03:04.0107 0x17e0 gupdatem - ok
17:03:04.0141 0x17e0 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:03:04.0147 0x17e0 gusvc - ok
17:03:04.0170 0x17e0 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:03:04.0171 0x17e0 hcw85cir - ok
17:03:04.0214 0x17e0 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:03:04.0231 0x17e0 HdAudAddService - ok
17:03:04.0258 0x17e0 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:03:04.0262 0x17e0 HDAudBus - ok
17:03:04.0272 0x17e0 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:03:04.0274 0x17e0 HidBatt - ok
17:03:04.0292 0x17e0 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:03:04.0296 0x17e0 HidBth - ok
17:03:04.0308 0x17e0 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:03:04.0311 0x17e0 HidIr - ok
17:03:04.0330 0x17e0 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
17:03:04.0334 0x17e0 hidserv - ok
17:03:04.0355 0x17e0 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:03:04.0357 0x17e0 HidUsb - ok
17:03:04.0385 0x17e0 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
17:03:04.0390 0x17e0 hkmsvc - ok
17:03:04.0413 0x17e0 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:03:04.0420 0x17e0 HomeGroupListener - ok
17:03:04.0456 0x17e0 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:03:04.0464 0x17e0 HomeGroupProvider - ok
17:03:04.0479 0x17e0 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:03:04.0482 0x17e0 HpSAMD - ok
17:03:04.0613 0x17e0 [ 8E5F579263EF1BBD38223590B1914F8F, CDF3BA551E4ED57BC63CE615A160BB94B53424784B3DB122147533205ECE0F9C ] HsdService C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
17:03:04.0641 0x17e0 HsdService - ok
17:03:04.0682 0x17e0 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:03:04.0693 0x17e0 HTTP - ok
17:03:04.0707 0x17e0 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:03:04.0709 0x17e0 hwpolicy - ok
17:03:04.0738 0x17e0 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:03:04.0741 0x17e0 i8042prt - ok
17:03:04.0805 0x17e0 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:03:04.0822 0x17e0 iaStorV - ok
17:03:04.0878 0x17e0 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:03:04.0912 0x17e0 idsvc - ok
17:03:04.0950 0x17e0 IEEtwCollectorService - ok
17:03:04.0974 0x17e0 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:03:04.0977 0x17e0 iirsp - ok
17:03:05.0059 0x17e0 [ CE1EE31FFF730CA975A5535D8A71AF61, A1808EB92EC2444F9309C93F5724A7A374F4B983862829BF9B076C8D3B2427DE ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
17:03:05.0063 0x17e0 IJPLMSVC - ok
17:03:05.0106 0x17e0 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
17:03:05.0132 0x17e0 IKEEXT - ok
17:03:05.0252 0x17e0 [ 816EEF1A714ABF9A633F478EFAC8F24C, 362492F5922781CE1AD6EB3DC8415BBEC736A5046BF6D9E82C69BADDE86048B8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:03:05.0343 0x17e0 IntcAzAudAddService - ok
17:03:05.0389 0x17e0 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
17:03:05.0391 0x17e0 intelide - ok
17:03:05.0405 0x17e0 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:03:05.0408 0x17e0 intelppm - ok
17:03:05.0438 0x17e0 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:03:05.0444 0x17e0 IPBusEnum - ok
17:03:05.0462 0x17e0 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:03:05.0465 0x17e0 IpFilterDriver - ok
17:03:05.0520 0x17e0 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:03:05.0532 0x17e0 iphlpsvc - ok
17:03:05.0559 0x17e0 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:03:05.0562 0x17e0 IPMIDRV - ok
17:03:05.0578 0x17e0 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:03:05.0582 0x17e0 IPNAT - ok
17:03:05.0649 0x17e0 [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:03:05.0660 0x17e0 iPod Service - ok
17:03:05.0677 0x17e0 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:03:05.0679 0x17e0 IRENUM - ok
17:03:05.0691 0x17e0 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:03:05.0694 0x17e0 isapnp - ok
17:03:05.0711 0x17e0 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:03:05.0727 0x17e0 iScsiPrt - ok
17:03:05.0752 0x17e0 [ C36F3A1A4E8416EF43F30DEAB7701730, 26A151FE87E1AFD18F7A88553E41E27DD3087721974C2B44621629D9029C4D29 ] JRAID C:\Windows\system32\drivers\jraid.sys
17:03:05.0755 0x17e0 JRAID - ok
17:03:05.0777 0x17e0 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:03:05.0779 0x17e0 kbdclass - ok
17:03:05.0789 0x17e0 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:03:05.0792 0x17e0 kbdhid - ok
17:03:05.0808 0x17e0 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso C:\Windows\system32\lsass.exe
17:03:05.0812 0x17e0 KeyIso - ok
17:03:05.0844 0x17e0 [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:03:05.0847 0x17e0 KSecDD - ok
17:03:05.0865 0x17e0 [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:03:05.0870 0x17e0 KSecPkg - ok
17:03:05.0899 0x17e0 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:03:05.0916 0x17e0 KtmRm - ok
17:03:06.0029 0x17e0 [ 99770973CEA11D9EE52FF031049846B1, AE4B09446125787C8F39D3E669A34EB594F65C1D329F80AEAA5B52D93DA4964B ] L4301_Solar C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
17:03:06.0036 0x17e0 L4301_Solar - ok
17:03:06.0076 0x17e0 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:03:06.0085 0x17e0 LanmanServer - ok
17:03:06.0102 0x17e0 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:03:06.0111 0x17e0 LanmanWorkstation - ok
17:03:06.0189 0x17e0 [ FF9E074CCC950398C7D293E1D4D003B3, 542104549F47BB99E9B93503485E7FDA50CAECB6B8C05D00752446DBE69A006B ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:03:06.0205 0x17e0 LBTServ - ok
17:03:06.0238 0x17e0 [ 59CED2543392EB10B2E8FEAE87A5D248, 3C412D8CB95AF1591D97884B6E3A1761C9EBC8FB66FC44820B47AB7AAEDB195F ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
17:03:06.0240 0x17e0 LEqdUsb - ok
17:03:06.0279 0x17e0 [ 26163F0F1C2636AE3FFF7C54600204A5, ED0BC7A1B70706896E2CF4909ECE472C3F28D515ECA8251CE907129CBAEE678B ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
17:03:06.0281 0x17e0 LHidEqd - ok
17:03:06.0300 0x17e0 [ 74EA099C3D9DAD3A657BD89ED4A81C6D, AE0AED792857458CBBEDAD02462FDB5B687D06F5A33547A3EBB39812513BCEDA ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:03:06.0302 0x17e0 LHidFilt - ok
17:03:06.0331 0x17e0 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:03:06.0334 0x17e0 lltdio - ok
17:03:06.0373 0x17e0 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:03:06.0390 0x17e0 lltdsvc - ok
17:03:06.0406 0x17e0 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:03:06.0411 0x17e0 lmhosts - ok
17:03:06.0429 0x17e0 [ E9D42CDD5BD22BE28247B77953735650, A3CB9B62278830A40150C079370431B71BF5D04240CCE48D116D467D94006402 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:03:06.0432 0x17e0 LMouFilt - ok
17:03:06.0454 0x17e0 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:03:06.0458 0x17e0 LSI_FC - ok
17:03:06.0473 0x17e0 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:03:06.0476 0x17e0 LSI_SAS - ok
17:03:06.0485 0x17e0 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:03:06.0488 0x17e0 LSI_SAS2 - ok
17:03:06.0498 0x17e0 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:03:06.0501 0x17e0 LSI_SCSI - ok
17:03:06.0514 0x17e0 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
17:03:06.0517 0x17e0 luafv - ok
17:03:06.0555 0x17e0 [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
17:03:06.0557 0x17e0 LVPr2Mon - ok
17:03:06.0584 0x17e0 [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
17:03:06.0587 0x17e0 LVPrcSrv - ok
17:03:06.0613 0x17e0 [ 23F8EF78BB9553E465A476F3CEE5CA18, 22E19B9F16EC555CCA091841711C8D1938F7EBCD8C6AC82E77375AE5EA96610C ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
17:03:06.0615 0x17e0 LVUSBSta - ok
17:03:06.0648 0x17e0 [ 8FD868E32459ECE2A1BB0169F513D31E, F28E47FBEC8EC8424FFFB359668E0FEEA66A69E9D737D75472934FAC39770390 ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
17:03:06.0652 0x17e0 mcdbus - ok
17:03:06.0680 0x17e0 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:03:06.0685 0x17e0 Mcx2Svc - ok
17:03:06.0742 0x17e0 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:03:06.0750 0x17e0 MDM - ok
17:03:06.0763 0x17e0 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:03:06.0765 0x17e0 megasas - ok
17:03:06.0784 0x17e0 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:03:06.0801 0x17e0 MegaSR - ok
17:03:06.0833 0x17e0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
17:03:06.0838 0x17e0 MMCSS - ok
17:03:06.0851 0x17e0 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
17:03:06.0853 0x17e0 Modem - ok
17:03:06.0880 0x17e0 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:03:06.0881 0x17e0 monitor - ok
17:03:06.0910 0x17e0 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:03:06.0912 0x17e0 mouclass - ok
17:03:06.0930 0x17e0 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:03:06.0932 0x17e0 mouhid - ok
17:03:06.0962 0x17e0 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:03:06.0965 0x17e0 mountmgr - ok
17:03:07.0027 0x17e0 [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:03:07.0031 0x17e0 MozillaMaintenance - ok
17:03:07.0053 0x17e0 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
17:03:07.0058 0x17e0 mpio - ok
17:03:07.0073 0x17e0 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:03:07.0077 0x17e0 mpsdrv - ok
17:03:07.0118 0x17e0 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:03:07.0133 0x17e0 MpsSvc - ok
17:03:07.0163 0x17e0 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:03:07.0167 0x17e0 MRxDAV - ok
17:03:07.0201 0x17e0 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:03:07.0205 0x17e0 mrxsmb - ok
17:03:07.0240 0x17e0 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:03:07.0257 0x17e0 mrxsmb10 - ok
17:03:07.0270 0x17e0 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:03:07.0274 0x17e0 mrxsmb20 - ok
17:03:07.0304 0x17e0 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
17:03:07.0307 0x17e0 msahci - ok
17:03:07.0338 0x17e0 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:03:07.0342 0x17e0 msdsm - ok
17:03:07.0381 0x17e0 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
17:03:07.0389 0x17e0 MSDTC - ok
17:03:07.0417 0x17e0 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:03:07.0419 0x17e0 Msfs - ok
17:03:07.0436 0x17e0 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:03:07.0438 0x17e0 mshidkmdf - ok
17:03:07.0456 0x17e0 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:03:07.0458 0x17e0 msisadrv - ok
17:03:07.0486 0x17e0 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:03:07.0492 0x17e0 MSiSCSI - ok
17:03:07.0500 0x17e0 msiserver - ok
17:03:07.0522 0x17e0 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:03:07.0524 0x17e0 MSKSSRV - ok
17:03:07.0534 0x17e0 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:03:07.0536 0x17e0 MSPCLOCK - ok
17:03:07.0553 0x17e0 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:03:07.0555 0x17e0 MSPQM - ok
17:03:07.0577 0x17e0 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:03:07.0583 0x17e0 MsRPC - ok
17:03:07.0607 0x17e0 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:03:07.0610 0x17e0 mssmbios - ok
17:03:07.0664 0x17e0 MSSQL$EONENERGYFIT - ok
17:03:07.0729 0x17e0 [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:03:07.0731 0x17e0 MSSQLServerADHelper - ok
17:03:07.0739 0x17e0 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:03:07.0741 0x17e0 MSTEE - ok
17:03:07.0754 0x17e0 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:03:07.0756 0x17e0 MTConfig - ok
17:03:07.0773 0x17e0 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
17:03:07.0775 0x17e0 Mup - ok
17:03:07.0807 0x17e0 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
17:03:07.0819 0x17e0 napagent - ok
17:03:07.0838 0x17e0 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:03:07.0855 0x17e0 NativeWifiP - ok
17:03:07.0897 0x17e0 [ E4534BCCDD1EA7A7A256BB9D6688A5FC, 68AFEDC17BF449DF7FC9CC9D7F020C1D82ABE91C40C7E6419DF87FAFDA700A0E ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
17:03:07.0907 0x17e0 NAUpdate - ok
17:03:07.0933 0x17e0 [ 4A2B254AA2D3E375D478EE4C90FBE235, A92188665BBF423F0BA8A73C7E660D9B81579405C51B83681369592603DEC7B3 ] Navcar C:\Windows\system32\DRIVERS\Navcar.sys
17:03:07.0935 0x17e0 Navcar - ok
17:03:07.0985 0x17e0 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:03:08.0000 0x17e0 NDIS - ok
17:03:08.0021 0x17e0 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:03:08.0023 0x17e0 NdisCap - ok
17:03:08.0040 0x17e0 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:03:08.0043 0x17e0 NdisTapi - ok
17:03:08.0069 0x17e0 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:03:08.0071 0x17e0 Ndisuio - ok
17:03:08.0104 0x17e0 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:03:08.0109 0x17e0 NdisWan - ok
17:03:08.0155 0x17e0 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:03:08.0158 0x17e0 NDProxy - ok
17:03:08.0180 0x17e0 [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:03:08.0185 0x17e0 Net Driver HPZ12 - ok
17:03:08.0203 0x17e0 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:03:08.0205 0x17e0 NetBIOS - ok
17:03:08.0234 0x17e0 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:03:08.0238 0x17e0 NetBT - ok
17:03:08.0258 0x17e0 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon C:\Windows\system32\lsass.exe
17:03:08.0262 0x17e0 Netlogon - ok
17:03:08.0293 0x17e0 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
17:03:08.0303 0x17e0 Netman - ok
17:03:08.0365 0x17e0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:03:08.0369 0x17e0 NetMsmqActivator - ok
17:03:08.0381 0x17e0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:03:08.0385 0x17e0 NetPipeActivator - ok
17:03:08.0412 0x17e0 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
17:03:08.0423 0x17e0 netprofm - ok
17:03:08.0447 0x17e0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:03:08.0451 0x17e0 NetTcpActivator - ok
17:03:08.0462 0x17e0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:03:08.0466 0x17e0 NetTcpPortSharing - ok
17:03:08.0536 0x17e0 [ 4EEAC95D9D1B4F854EDDB558236504FC, B15973180BD4685F1C9393B6EF485D436E49E0833ABD8DC6FBE56FB5F750DC5E ] NetworkX C:\Windows\system32\ckldrv.sys
17:03:08.0539 0x17e0 NetworkX - ok
17:03:08.0555 0x17e0 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:03:08.0558 0x17e0 nfrd960 - ok
17:03:08.0601 0x17e0 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:03:08.0611 0x17e0 NlaSvc - ok
17:03:08.0663 0x17e0 [ A00877C05933FBA8AFB3390DD72D4679, 684D9642173C4BF4B752F259D5E89F16BC8B4B1608F1E6E176AA692A9775CE38 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
17:03:08.0664 0x17e0 nmwcd - ok
17:03:08.0696 0x17e0 [ 9FF15F18E4E8758AC57BDB910D0238B3, F27C40BDD3818C54E1099AD525C7C19B424E0C4676DB366DE0E905CA3F82A310 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
17:03:08.0698 0x17e0 nmwcdc - ok
17:03:08.0711 0x17e0 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:03:08.0713 0x17e0 Npfs - ok
17:03:08.0722 0x17e0 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
17:03:08.0728 0x17e0 nsi - ok
17:03:08.0766 0x17e0 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:03:08.0767 0x17e0 nsiproxy - ok
17:03:08.0811 0x17e0 [ 198FF60A42802C319FBA58FDB13EEE49, 80F098727BE1452BD570F5A1A7F4883BB38B3B4F7F4797D6F276A6E9FFE3B7C1 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:03:08.0816 0x17e0 nSvcIp - ok
17:03:08.0884 0x17e0 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:03:08.0926 0x17e0 Ntfs - ok
17:03:08.0950 0x17e0 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
17:03:08.0952 0x17e0 Null - ok
17:03:08.0991 0x17e0 [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
17:03:09.0008 0x17e0 NVENETFD - ok
17:03:09.0352 0x17e0 [ 50199B0578F7A4ADD5E16A42946CF34B, D4CB42C4FC42355BE007088FBB60B2B773188AB81FB9111861C0682DBCD79EFD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:03:09.0662 0x17e0 nvlddmkm - ok
17:03:09.0745 0x17e0 [ 0219B05730635FCAB3A9925D3374C464, FD5ED0FAFA1DB8229B3963C29D7AC98684C5F75772AAE05A79D4452237CF7C1D ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
17:03:09.0762 0x17e0 NVNET - ok
17:03:09.0815 0x17e0 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:03:09.0819 0x17e0 nvraid - ok
17:03:09.0846 0x17e0 [ 02A9F366BCB94B286E34825B2094CB38, 1F525EA1C9530FC5361745D0761C8E3AF9BF7CD80087A4791BB8DB8D5DF00115 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
17:03:09.0849 0x17e0 nvsmu - ok
17:03:09.0879 0x17e0 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:03:09.0884 0x17e0 nvstor - ok
17:03:10.0400 0x17e0 [ 4D287BC6BAACA3983D8398391EB61764, 2FDC85173D1270E03F9587B42C699A211CFC7ED3D7B4DC9BF3718F939B406B97 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
17:03:10.0682 0x17e0 NvStreamSvc - ok
17:03:10.0797 0x17e0 [ 4BD107E339C9955708FA35A96BB8A8A8, 540A2C12B844491F5089CAEDA0EA57DAE03471081866AE1A08C5E65E592F772B ] nvsvc C:\Windows\system32\nvvsvc.exe
17:03:10.0814 0x17e0 nvsvc - ok
17:03:10.0851 0x17e0 [ 9AD1ABCD0CDC3C840EE7BFE3E4ED3830, C7BA8BCA9ADE235E20F4CB55F37204B5BDA5989D7E130589566C0934B052D63F ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
17:03:10.0853 0x17e0 nvvad_WaveExtensible - ok
17:03:10.0885 0x17e0 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:03:10.0889 0x17e0 nv_agp - ok
17:03:10.0922 0x17e0 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:03:10.0925 0x17e0 ohci1394 - ok
17:03:10.0954 0x17e0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:03:10.0959 0x17e0 ose - ok
17:03:10.0987 0x17e0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:03:10.0998 0x17e0 p2pimsvc - ok
17:03:11.0024 0x17e0 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
17:03:11.0035 0x17e0 p2psvc - ok
17:03:11.0067 0x17e0 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:03:11.0070 0x17e0 Parport - ok
17:03:11.0097 0x17e0 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:03:11.0100 0x17e0 partmgr - ok
17:03:11.0116 0x17e0 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:03:11.0117 0x17e0 Parvdm - ok
17:03:11.0134 0x17e0 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:03:11.0142 0x17e0 PcaSvc - ok
17:03:11.0187 0x17e0 [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:03:11.0190 0x17e0 pccsmcfd - ok
17:03:11.0211 0x17e0 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
17:03:11.0216 0x17e0 pci - ok
17:03:11.0244 0x17e0 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
17:03:11.0246 0x17e0 pciide - ok
17:03:11.0267 0x17e0 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:03:11.0273 0x17e0 pcmcia - ok
17:03:11.0295 0x17e0 [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
17:03:11.0298 0x17e0 pcouffin - ok
17:03:11.0316 0x17e0 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
17:03:11.0319 0x17e0 pcw - ok
17:03:11.0348 0x17e0 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:03:11.0383 0x17e0 PEAUTH - ok
17:03:11.0522 0x17e0 [ 4BB5AC2DD485B8EEFCCB977EE66A68AD, 8C45E74697B2484A26DE693D179AF81F2F4DC4EC0985908A89EF6167F3096056 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
17:03:11.0597 0x17e0 PID_PEPI - ok
17:03:11.0677 0x17e0 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
17:03:11.0727 0x17e0 pla - ok
17:03:11.0802 0x17e0 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:03:11.0814 0x17e0 PlugPlay - ok
17:03:11.0843 0x17e0 [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:03:11.0848 0x17e0 Pml Driver HPZ12 - ok
17:03:11.0876 0x17e0 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:03:11.0882 0x17e0 PNRPAutoReg - ok
17:03:11.0912 0x17e0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:03:11.0922 0x17e0 PNRPsvc - ok
17:03:11.0954 0x17e0 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:03:11.0964 0x17e0 PolicyAgent - ok
17:03:11.0996 0x17e0 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
17:03:12.0005 0x17e0 Power - ok
17:03:12.0031 0x17e0 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:03:12.0034 0x17e0 PptpMiniport - ok
17:03:12.0054 0x17e0 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:03:12.0057 0x17e0 Processor - ok
17:03:12.0094 0x17e0 ProcObsrv - ok
17:03:12.0103 0x17e0 Profos - ok
17:03:12.0141 0x17e0 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:03:12.0149 0x17e0 ProfSvc - ok
17:03:12.0166 0x17e0 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:03:12.0170 0x17e0 ProtectedStorage - ok
17:03:12.0189 0x17e0 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:03:12.0193 0x17e0 Psched - ok
17:03:12.0220 0x17e0 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
17:03:12.0223 0x17e0 PxHelp20 - ok
17:03:12.0274 0x17e0 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:03:12.0317 0x17e0 ql2300 - ok
17:03:12.0339 0x17e0 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:03:12.0344 0x17e0 ql40xx - ok
17:03:12.0370 0x17e0 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ]
Last edited by steveqae on December 13th, 2013, 6:17 am, edited 1 time in total.
User avatar
steveqae
Regular Member
 
Posts: 37
Joined: May 1st, 2007, 6:39 pm
Location: Plymouth
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 133 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware