Slow Windows Vista PC, possibly infected

Inactive
By DaTBoYJoe
Jan 10, 2013
  1. I have a Compaq Presario C700 Laptop running Windows Vista Home Premium. The computer has been running very slow lately so I ran a virus scan using Malware Bytes and a anti virus scan using avast . I also used DDS and I Posted the Logs Below . When I Tried to remove the threats detected my MailwareBytes it froze up on me but I was able to generate a log file . Most of the files listed say REWARDSARCADE


    Any help would be Appreciated and Thank You in Advance

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.10.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    erica :: ERICA-PC [administrator]

    1/10/2013 12:11:10 AM
    MBAM-log-2013-01-10 (00-37-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 284809
    Time elapsed: 24 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 28
    C:\Users\erica\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> No action taken.
    C:\Users\erica\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> No action taken.

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by erica at 0:50:50 on 2013-01-10
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\VERIZONDM\bin\sprtsvc.exe
    C:\Program Files\VERIZONDM\bin\tgsrvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\VERIZONDM\bin\sprtcmd.exe
    C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files\TeamViewer\Version8\tv_w32.exe
    c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\regedit.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.verizon.com/myverizon
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Post-it® Digital Notes: {735abc4c-9266-4008-9ef6-bc60be8de31f} -
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [hpqSRMon] <no file>
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Create a Post-it® Note - c:\program files\3m\pdnotes\\PSNBookMark.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{C1F8A0D1-0643-45EC-9DCB-C9C89CD29F3D} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? 0068431357791575mcinstcleanup;McAfee Application Installer Cleanup (0068431357791575)
    R? BBSvc;Bing Bar Update Service
    R? CBTNDIS4;CBTNDIS4 NDIS Protocol Driver
    R? cfwids;McAfee Inc. cfwids
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? GamesAppService;GamesAppService
    R? McShield;McAfee McShield
    R? mfebopk;McAfee Inc. mfebopk
    R? mfefire;McAfee Firewall Core Service
    R? mfefirek;McAfee Inc. mfefirek
    R? mferkdet;McAfee Inc. mferkdet
    R? mfevtp;McAfee Validation Trust Protection Service
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? aswFsBlk;aswFsBlk
    S? aswMonFlt;aswMonFlt
    S? aswSnx;aswSnx
    S? aswSP;aswSP
    S? avast! Antivirus;avast! Antivirus
    S? Com4QLBEx;Com4QLBEx
    S? FilesystemWatcher;Filesystem Watcher
    S? FontCache;Windows Font Cache Service
    S? Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service
    S? Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service
    S? MBAMSwissArmy;MBAMSwissArmy
    S? McNaiAnn;McAfee VirusScan Announcer
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfehidk;McAfee Inc. mfehidk
    S? mfewfpk;McAfee Inc. mfewfpk
    S? OnlineBackupSchedulerService;Online Backup Scheduler
    S? sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm)
    S? TeamViewer8;TeamViewer 8
    S? tgsrvc_verizondm;SupportSoft Repair Service (verizondm)
    .
    =============== Created Last 30 ================
    .
    2013-01-10 04:31:42738504----a-w-c:\windows\system32\drivers\aswSnx.sys
    2013-01-10 04:31:4058680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2013-01-10 04:30:0841224----a-w-c:\windows\avastSS.scr
    2013-01-10 04:29:00--------d-----w-c:\programdata\AVAST Software
    2013-01-10 04:29:00--------d-----w-c:\program files\AVAST Software
    2013-01-10 04:13:1840776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-10 04:13:18--------d-----w-c:\users\erica\appdata\roaming\Malwarebytes
    2013-01-10 04:11:21--------d-----w-c:\programdata\Malwarebytes
    2013-01-10 04:11:1521104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-10 04:11:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-01-10 03:47:1660872----a-w-c:\programdata\microsoft\windows defender\definition updates\{60f3b1f7-c366-43bc-892c-4c685b20a78a}\offreg.dll
    2013-01-10 03:22:48--------d-----w-c:\program files\TeamViewer
    2013-01-08 20:54:526812136----a-w-c:\programdata\microsoft\windows defender\definition updates\{60f3b1f7-c366-43bc-892c-4c685b20a78a}\mpengine.dll
    2013-01-06 04:58:47--------d-----w-c:\programdata\1386BAB1F0076BAF00001386A73070D7
    2012-12-28 05:00:07--------d-----w-c:\program files\3M
    2012-12-28 04:55:13--------d-----w-c:\users\erica\appdata\roaming\GetRightToGo
    2012-12-22 08:00:5134304----a-w-c:\windows\system32\atmlib.dll
    2012-12-22 08:00:51293376----a-w-c:\windows\system32\atmfd.dll
    2012-12-14 03:08:49--------d-----w-c:\program files\iPod
    2012-12-14 03:08:18--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-12-14 03:08:18--------d-----w-c:\program files\iTunes
    2012-12-12 08:05:499728----a-w-c:\windows\system32\Wdfres.dll
    2012-12-12 08:05:4366560----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-12-12 08:05:4316896----a-w-c:\windows\system32\winusb.dll
    2012-12-12 08:05:43155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-12-12 08:05:4273216----a-w-c:\windows\system32\WUDFSvc.dll
    2012-12-12 08:05:42526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-12-12 08:05:4247720----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-12-12 08:05:42172032----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-12-12 08:05:41613888----a-w-c:\windows\system32\WUDFx.dll
    2012-12-12 08:05:4138912----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-12-12 08:05:41196608----a-w-c:\windows\system32\WUDFHost.exe
    2012-12-12 04:32:572048000----a-w-c:\windows\system32\win32k.sys
    2012-12-12 04:32:54376320----a-w-c:\windows\system32\dpnet.dll
    2012-12-12 04:32:5423040----a-w-c:\windows\system32\dpnsvr.exe
    2012-12-12 04:32:52224640----a-w-c:\windows\system32\drivers\volsnap.sys
    2012-12-12 04:32:352048----a-w-c:\windows\system32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2013-01-08 21:01:3074248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-08 21:01:30697864----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-11-14 02:09:221800704----a-w-c:\windows\system32\jscript9.dll
    2012-11-14 01:58:151427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:371129472----a-w-c:\windows\system32\wininet.dll
    2012-11-14 01:49:25142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27420864----a-w-c:\windows\system32\vbscript.dll
    2012-11-14 01:44:422382848----a-w-c:\windows\system32\mshtml.tlb
    2012-11-09 11:53:22167344----a-w-c:\windows\system32\mfevtps.exe.cccc.deleteme
    2012-10-25 08:12:2694208----a-w-c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 08:12:2669632----a-w-c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 0:51:31.14 ===============
  3. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    .
    ==== Installed Programs ======================
    .
    Administrative Templates for Windows Server 2003
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player
    aioscnnr
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    avast! Free Antivirus
    Bing Bar
    Bing Rewards Client Installer
    BlackBerry Desktop Software 7.1
    Bonjour
    C4USelfUpdater
    Cards_Calendar_OrderGift_DoMorePlugout
    center
    Conexant HD Audio
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DVD Suite
    essentials
    ESU for Microsoft Vista
    GearDrvs
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.6
    HP Easy Setup - Frontend
    HP Help and Support
    HP Photosmart Essential 2.5
    HP Quick Launch Buttons
    HP Smart Web Printing
    HP Total Care Advisor
    HP Update
    HP User Guides 0093
    HP Wireless Assistant
    HPNetworkAssistant
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    iCloud
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Intel(R) TV Wizard
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 24
    Kodak AIO Printer
    KODAK AiO Software
    LabelPrint
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    NetWaiting
    NokiaFREE Unlock Codes Calculator
    ocr
    OGA Notifier 2.0.0048.0
    Post-it® Digital Notes
    Power2Go
    PowerDirector
    PreReq
    PrintProjects
    PSSWCORE
    QLBCASL
    QuickPlay SlingPlayer 0.4.4
    QuickTime
    Rainlendar2 (remove only)
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Shared C Run-time for x86
    SmartWebPrinting
    Spelling Dictionaries Support For Adobe Reader 9
    TeamViewer 8
    TomTom HOME 2.8.3.2458
    TomTom HOME Visual Studio Merge Modules
    Touch Pad Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Update Installer for WildTangent Games App
    Verizon Download Manager
    Verizon Online Backup and Sharing
    VideoToolkit01
    Vz In Home Agent
    WeatherBug Gadget
    Yahoo! Detect
    .
    ==== End Of File ===========================
  4. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    I just scanned it again to be sure and Mailware Bytes now says its not infected? The first time it froze during the cleanup and I had to kill the program
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  6. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    # AdwCleaner v2.105 - Logfile created 01/11/2013 at 23:09:14
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : erica - ERICA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\erica\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    Folder Deleted : C:\ProgramData\Viewpoint

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\RewardsArcade
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\FCTB000100709
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
    Key Deleted : HKLM\Software\Viewpoint
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Ericka2\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2216 octets] - [11/01/2013 23:09:14]

    ########## EOF - C:\AdwCleaner[S1].txt - [2276 octets] ##########
  7. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.2 (01.08.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by erica on Fri 01/11/2013 at 23:28:10.02
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~ Services
    ~~~ Registry Values
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
    ~~~ Files
    ~~~ Folders
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 01/11/2013 at 23:36:26.78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    There's the Two log files you requested and Thank You For Your Help
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How is this working?
  11. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    Sorry for the delay but I've been busy.... I'll try to run it tonight
    DragonMaster Jay likes this.
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How's it going?
  13. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    I tried to run Combofix like you said but I got an error message PEV.exe has Stopped Working then it said windows will close the program and notify you if theres a solution

    I'll try to run it in safe mode
  14. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    Nm the error came up but it still ran and generated a log file
  15. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    ComboFix 13-01-17.04 - erica 01/18/2013 0:14.1.2 - x86
    Running from: c:\users\erica\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\erica\GoToAssistDownloadHelper.exe
    c:\users\Ericka2\Documents\~WRL0290.tmp
    c:\users\Ericka2\Documents\~WRL0506.tmp
    c:\users\Ericka2\Documents\~WRL0519.tmp
    c:\users\Ericka2\Documents\~WRL0631.tmp
    c:\users\Ericka2\Documents\~WRL1176.tmp
    c:\users\Ericka2\Documents\~WRL1660.tmp
    c:\users\Ericka2\Documents\~WRL1812.tmp
    c:\users\Ericka2\Documents\~WRL1948.tmp
    c:\users\Ericka2\Documents\~WRL2299.tmp
    c:\users\Ericka2\Documents\~WRL2317.tmp
    c:\users\Ericka2\Documents\~WRL2710.tmp
    c:\users\Ericka2\Documents\~WRL3134.tmp
    c:\users\Ericka2\Documents\~WRL3421.tmp
    c:\users\Ericka2\Documents\~WRL3436.tmp
    c:\users\Ericka2\Documents\~WRL3447.tmp
    c:\users\Ericka2\Documents\~WRL3754.tmp
    c:\users\Ericka2\Documents\~WRL3783.tmp
    c:\users\Ericka2\Documents\~WRL3822.tmp
    c:\users\Ericka2\Documents\~WRL3828.tmp
    c:\windows\system32\KBL.LOG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-18 05:28 . 2013-01-18 05:28--------d-----w-c:\users\Guest\AppData\Local\temp
    2013-01-18 05:28 . 2013-01-18 05:28--------d-----w-c:\users\Ericka2\AppData\Local\temp
    2013-01-18 05:28 . 2013-01-18 05:29--------d-----w-c:\users\erica\AppData\Local\temp
    2013-01-18 05:28 . 2013-01-18 05:28--------d-----w-c:\users\guest2\AppData\Local\temp
    2013-01-18 05:28 . 2013-01-18 05:28--------d-----w-c:\users\Default\AppData\Local\temp
    2013-01-16 19:52 . 2013-01-16 19:5260872----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{192C6C18-E30F-4390-A973-27B94ED77B90}\offreg.dll
    2013-01-16 02:56 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{192C6C18-E30F-4390-A973-27B94ED77B90}\mpengine.dll
    2013-01-12 04:27 . 2013-01-12 04:27--------d-----w-c:\windows\ERUNT
    2013-01-12 04:27 . 2013-01-12 04:27--------d-----w-C:\JRT
    2013-01-10 04:31 . 2012-10-30 23:51361032----a-w-c:\windows\system32\drivers\aswSP.sys
    2013-01-10 04:31 . 2012-10-30 23:5121256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2013-01-10 04:31 . 2012-10-30 23:5135928----a-w-c:\windows\system32\drivers\aswRdr.sys
    2013-01-10 04:31 . 2012-10-30 23:5154232----a-w-c:\windows\system32\drivers\aswTdi.sys
    2013-01-10 04:31 . 2012-10-30 23:51738504----a-w-c:\windows\system32\drivers\aswSnx.sys
    2013-01-10 04:31 . 2012-10-30 23:5158680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2013-01-10 04:30 . 2012-10-30 23:5141224----a-w-c:\windows\avastSS.scr
    2013-01-10 04:30 . 2012-10-30 23:50227648----a-w-c:\windows\system32\aswBoot.exe
    2013-01-10 04:29 . 2013-01-10 04:29--------d-----w-c:\programdata\AVAST Software
    2013-01-10 04:29 . 2013-01-10 04:29--------d-----w-c:\program files\AVAST Software
    2013-01-10 04:13 . 2013-01-10 04:13--------d-----w-c:\users\erica\AppData\Roaming\Malwarebytes
    2013-01-10 04:11 . 2013-01-10 04:11--------d-----w-c:\programdata\Malwarebytes
    2013-01-10 04:11 . 2012-12-14 21:4921104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-10 04:11 . 2013-01-10 04:11--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-01-10 03:42 . 2012-11-23 01:352048000----a-w-c:\windows\system32\win32k.sys
    2013-01-10 03:40 . 2012-11-20 04:22204288----a-w-c:\windows\system32\ncrypt.dll
    2013-01-10 03:40 . 2012-11-02 10:191400832----a-w-c:\windows\system32\msxml6.dll
    2013-01-10 03:22 . 2013-01-10 03:22--------d-----w-c:\program files\TeamViewer
    2013-01-06 04:58 . 2013-01-06 05:01--------d-----w-c:\programdata\1386BAB1F0076BAF00001386A73070D7
    2012-12-28 16:38 . 2012-12-28 16:38--------d-----w-c:\users\Ericka2\AppData\Roaming\3M
    2012-12-28 05:03 . 2012-12-28 05:03--------d-----w-c:\users\erica\AppData\Roaming\3M
    2012-12-28 05:00 . 2012-12-28 05:00--------d-----w-c:\program files\3M
    2012-12-28 04:55 . 2012-12-28 04:56--------d-----w-c:\users\erica\AppData\Roaming\GetRightToGo
    2012-12-22 08:00 . 2012-12-16 13:1234304----a-w-c:\windows\system32\atmlib.dll
    2012-12-22 08:00 . 2012-12-16 10:50293376----a-w-c:\windows\system32\atmfd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-08 21:01 . 2012-09-08 19:02697864----a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 21:01 . 2011-09-05 02:0674248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-14 02:09 . 2012-12-12 08:111800704----a-w-c:\windows\system32\jscript9.dll
    2012-11-14 01:58 . 2012-12-12 08:111427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-12 08:111129472----a-w-c:\windows\system32\wininet.dll
    2012-11-14 01:49 . 2012-12-12 08:11142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-12 08:11420864----a-w-c:\windows\system32\vbscript.dll
    2012-11-14 01:44 . 2012-12-12 08:112382848----a-w-c:\windows\system32\mshtml.tlb
    2012-11-13 01:29 . 2012-12-12 04:322048----a-w-c:\windows\system32\tzres.dll
    2012-11-02 10:18 . 2012-12-12 04:32376320----a-w-c:\windows\system32\dpnet.dll
    2012-11-02 08:26 . 2012-12-12 04:3223040----a-w-c:\windows\system32\dpnsvr.exe
    2012-10-26 20:54 . 2011-12-24 04:31800824----a-w-c:\users\Default\AppData\Roaming\DPInst.exe
    2012-10-26 20:54 . 2011-12-24 04:3136352----a-w-c:\users\Default\AppData\Roaming\PnPutil.exe
    2012-10-26 20:54 . 2011-12-24 04:31106496----a-w-c:\users\Default\AppData\Roaming\gacutil.exe
    2012-10-25 08:12 . 2012-10-25 08:1294208----a-w-c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 08:12 . 2012-10-25 08:1269632----a-w-c:\windows\system32\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50121528----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-12-05 247728]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2012-07-24 2498048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
    "Online Backup Auto Update"="c:\program files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2010-02-11 233472]
    "Vault Explorer Cache Watcher"="c:\program files\Verizon\Online Backup & Sharing\vewatch.exe" [2010-02-10 28672]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
    backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51919008----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-10-06 05:5259240----a-w-c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-11-28 19:1359280----a-w-c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33125952----a-w-c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-12 00:13166424----a-w-c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2011-05-10 06:4149208----a-w-c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    2007-10-02 00:101783136----a-w-c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 00:13141848----a-w-c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 18:57152544----a-w-c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 00:13133656----a-w-c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2009-11-24 15:07323640----a-w-c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-10-01 03:34181544----a-w-c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-10-25 08:12421888----a-w-c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 18:49249064----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33202240----a-w-c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    rsmsvcsREG_MULTI_SZ ntmssvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-15 22:081606760----a-w-c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 21:01]
    .
    2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-04 04:42]
    .
    2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-04 04:42]
    .
    2008-04-17 c:\windows\Tasks\HPCeeScheduleForerica.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-12 19:58]
    .
    2008-05-06 c:\windows\Tasks\HPCeeScheduleForEricka2.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-12 19:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.verizon.com/myverizon
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: Create a Post-it® Note - c:\program files\3M\PDNotes\\PSNBookMark.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
    HKLM-Run-hpqSRMon - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files\WildTangent Games\App\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-18 00:29
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
    0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
    79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
    "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
    b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:50,16,cb,45,df,66,cd,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-01-18 00:31:52
    ComboFix-quarantined-files.txt 2013-01-18 05:31
    .
    Pre-Run: 32,310,366,208 bytes free
    Post-Run: 33,657,896,960 bytes free
    .
    - - End Of File - - F9FF3B2680E582BEE58193763CFEC343
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  17. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    23:57:45.0683 4020 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    23:57:46.0745 4020 ============================================================
    23:57:46.0746 4020 Current date / time: 2013/01/19 23:57:46.0745
    23:57:46.0746 4020 SystemInfo:
    23:57:46.0746 4020
    23:57:46.0746 4020 OS Version: 6.0.6002 ServicePack: 2.0
    23:57:46.0746 4020 Product type: Workstation
    23:57:46.0746 4020 ComputerName: ERICA-PC
    23:57:46.0747 4020 UserName: erica
    23:57:46.0747 4020 Windows directory: C:\Windows
    23:57:46.0747 4020 System windows directory: C:\Windows
    23:57:46.0747 4020 Processor architecture: Intel x86
    23:57:46.0747 4020 Number of processors: 2
    23:57:46.0747 4020 Page size: 0x1000
    23:57:46.0747 4020 Boot type: Normal boot
    23:57:46.0747 4020 ============================================================
    23:57:47.0923 4020 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:57:47.0943 4020 ============================================================
    23:57:47.0943 4020 \Device\Harddisk0\DR0:
    23:57:47.0944 4020 MBR partitions:
    23:57:47.0944 4020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC849D92
    23:57:47.0944 4020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC849DD1, BlocksNum 0x17499F0
    23:57:47.0944 4020 ============================================================
    23:57:47.0959 4020 C: <-> \Device\Harddisk0\DR0\Partition1
    23:57:47.0993 4020 D: <-> \Device\Harddisk0\DR0\Partition2
    23:57:47.0993 4020 ============================================================
    23:57:47.0993 4020 Initialize success
    23:57:47.0993 4020 ============================================================
    23:58:23.0941 5584 ============================================================
    23:58:23.0941 5584 Scan started
    23:58:23.0941 5584 Mode: Manual; SigCheck; TDLFS;
    23:58:23.0941 5584 ============================================================
    23:58:24.0644 5584 ================ Scan system memory ========================
    23:58:24.0644 5584 System memory - ok
    23:58:24.0645 5584 ================ Scan services =============================
    23:58:24.0897 5584 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    23:58:25.0096 5584 ACPI - ok
    23:58:25.0260 5584 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:58:25.0282 5584 AdobeARMservice - ok
    23:58:25.0402 5584 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    23:58:25.0431 5584 AdobeFlashPlayerUpdateSvc - ok
    23:58:25.0517 5584 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    23:58:25.0569 5584 adp94xx - ok
    23:58:25.0716 5584 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
    23:58:25.0746 5584 adpahci - ok
    23:58:25.0773 5584 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    23:58:25.0796 5584 adpu160m - ok
    23:58:25.0821 5584 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    23:58:25.0846 5584 adpu320 - ok
    23:58:25.0889 5584 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    23:58:26.0110 5584 AeLookupSvc - ok
    23:58:26.0187 5584 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    23:58:26.0279 5584 AFD - ok
    23:58:26.0332 5584 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
    23:58:26.0353 5584 agp440 - ok
    23:58:26.0382 5584 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    23:58:26.0405 5584 aic78xx - ok
    23:58:26.0482 5584 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    23:58:26.0572 5584 ALG - ok
    23:58:26.0594 5584 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
    23:58:26.0612 5584 aliide - ok
    23:58:26.0641 5584 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    23:58:26.0662 5584 amdagp - ok
    23:58:26.0683 5584 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
    23:58:26.0702 5584 amdide - ok
    23:58:26.0734 5584 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    23:58:26.0846 5584 AmdK7 - ok
    23:58:26.0857 5584 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    23:58:26.0965 5584 AmdK8 - ok
    23:58:27.0037 5584 [ 3A2154B4F22AF4771F40B8F2FC7DBBF6 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    23:58:27.0060 5584 ApfiltrService - ok
    23:58:27.0106 5584 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    23:58:27.0166 5584 Appinfo - ok
    23:58:27.0287 5584 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:58:27.0310 5584 Apple Mobile Device - ok
    23:58:27.0366 5584 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
    23:58:27.0389 5584 arc - ok
    23:58:27.0417 5584 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    23:58:27.0444 5584 arcsas - ok
    23:58:27.0508 5584 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    23:58:27.0555 5584 aswFsBlk - ok
    23:58:27.0583 5584 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    23:58:27.0603 5584 aswMonFlt - ok
    23:58:27.0627 5584 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
    23:58:27.0646 5584 AswRdr - ok
    23:58:27.0708 5584 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    23:58:27.0784 5584 aswSnx - ok
    23:58:27.0827 5584 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    23:58:27.0877 5584 aswSP - ok
    23:58:27.0937 5584 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    23:58:27.0957 5584 aswTdi - ok
    23:58:28.0015 5584 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    23:58:28.0108 5584 AsyncMac - ok
    23:58:28.0175 5584 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    23:58:28.0202 5584 atapi - ok
    23:58:28.0258 5584 [ 0437199C88F6E88A387CFEC8A8886A6E ] athr C:\Windows\system32\DRIVERS\athr.sys
    23:58:28.0355 5584 athr - ok
    23:58:28.0423 5584 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    23:58:28.0489 5584 AudioEndpointBuilder - ok
    23:58:28.0525 5584 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    23:58:28.0580 5584 Audiosrv - ok
    23:58:28.0654 5584 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    23:58:28.0674 5584 avast! Antivirus - ok
    23:58:28.0713 5584 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
    23:58:28.0852 5584 BCM43XV - ok
    23:58:28.0915 5584 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    23:58:28.0982 5584 Beep - ok
    23:58:29.0050 5584 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    23:58:29.0117 5584 BFE - ok
    23:58:29.0202 5584 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
    23:58:29.0340 5584 BITS - ok
    23:58:29.0349 5584 blbdrive - ok
    23:58:29.0455 5584 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:58:29.0485 5584 Bonjour Service - ok
    23:58:29.0530 5584 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    23:58:29.0573 5584 bowser - ok
    23:58:29.0604 5584 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    23:58:29.0650 5584 BrFiltLo - ok
    23:58:29.0674 5584 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    23:58:29.0762 5584 BrFiltUp - ok
    23:58:29.0815 5584 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    23:58:29.0895 5584 Browser - ok
    23:58:29.0929 5584 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    23:58:30.0000 5584 Brserid - ok
    23:58:30.0028 5584 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    23:58:30.0098 5584 BrSerWdm - ok
    23:58:30.0136 5584 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    23:58:30.0219 5584 BrUsbMdm - ok
    23:58:30.0253 5584 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    23:58:30.0336 5584 BrUsbSer - ok
    23:58:30.0382 5584 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    23:58:30.0476 5584 BTHMODEM - ok
    23:58:30.0547 5584 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
    23:58:30.0580 5584 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
    23:58:30.0580 5584 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
    23:58:30.0642 5584 catchme - ok
    23:58:30.0652 5584 CBTNDIS4 - ok
    23:58:30.0727 5584 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    23:58:30.0791 5584 cdfs - ok
    23:58:30.0870 5584 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    23:58:30.0932 5584 cdrom - ok
    23:58:30.0994 5584 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    23:58:31.0081 5584 CertPropSvc - ok
    23:58:31.0119 5584 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
    23:58:31.0212 5584 circlass - ok
    23:58:31.0255 5584 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    23:58:31.0308 5584 CLFS - ok
    23:58:31.0423 5584 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:58:31.0444 5584 clr_optimization_v2.0.50727_32 - ok
    23:58:31.0513 5584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:58:31.0537 5584 clr_optimization_v4.0.30319_32 - ok
    23:58:31.0593 5584 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    23:58:31.0648 5584 CmBatt - ok
    23:58:31.0676 5584 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    23:58:31.0695 5584 cmdide - ok
    23:58:31.0741 5584 [ 2E39F9C51912F4F211B0334AED33E7BD ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
    23:58:31.0783 5584 CnxtHdAudService - ok
    23:58:31.0900 5584 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    23:58:31.0922 5584 Com4QLBEx - ok
    23:58:31.0940 5584 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    23:58:31.0962 5584 Compbatt - ok
    23:58:31.0978 5584 COMSysApp - ok
    23:58:31.0997 5584 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    23:58:32.0017 5584 crcdisk - ok
    23:58:32.0044 5584 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    23:58:32.0130 5584 Crusoe - ok
    23:58:32.0205 5584 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    23:58:32.0243 5584 CryptSvc - ok
    23:58:32.0318 5584 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    23:58:32.0413 5584 DcomLaunch - ok
    23:58:32.0452 5584 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    23:58:32.0493 5584 DfsC - ok
    23:58:32.0602 5584 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    23:58:32.0816 5584 DFSR - ok
    23:58:32.0898 5584 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    23:58:32.0936 5584 Dhcp - ok
    23:58:32.0986 5584 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    23:58:33.0009 5584 disk - ok
    23:58:33.0067 5584 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    23:58:33.0128 5584 Dnscache - ok
    23:58:33.0178 5584 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    23:58:33.0234 5584 dot3svc - ok
    23:58:33.0299 5584 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    23:58:33.0358 5584 DPS - ok
    23:58:33.0403 5584 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    23:58:33.0437 5584 drmkaud - ok
    23:58:33.0505 5584 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    23:58:33.0561 5584 DXGKrnl - ok
    23:58:33.0686 5584 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
    23:58:33.0841 5584 E100B - ok
    23:58:33.0890 5584 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    23:58:34.0076 5584 E1G60 - ok
    23:58:34.0138 5584 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    23:58:34.0178 5584 EapHost - ok
    23:58:34.0240 5584 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    23:58:34.0276 5584 Ecache - ok
    23:58:34.0355 5584 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    23:58:34.0390 5584 ehRecvr - ok
    23:58:34.0437 5584 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    23:58:34.0505 5584 ehSched - ok
    23:58:34.0512 5584 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    23:58:34.0560 5584 ehstart - ok
    23:58:34.0636 5584 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
    23:58:34.0667 5584 elxstor - ok
    23:58:34.0740 5584 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    23:58:34.0844 5584 EMDMgmt - ok
    23:58:34.0915 5584 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    23:58:34.0965 5584 EventSystem - ok
    23:58:35.0011 5584 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    23:58:35.0088 5584 exfat - ok
    23:58:35.0129 5584 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    23:58:35.0171 5584 fastfat - ok
    23:58:35.0225 5584 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    23:58:35.0303 5584 fdc - ok
    23:58:35.0360 5584 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    23:58:35.0403 5584 fdPHost - ok
    23:58:35.0443 5584 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    23:58:35.0533 5584 FDResPub - ok
    23:58:35.0602 5584 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    23:58:35.0629 5584 FileInfo - ok
    23:58:35.0726 5584 [ 6E84E7C7062058BE9B8D5495D923DA8C ] FilesystemWatcher C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
    23:58:35.0760 5584 FilesystemWatcher ( UnsignedFile.Multi.Generic ) - warning
    23:58:35.0760 5584 FilesystemWatcher - detected UnsignedFile.Multi.Generic (1)
    23:58:35.0806 5584 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    23:58:35.0848 5584 Filetrace - ok
    23:58:35.0880 5584 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    23:58:35.0965 5584 flpydisk - ok
    23:58:36.0008 5584 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    23:58:36.0042 5584 FltMgr - ok
    23:58:36.0128 5584 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    23:58:36.0214 5584 FontCache - ok
    23:58:36.0301 5584 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    23:58:36.0325 5584 FontCache3.0.0.0 - ok
    23:58:36.0367 5584 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    23:58:36.0435 5584 Fs_Rec - ok
    23:58:36.0469 5584 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    23:58:36.0496 5584 gagp30kx - ok
    23:58:36.0512 5584 GamesAppService - ok
    23:58:36.0560 5584 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
    23:58:36.0580 5584 GEARAspiWDM - ok
    23:58:36.0644 5584 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    23:58:36.0721 5584 gpsvc - ok
    23:58:36.0874 5584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    23:58:36.0898 5584 gupdate - ok
    23:58:36.0907 5584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    23:58:36.0933 5584 gupdatem - ok
    23:58:36.0993 5584 [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
    23:58:37.0011 5584 HBtnKey - ok
    23:58:37.0056 5584 [ A1BE5A64DDCB0880301CF860BE3F0A07 ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
    23:58:37.0095 5584 HdAudAddService - ok
    23:58:37.0160 5584 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    23:58:37.0285 5584 HDAudBus - ok
    23:58:37.0308 5584 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    23:58:37.0384 5584 HidBth - ok
    23:58:37.0414 5584 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    23:58:37.0543 5584 HidIr - ok
    23:58:37.0588 5584 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
    23:58:37.0681 5584 hidserv - ok
    23:58:37.0776 5584 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    23:58:37.0857 5584 HidUsb - ok
    23:58:37.0936 5584 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    23:58:38.0053 5584 hkmsvc - ok
    23:58:38.0164 5584 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    23:58:38.0200 5584 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
    23:58:38.0200 5584 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
    23:58:38.0238 5584 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    23:58:38.0261 5584 HpCISSs - ok
    23:58:38.0326 5584 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    23:58:38.0356 5584 HpqKbFiltr - ok
    23:58:38.0427 5584 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    23:58:38.0455 5584 hpqwmiex - ok
    23:58:38.0504 5584 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    23:58:38.0569 5584 HSFHWAZL - ok
    23:58:38.0638 5584 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
    23:58:38.0717 5584 HSF_DPV - ok
    23:58:38.0801 5584 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    23:58:38.0829 5584 HSXHWAZL - ok
    23:58:38.0877 5584 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    23:58:38.0964 5584 HTTP - ok
    23:58:39.0003 5584 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    23:58:39.0021 5584 i2omp - ok
    23:58:39.0089 5584 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    23:58:39.0175 5584 i8042prt - ok
    23:58:39.0243 5584 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    23:58:39.0300 5584 IAANTMON - ok
    23:58:39.0448 5584 [ 9378D57E2B96C0A185D844770AD49948 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
    23:58:39.0626 5584 ialm - ok
    23:58:39.0664 5584 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    23:58:39.0695 5584 iaStor - ok
    23:58:39.0727 5584 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    23:58:39.0759 5584 iaStorV - ok
    23:58:39.0846 5584 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    23:58:39.0872 5584 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    23:58:39.0872 5584 IDriverT - detected UnsignedFile.Multi.Generic (1)
    23:58:39.0950 5584 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:58:40.0030 5584 idsvc - ok
    23:58:40.0150 5584 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    23:58:40.0288 5584 igfx - ok
    23:58:40.0340 5584 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    23:58:40.0362 5584 iirsp - ok
    23:58:40.0415 5584 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    23:58:40.0509 5584 IKEEXT - ok
    23:58:40.0597 5584 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
    23:58:40.0626 5584 intelide - ok
    23:58:40.0647 5584 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    23:58:40.0708 5584 intelppm - ok
    23:58:40.0780 5584 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    23:58:40.0827 5584 IPBusEnum - ok
    23:58:40.0865 5584 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:58:40.0916 5584 IpFilterDriver - ok
    23:58:40.0960 5584 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    23:58:41.0009 5584 iphlpsvc - ok
    23:58:41.0018 5584 IpInIp - ok
    23:58:41.0050 5584 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    23:58:41.0139 5584 IPMIDRV - ok
    23:58:41.0196 5584 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    23:58:41.0260 5584 IPNAT - ok
    23:58:41.0329 5584 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:58:41.0376 5584 iPod Service - ok
    23:58:41.0416 5584 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    23:58:41.0460 5584 IRENUM - ok
    23:58:41.0483 5584 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    23:58:41.0507 5584 isapnp - ok
    23:58:41.0574 5584 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    23:58:41.0607 5584 iScsiPrt - ok
    23:58:41.0624 5584 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    23:58:41.0650 5584 iteatapi - ok
    23:58:41.0690 5584 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    23:58:41.0712 5584 iteraid - ok
    23:58:41.0760 5584 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    23:58:41.0785 5584 kbdclass - ok
    23:58:41.0837 5584 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    23:58:41.0878 5584 kbdhid - ok
    23:58:41.0930 5584 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    23:58:41.0967 5584 KeyIso - ok
    23:58:42.0093 5584 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    23:58:42.0149 5584 Kodak AiO Network Discovery Service - ok
    23:58:42.0216 5584 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    23:58:42.0300 5584 Kodak AiO Status Monitor Service - ok
    23:58:42.0369 5584 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    23:58:42.0415 5584 KSecDD - ok
    23:58:42.0484 5584 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    23:58:42.0579 5584 KtmRm - ok
    23:58:42.0633 5584 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
    23:58:42.0678 5584 LanmanServer - ok
    23:58:42.0744 5584 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    23:58:42.0801 5584 LanmanWorkstation - ok
    23:58:42.0855 5584 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    23:58:42.0912 5584 lltdio - ok
    23:58:42.0959 5584 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    23:58:43.0042 5584 lltdsvc - ok
    23:58:43.0075 5584 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    23:58:43.0145 5584 lmhosts - ok
    23:58:43.0216 5584 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    23:58:43.0239 5584 LSI_FC - ok
    23:58:43.0265 5584 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    23:58:43.0290 5584 LSI_SAS - ok
    23:58:43.0326 5584 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    23:58:43.0348 5584 LSI_SCSI - ok
    23:58:43.0403 5584 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    23:58:43.0455 5584 luafv - ok
    23:58:43.0503 5584 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    23:58:43.0546 5584 Mcx2Svc - ok
    23:58:43.0586 5584 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    23:58:43.0629 5584 mdmxsdk - ok
    23:58:43.0680 5584 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
    23:58:43.0705 5584 megasas - ok
    23:58:43.0813 5584 Microsoft SharePoint Workspace Audit Service - ok
    23:58:43.0851 5584 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    23:58:43.0909 5584 MMCSS - ok
    23:58:43.0955 5584 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    23:58:44.0018 5584 Modem - ok
    23:58:44.0081 5584 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    23:58:44.0168 5584 monitor - ok
    23:58:44.0200 5584 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    23:58:44.0236 5584 mouclass - ok
    23:58:44.0294 5584 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    23:58:44.0354 5584 mouhid - ok
    23:58:44.0402 5584 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    23:58:44.0425 5584 MountMgr - ok
    23:58:44.0481 5584 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
    23:58:44.0505 5584 mpio - ok
    23:58:44.0558 5584 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    23:58:44.0618 5584 mpsdrv - ok
    23:58:44.0673 5584 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    23:58:44.0754 5584 MpsSvc - ok
    23:58:44.0789 5584 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    23:58:44.0813 5584 Mraid35x - ok
    23:58:44.0863 5584 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    23:58:44.0906 5584 MRxDAV - ok
    23:58:44.0946 5584 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:58:44.0990 5584 mrxsmb - ok
    23:58:45.0046 5584 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:58:45.0079 5584 mrxsmb10 - ok
    23:58:45.0092 5584 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:58:45.0117 5584 mrxsmb20 - ok
    23:58:45.0155 5584 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
    23:58:45.0183 5584 msahci - ok
    23:58:45.0207 5584 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    23:58:45.0230 5584 msdsm - ok
    23:58:45.0284 5584 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    23:58:45.0367 5584 MSDTC - ok
    23:58:45.0406 5584 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    23:58:45.0462 5584 Msfs - ok
    23:58:45.0495 5584 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    23:58:45.0523 5584 msisadrv - ok
    23:58:45.0570 5584 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    23:58:45.0621 5584 MSiSCSI - ok
    23:58:45.0636 5584 msiserver - ok
    23:58:45.0710 5584 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    23:58:45.0781 5584 MSKSSRV - ok
    23:58:45.0826 5584 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    23:58:45.0874 5584 MSPCLOCK - ok
    23:58:45.0899 5584 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    23:58:45.0957 5584 MSPQM - ok
    23:58:46.0009 5584 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    23:58:46.0046 5584 MsRPC - ok
    23:58:46.0066 5584 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    23:58:46.0094 5584 mssmbios - ok
    23:58:46.0106 5584 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    23:58:46.0174 5584 MSTEE - ok
    23:58:46.0211 5584 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    23:58:46.0243 5584 Mup - ok
    23:58:46.0305 5584 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    23:58:46.0372 5584 napagent - ok
    23:58:46.0431 5584 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    23:58:46.0478 5584 NativeWifiP - ok
    23:58:46.0520 5584 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    23:58:46.0565 5584 NDIS - ok
    23:58:46.0622 5584 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    23:58:46.0666 5584 NdisTapi - ok
    23:58:46.0715 5584 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    23:58:46.0760 5584 Ndisuio - ok
    23:58:46.0807 5584 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    23:58:46.0872 5584 NdisWan - ok
    23:58:46.0910 5584 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    23:58:46.0948 5584 NDProxy - ok
    23:58:46.0974 5584 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    23:58:47.0032 5584 NetBIOS - ok
    23:58:47.0073 5584 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    23:58:47.0110 5584 netbt - ok
  18. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    23:58:47.0131 5584 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    23:58:47.0156 5584 Netlogon - ok
    23:58:47.0220 5584 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    23:58:47.0304 5584 Netman - ok
    23:58:47.0351 5584 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    23:58:47.0422 5584 netprofm - ok
    23:58:47.0461 5584 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:58:47.0482 5584 NetTcpPortSharing - ok
    23:58:47.0521 5584 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    23:58:47.0543 5584 nfrd960 - ok
    23:58:47.0600 5584 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    23:58:47.0659 5584 NlaSvc - ok
    23:58:47.0708 5584 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    23:58:47.0747 5584 Npfs - ok
    23:58:47.0787 5584 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    23:58:47.0876 5584 nsi - ok
    23:58:47.0940 5584 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    23:58:48.0002 5584 nsiproxy - ok
    23:58:48.0081 5584 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    23:58:48.0196 5584 Ntfs - ok
    23:58:48.0304 5584 [ A7DFF9642D510BE1EEC6664CD0369953 ] NtmsSvc C:\Windows\system32\ntmssvc.dll
    23:58:48.0372 5584 NtmsSvc - ok
    23:58:48.0398 5584 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    23:58:48.0483 5584 ntrigdigi - ok
    23:58:48.0544 5584 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    23:58:48.0584 5584 Null - ok
    23:58:48.0609 5584 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
    23:58:48.0631 5584 nvraid - ok
    23:58:48.0660 5584 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
    23:58:48.0680 5584 nvstor - ok
    23:58:48.0709 5584 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    23:58:48.0734 5584 nv_agp - ok
    23:58:48.0748 5584 NwlnkFlt - ok
    23:58:48.0757 5584 NwlnkFwd - ok
    23:58:48.0836 5584 [ 7AF6EC0EA4261ECF7DA084103BE31EA8 ] odysseyIM4 C:\Windows\system32\DRIVERS\odysseyIM4.sys
    23:58:48.0897 5584 odysseyIM4 - ok
    23:58:48.0942 5584 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    23:58:49.0013 5584 ohci1394 - ok
    23:58:49.0058 5584 [ 6987D81234166F87CD2F360E7E5F4202 ] OnlineBackupSchedulerService C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
    23:58:49.0101 5584 OnlineBackupSchedulerService ( UnsignedFile.Multi.Generic ) - warning
    23:58:49.0101 5584 OnlineBackupSchedulerService - detected UnsignedFile.Multi.Generic (1)
    23:58:49.0197 5584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:58:49.0223 5584 ose - ok
    23:58:49.0468 5584 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    23:58:50.0173 5584 osppsvc - ok
    23:58:50.0280 5584 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    23:58:50.0401 5584 p2pimsvc - ok
    23:58:50.0449 5584 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    23:58:50.0511 5584 p2psvc - ok
    23:58:50.0580 5584 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    23:58:50.0647 5584 Parport - ok
    23:58:50.0699 5584 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    23:58:50.0730 5584 partmgr - ok
    23:58:50.0751 5584 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    23:58:50.0832 5584 Parvdm - ok
    23:58:50.0878 5584 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    23:58:50.0923 5584 PcaSvc - ok
    23:58:50.0973 5584 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    23:58:51.0003 5584 pci - ok
    23:58:51.0024 5584 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
    23:58:51.0044 5584 pciide - ok
    23:58:51.0073 5584 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    23:58:51.0096 5584 pcmcia - ok
    23:58:51.0157 5584 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    23:58:51.0386 5584 PEAUTH - ok
    23:58:51.0502 5584 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    23:58:51.0668 5584 pla - ok
    23:58:51.0726 5584 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    23:58:51.0794 5584 PlugPlay - ok
    23:58:51.0836 5584 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    23:58:51.0883 5584 PNRPAutoReg - ok
    23:58:51.0925 5584 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    23:58:51.0975 5584 PNRPsvc - ok
    23:58:52.0016 5584 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    23:58:52.0106 5584 PolicyAgent - ok
    23:58:52.0163 5584 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    23:58:52.0233 5584 PptpMiniport - ok
    23:58:52.0275 5584 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
    23:58:52.0372 5584 Processor - ok
    23:58:52.0432 5584 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    23:58:52.0492 5584 ProfSvc - ok
    23:58:52.0520 5584 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    23:58:52.0544 5584 ProtectedStorage - ok
    23:58:52.0596 5584 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    23:58:52.0646 5584 PSched - ok
    23:58:52.0698 5584 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    23:58:52.0780 5584 ql2300 - ok
    23:58:52.0846 5584 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    23:58:52.0868 5584 ql40xx - ok
    23:58:52.0918 5584 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    23:58:52.0968 5584 QWAVE - ok
    23:58:53.0015 5584 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    23:58:53.0059 5584 QWAVEdrv - ok
    23:58:53.0095 5584 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    23:58:53.0150 5584 RasAcd - ok
    23:58:53.0216 5584 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    23:58:53.0281 5584 RasAuto - ok
    23:58:53.0332 5584 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:58:53.0378 5584 Rasl2tp - ok
    23:58:53.0405 5584 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    23:58:53.0465 5584 RasMan - ok
    23:58:53.0513 5584 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    23:58:53.0566 5584 RasPppoe - ok
    23:58:53.0618 5584 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    23:58:53.0671 5584 RasSstp - ok
    23:58:53.0725 5584 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    23:58:53.0768 5584 rdbss - ok
    23:58:53.0820 5584 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:58:53.0869 5584 RDPCDD - ok
    23:58:53.0914 5584 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    23:58:54.0005 5584 rdpdr - ok
    23:58:54.0014 5584 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    23:58:54.0057 5584 RDPENCDD - ok
    23:58:54.0109 5584 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    23:58:54.0142 5584 RDPWD - ok
    23:58:54.0210 5584 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    23:58:54.0267 5584 RemoteAccess - ok
    23:58:54.0317 5584 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    23:58:54.0383 5584 RemoteRegistry - ok
    23:58:54.0479 5584 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    23:58:54.0505 5584 RichVideo - ok
    23:58:54.0556 5584 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
    23:58:54.0583 5584 RimUsb - ok
    23:58:54.0636 5584 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
    23:58:54.0682 5584 RimVSerPort - ok
    23:58:54.0732 5584 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    23:58:54.0775 5584 ROOTMODEM - ok
    23:58:54.0801 5584 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    23:58:54.0837 5584 RpcLocator - ok
    23:58:54.0904 5584 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    23:58:54.0951 5584 RpcSs - ok
    23:58:54.0997 5584 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    23:58:55.0051 5584 rspndr - ok
    23:58:55.0099 5584 [ 5C5612756B380BCEDBF566A780FF9AFE ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
    23:58:55.0179 5584 RTL8023xp - ok
    23:58:55.0211 5584 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    23:58:55.0238 5584 SamSs - ok
    23:58:55.0298 5584 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    23:58:55.0326 5584 sbp2port - ok
    23:58:55.0391 5584 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    23:58:55.0442 5584 SCardSvr - ok
    23:58:55.0509 5584 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    23:58:55.0644 5584 Schedule - ok
    23:58:55.0660 5584 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    23:58:55.0703 5584 SCPolicySvc - ok
    23:58:55.0754 5584 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    23:58:55.0805 5584 SDRSVC - ok
    23:58:55.0827 5584 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    23:58:55.0906 5584 secdrv - ok
    23:58:55.0950 5584 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    23:58:56.0009 5584 seclogon - ok
    23:58:56.0025 5584 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
    23:58:56.0092 5584 SENS - ok
    23:58:56.0121 5584 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    23:58:56.0211 5584 Serenum - ok
    23:58:56.0256 5584 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    23:58:56.0345 5584 Serial - ok
    23:58:56.0392 5584 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    23:58:56.0438 5584 sermouse - ok
    23:58:56.0501 5584 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    23:58:56.0553 5584 SessionEnv - ok
    23:58:56.0581 5584 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    23:58:56.0664 5584 sffdisk - ok
    23:58:56.0690 5584 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    23:58:56.0766 5584 sffp_mmc - ok
    23:58:56.0803 5584 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    23:58:56.0881 5584 sffp_sd - ok
    23:58:56.0899 5584 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    23:58:56.0972 5584 sfloppy - ok
    23:58:56.0999 5584 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    23:58:57.0048 5584 SharedAccess - ok
    23:58:57.0109 5584 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    23:58:57.0166 5584 ShellHWDetection - ok
    23:58:57.0206 5584 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    23:58:57.0234 5584 sisagp - ok
    23:58:57.0244 5584 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    23:58:57.0283 5584 SiSRaid2 - ok
    23:58:57.0310 5584 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    23:58:57.0345 5584 SiSRaid4 - ok
    23:58:57.0514 5584 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    23:58:57.0841 5584 slsvc - ok
    23:58:57.0893 5584 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    23:58:57.0956 5584 SLUINotify - ok
    23:58:58.0009 5584 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    23:58:58.0054 5584 Smb - ok
    23:58:58.0113 5584 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    23:58:58.0142 5584 SNMPTRAP - ok
    23:58:58.0192 5584 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    23:58:58.0218 5584 spldr - ok
    23:58:58.0288 5584 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    23:58:58.0335 5584 Spooler - ok
    23:58:58.0389 5584 sprtsvc_verizondm - ok
    23:58:58.0445 5584 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    23:58:58.0493 5584 srv - ok
    23:58:58.0545 5584 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    23:58:58.0597 5584 srv2 - ok
    23:58:58.0632 5584 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    23:58:58.0676 5584 srvnet - ok
    23:58:58.0722 5584 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
    23:58:58.0772 5584 sscdbus - ok
    23:58:58.0811 5584 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
    23:58:58.0848 5584 sscdmdfl - ok
    23:58:58.0878 5584 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
    23:58:58.0916 5584 sscdmdm - ok
    23:58:58.0967 5584 [ 751E66EB32EFA80633B80F5D7FF0A1D8 ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
    23:58:58.0998 5584 sscdserd - ok
    23:58:59.0046 5584 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    23:58:59.0100 5584 SSDPSRV - ok
    23:58:59.0153 5584 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    23:58:59.0193 5584 SstpSvc - ok
    23:58:59.0251 5584 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    23:58:59.0313 5584 StillCam - ok
    23:58:59.0392 5584 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    23:58:59.0474 5584 stisvc - ok
    23:58:59.0507 5584 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    23:58:59.0533 5584 swenum - ok
    23:58:59.0595 5584 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    23:58:59.0670 5584 swprv - ok
    23:58:59.0701 5584 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    23:58:59.0725 5584 Symc8xx - ok
    23:58:59.0746 5584 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    23:58:59.0784 5584 Sym_hi - ok
    23:58:59.0806 5584 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    23:58:59.0836 5584 Sym_u3 - ok
    23:58:59.0893 5584 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    23:59:00.0003 5584 SysMain - ok
    23:59:00.0027 5584 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    23:59:00.0063 5584 TabletInputService - ok
    23:59:00.0114 5584 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    23:59:00.0179 5584 TapiSrv - ok
    23:59:00.0230 5584 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    23:59:00.0293 5584 TBS - ok
    23:59:00.0365 5584 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    23:59:00.0479 5584 Tcpip - ok
    23:59:00.0534 5584 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    23:59:00.0631 5584 Tcpip6 - ok
    23:59:00.0682 5584 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    23:59:00.0714 5584 tcpipreg - ok
    23:59:00.0760 5584 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    23:59:00.0838 5584 TDPIPE - ok
    23:59:00.0888 5584 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    23:59:00.0941 5584 TDTCP - ok
    23:59:00.0979 5584 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    23:59:01.0034 5584 tdx - ok
    23:59:01.0218 5584 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    23:59:01.0467 5584 TeamViewer8 - ok
    23:59:01.0508 5584 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    23:59:01.0534 5584 TermDD - ok
    23:59:01.0568 5584 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    23:59:01.0665 5584 TermService - ok
    23:59:01.0671 5584 tgsrvc_verizondm - ok
    23:59:01.0709 5584 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    23:59:01.0747 5584 Themes - ok
    23:59:01.0764 5584 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    23:59:01.0813 5584 THREADORDER - ok
    23:59:01.0876 5584 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    23:59:01.0938 5584 TrkWks - ok
    23:59:02.0009 5584 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    23:59:02.0065 5584 TrustedInstaller - ok
    23:59:02.0114 5584 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:59:02.0159 5584 tssecsrv - ok
    23:59:02.0204 5584 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    23:59:02.0259 5584 tunmp - ok
    23:59:02.0273 5584 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    23:59:02.0312 5584 tunnel - ok
    23:59:02.0352 5584 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    23:59:02.0380 5584 uagp35 - ok
    23:59:02.0402 5584 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    23:59:02.0452 5584 udfs - ok
    23:59:02.0509 5584 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    23:59:02.0560 5584 UI0Detect - ok
    23:59:02.0587 5584 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    23:59:02.0608 5584 uliagpkx - ok
    23:59:02.0659 5584 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
    23:59:02.0692 5584 uliahci - ok
    23:59:02.0713 5584 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    23:59:02.0736 5584 UlSata - ok
    23:59:02.0768 5584 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    23:59:02.0793 5584 ulsata2 - ok
    23:59:02.0846 5584 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    23:59:02.0906 5584 umbus - ok
    23:59:02.0954 5584 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    23:59:03.0010 5584 upnphost - ok
    23:59:03.0071 5584 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    23:59:03.0106 5584 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
    23:59:03.0106 5584 USBAAPL - detected UnsignedFile.Multi.Generic (1)
    23:59:03.0147 5584 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    23:59:03.0204 5584 usbccgp - ok
    23:59:03.0248 5584 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    23:59:03.0330 5584 usbcir - ok
    23:59:03.0410 5584 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    23:59:03.0454 5584 usbehci - ok
    23:59:03.0479 5584 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    23:59:03.0536 5584 usbhub - ok
    23:59:03.0563 5584 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
    23:59:03.0653 5584 usbohci - ok
    23:59:03.0684 5584 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
    23:59:03.0768 5584 usbprint - ok
    23:59:03.0789 5584 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:59:03.0826 5584 USBSTOR - ok
    23:59:03.0874 5584 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    23:59:03.0908 5584 usbuhci - ok
    23:59:03.0968 5584 [ 46F3A2912EF88CD8E87D4F9B304CD949 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    23:59:04.0006 5584 usbvideo - ok
    23:59:04.0062 5584 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    23:59:04.0102 5584 UxSms - ok
    23:59:04.0155 5584 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    23:59:04.0261 5584 vds - ok
    23:59:04.0313 5584 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    23:59:04.0380 5584 vga - ok
    23:59:04.0456 5584 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    23:59:04.0502 5584 VgaSave - ok
    23:59:04.0530 5584 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
    23:59:04.0551 5584 viaagp - ok
    23:59:04.0573 5584 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    23:59:04.0651 5584 ViaC7 - ok
    23:59:04.0680 5584 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
    23:59:04.0702 5584 viaide - ok
    23:59:04.0727 5584 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    23:59:04.0751 5584 volmgr - ok
    23:59:04.0802 5584 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    23:59:04.0868 5584 volmgrx - ok
    23:59:04.0917 5584 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
    23:59:04.0954 5584 volsnap - ok
    23:59:05.0007 5584 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    23:59:05.0035 5584 vsmraid - ok
    23:59:05.0131 5584 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    23:59:05.0243 5584 VSS - ok
    23:59:05.0294 5584 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    23:59:05.0377 5584 W32Time - ok
    23:59:05.0411 5584 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    23:59:05.0477 5584 WacomPen - ok
    23:59:05.0528 5584 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    23:59:05.0566 5584 Wanarp - ok
    23:59:05.0572 5584 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    23:59:05.0611 5584 Wanarpv6 - ok
    23:59:05.0651 5584 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    23:59:05.0718 5584 wcncsvc - ok
    23:59:05.0741 5584 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    23:59:05.0799 5584 WcsPlugInService - ok
    23:59:05.0827 5584 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
    23:59:05.0850 5584 Wd - ok
    23:59:05.0923 5584 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    23:59:05.0999 5584 Wdf01000 - ok
    23:59:06.0047 5584 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    23:59:06.0104 5584 WdiServiceHost - ok
    23:59:06.0111 5584 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    23:59:06.0164 5584 WdiSystemHost - ok
    23:59:06.0214 5584 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    23:59:06.0263 5584 WebClient - ok
    23:59:06.0310 5584 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    23:59:06.0343 5584 Wecsvc - ok
    23:59:06.0382 5584 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    23:59:06.0429 5584 wercplsupport - ok
    23:59:06.0482 5584 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    23:59:06.0541 5584 WerSvc - ok
    23:59:06.0618 5584 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    23:59:06.0691 5584 winachsf - ok
    23:59:06.0789 5584 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    23:59:06.0819 5584 WinDefend - ok
    23:59:06.0829 5584 WinHttpAutoProxySvc - ok
    23:59:06.0882 5584 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    23:59:06.0920 5584 Winmgmt - ok
    23:59:07.0007 5584 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    23:59:07.0166 5584 WinRM - ok
    23:59:07.0234 5584 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    23:59:07.0315 5584 Wlansvc - ok
    23:59:07.0372 5584 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    23:59:07.0421 5584 WmiAcpi - ok
    23:59:07.0469 5584 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    23:59:07.0530 5584 wmiApSrv - ok
    23:59:07.0621 5584 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    23:59:07.0717 5584 WMPNetworkSvc - ok
    23:59:07.0746 5584 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    23:59:07.0783 5584 WPCSvc - ok
    23:59:07.0838 5584 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    23:59:07.0875 5584 WPDBusEnum - ok
    23:59:07.0934 5584 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    23:59:07.0974 5584 WpdUsb - ok
    23:59:08.0098 5584 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    23:59:08.0173 5584 WPFFontCache_v0400 - ok
    23:59:08.0239 5584 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    23:59:08.0293 5584 ws2ifsl - ok
    23:59:08.0339 5584 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
    23:59:08.0384 5584 wscsvc - ok
    23:59:08.0434 5584 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    23:59:08.0473 5584 WSDPrintDevice - ok
    23:59:08.0481 5584 WSearch - ok
    23:59:08.0609 5584 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    23:59:08.0781 5584 wuauserv - ok
    23:59:08.0855 5584 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    23:59:08.0889 5584 WudfPf - ok
    23:59:08.0932 5584 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:59:08.0975 5584 WUDFRd - ok
    23:59:09.0026 5584 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    23:59:09.0074 5584 wudfsvc - ok
    23:59:09.0123 5584 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
    23:59:09.0169 5584 XAudio - ok
    23:59:09.0219 5584 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
    23:59:09.0278 5584 XAudioService - ok
    23:59:09.0308 5584 ================ Scan global ===============================
    23:59:09.0370 5584 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    23:59:09.0421 5584 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    23:59:09.0466 5584 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    23:59:09.0524 5584 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    23:59:09.0547 5584 [Global] - ok
    23:59:09.0551 5584 ================ Scan MBR ==================================
    23:59:09.0562 5584 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
    23:59:10.0123 5584 \Device\Harddisk0\DR0 - ok
    23:59:10.0124 5584 ================ Scan VBR ==================================
    23:59:10.0129 5584 [ 39D6ADC2B237E7335DEADCB7A6DA20B7 ] \Device\Harddisk0\DR0\Partition1
    23:59:10.0131 5584 \Device\Harddisk0\DR0\Partition1 - ok
    23:59:10.0138 5584 [ CB113A9AF4407F94DC21A30211DC1F5A ] \Device\Harddisk0\DR0\Partition2
    23:59:10.0141 5584 \Device\Harddisk0\DR0\Partition2 - ok
    23:59:10.0145 5584 ============================================================
    23:59:10.0145 5584 Scan finished
    23:59:10.0145 5584 ============================================================
    23:59:10.0173 4752 Detected object count: 6
    23:59:10.0173 4752 Actual detected object count: 6
    00:00:28.0807 4752 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
    00:00:28.0807 4752 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    00:00:28.0808 4752 FilesystemWatcher ( UnsignedFile.Multi.Generic ) - skipped by user
    00:00:28.0808 4752 FilesystemWatcher ( UnsignedFile.Multi.Generic ) - User select action: Skip
    00:00:28.0808 4752 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
    00:00:28.0809 4752 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    00:00:28.0809 4752 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    00:00:28.0809 4752 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    00:00:28.0810 4752 OnlineBackupSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
    00:00:28.0810 4752 OnlineBackupSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    00:00:28.0811 4752 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
    00:00:28.0811 4752 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
    00:02:08.0387 5436 Deinitialize success
  19. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    OTL logfile created on: 1/20/2013 12:06:08 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\erica\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.64% Memory free
    4.21 Gb Paging File | 2.85 Gb Available in Paging File | 67.57% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 100.14 Gb Total Space | 33.24 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
    Drive D: | 11.64 Gb Total Space | 1.50 Gb Free Space | 12.91% Space Free | Partition Type: NTFS

    Computer Name: ERICA-PC | User Name: erica | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/20 00:03:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\erica\Desktop\OTL.exe
    PRC - [2012/12/14 04:17:04 | 004,103,672 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe
    PRC - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2012/12/14 04:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
    PRC - [2012/12/14 04:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    PRC - [2012/10/15 10:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    PRC - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/24 03:05:36 | 002,498,048 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
    PRC - [2011/12/05 07:34:56 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
    PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
    PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
    PRC - [2011/11/02 01:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2010/02/10 19:11:00 | 000,020,480 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
    PRC - [2010/02/10 19:10:50 | 000,233,472 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
    PRC - [2010/02/10 16:20:56 | 000,028,672 | ---- | M] (DigiData Corp.) -- C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe
    PRC - [2010/02/02 20:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) -- C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/10/03 18:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/10 05:14:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/10 05:14:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
    MOD - [2013/01/10 05:14:03 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
    MOD - [2013/01/10 05:13:33 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
    MOD - [2013/01/10 05:13:19 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
    MOD - [2013/01/10 05:12:09 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
    MOD - [2013/01/10 05:11:59 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
    MOD - [2012/07/24 03:05:36 | 002,633,216 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll
    MOD - [2012/07/24 03:05:36 | 002,498,048 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
    MOD - [2012/07/24 03:05:36 | 001,205,760 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll
    MOD - [2012/07/24 03:05:36 | 000,707,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll
    MOD - [2012/07/24 03:05:36 | 000,502,784 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
    MOD - [2012/07/24 03:05:36 | 000,485,376 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll
    MOD - [2012/07/24 03:05:36 | 000,198,144 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
    MOD - [2012/07/24 03:05:36 | 000,140,800 | ---- | M] () -- C:\Program Files\Rainlendar2\lua52.dll
    MOD - [2012/07/24 03:05:36 | 000,131,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll
    MOD - [2012/07/24 03:05:36 | 000,012,800 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll
    MOD - [2012/02/17 20:38:13 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DigiData.Vault.Problems\1.2.0.0__9020972b7d9d3317\DigiData.Vault.Problems.dll
    MOD - [2012/02/17 20:38:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DigiData.Vault.VaultExplorer.Cache.Controller\1.0.0.0__9020972b7d9d3317\DigiData.Vault.VaultExplorer.Cache.Controller.dll
    MOD - [2012/02/17 20:38:11 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DigiData.Vault.Adapter\1.0.8.0__9020972b7d9d3317\DigiData.Vault.Adapter.dll
    MOD - [2012/02/17 20:38:11 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DigiData\1.4.0.0__9020972b7d9d3317\DigiData.dll
    MOD - [2012/02/17 20:38:10 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DigiData.Vault\1.5.5.0__9020972b7d9d3317\DigiData.Vault.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/02/10 19:10:50 | 000,233,472 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
    MOD - [2010/02/10 19:10:34 | 000,036,864 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateMonitor.dll
    MOD - [2010/02/10 19:09:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.Updater.dll
    MOD - [2010/02/10 19:09:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.Controls.Buttons.dll
    MOD - [2010/02/10 19:08:32 | 000,077,824 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.Common.dll
    MOD - [2010/02/10 19:08:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.ThemeManager.dll
    MOD - [2010/02/10 16:21:10 | 001,236,992 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\DigiData.Vault.VaultExplorer.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2013/01/08 16:01:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
    SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
    SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
    SRV - [2010/02/10 19:11:00 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)
    SRV - [2010/02/02 20:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Running] -- C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\CBTNDIS4.SYS -- (CBTNDIS4)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\erica\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/10/30 18:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
    DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2008/02/27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/10/29 09:38:38 | 000,162,088 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/10/11 06:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/07/13 07:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
    DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
    DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/05/18 13:52:56 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\odysseyIM4.sys -- (odysseyIM4)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE - HKLM\..\SearchScopes\{7638F40E-6DD0-42B2-A953-26B5A65C45A9}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.com/myverizon
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\..\SearchScopes\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\..\SearchScopes\{7638F40E-6DD0-42B2-A953-26B5A65C45A9}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\..\SearchScopes\{96B8A674-8660-4733-993E-31C2A4B052BE}: "URL" = http://search.yahoo.com/?ourmark=4&p={searchTerms}
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/03/04 18:17:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\erica\AppData\Local\RewardsArcade\498\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/03/04 18:17:06 | 000,000,000 | ---D | M]

    [2012/05/26 22:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\erica\AppData\Roaming\Mozilla\Extensions
    [2012/05/26 22:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\erica\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: avast! WebRep = C:\Users\erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

    O1 HOSTS File: ([2013/01/18 00:28:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120708173044.dll File not found
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe (DigiData Corp.)
    O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
    O4 - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
    O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
    O4 - Startup: C:\Users\Ericka2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
    O4 - Startup: C:\Users\Ericka2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Create a Post-it® Note - C:\Program Files\3M\PDNotes\\PSNBookMark.html ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-4212666298-2858117090-1249056859-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1F8A0D1-0643-45EC-9DCB-C9C89CD29F3D}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqTrace.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqTrace.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/11/12 03:25:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/20 00:03:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\erica\Desktop\OTL.exe
    [2013/01/19 23:57:29 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\erica\Desktop\tdsskiller.exe
    [2013/01/18 00:32:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/18 00:31:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/18 00:28:09 | 000,000,000 | ---D | C] -- C:\Users\erica\AppData\Local\temp
    [2013/01/18 00:09:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/18 00:09:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/18 00:09:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/18 00:08:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/18 00:07:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/18 00:03:30 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\erica\Desktop\ComboFix.exe
    [2013/01/11 23:27:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/11 23:27:33 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/11 23:08:23 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\erica\Desktop\JRT.exe
    [2013/01/10 00:53:23 | 000,000,000 | ---D | C] -- C:\Users\erica\Desktop\Log Files and Toolkit
    [2013/01/09 23:57:52 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\erica\Desktop\TFC.exe
    [2013/01/09 23:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2013/01/09 23:31:50 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2013/01/09 23:31:50 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2013/01/09 23:31:47 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2013/01/09 23:31:46 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2013/01/09 23:31:42 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2013/01/09 23:31:40 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2013/01/09 23:30:08 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/01/09 23:30:07 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013/01/09 23:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/01/09 23:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/01/09 23:13:18 | 000,000,000 | ---D | C] -- C:\Users\erica\AppData\Roaming\Malwarebytes
    [2013/01/09 23:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/09 23:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/09 23:11:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/01/09 23:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/01/09 22:42:27 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/01/09 22:40:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/01/09 22:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
    [2013/01/05 23:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\1386BAB1F0076BAF00001386A73070D7
    [2012/12/28 02:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/12/28 00:03:43 | 000,000,000 | ---D | C] -- C:\Users\erica\AppData\Roaming\3M
    [2012/12/28 00:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\3M
    [2012/12/27 23:55:30 | 000,000,000 | ---D | C] -- C:\Users\erica\Desktop\Downloads
    [2012/12/27 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\erica\AppData\Roaming\GetRightToGo
    [2012/12/22 03:00:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2012/12/22 03:00:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

    ========== Files - Modified Within 30 Days ==========

    [2013/01/20 00:03:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\erica\Desktop\OTL.exe
    [2013/01/20 00:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/20 00:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/19 23:57:20 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\erica\Desktop\tdsskiller.exe
    [2013/01/19 23:49:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/19 23:48:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/19 23:12:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/19 23:12:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/18 00:28:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/01/18 00:04:03 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\erica\Desktop\ComboFix.exe
    [2013/01/17 23:46:49 | 000,001,995 | ---- | M] () -- C:\Users\erica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/17 23:33:53 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/17 23:33:53 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/15 17:31:53 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/01/11 23:08:16 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\erica\Desktop\JRT.exe
    [2013/01/11 23:05:58 | 000,554,087 | ---- | M] () -- C:\Users\erica\Desktop\adwcleaner.exe
    [2013/01/10 05:08:55 | 000,401,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/01/09 23:57:01 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\erica\Desktop\TFC.exe
    [2013/01/09 23:31:51 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/01/09 23:31:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013/01/09 23:11:29 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/09 22:23:10 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/01/08 16:01:30 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/01/08 16:01:30 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

    ========== Files Created - No Company Name ==========

    [2013/01/18 00:09:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/18 00:09:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/18 00:09:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/18 00:09:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/18 00:09:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/11 23:07:43 | 000,554,087 | ---- | C] () -- C:\Users\erica\Desktop\adwcleaner.exe
    [2013/01/09 23:31:51 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/01/09 23:11:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/09 22:23:10 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
    [2013/01/09 22:23:10 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2011/11/01 14:06:33 | 000,002,633 | ---- | C] () -- C:\Windows\ERICA-PC0061.ini
    [2011/07/22 22:42:51 | 000,000,632 | RHS- | C] () -- C:\Users\erica\ntuser.pol
    [2009/03/24 13:23:59 | 000,005,972 | ---- | C] () -- C:\Users\erica\AppData\Local\d3d9caps.dat
    [2008/04/19 01:28:01 | 000,005,120 | ---- | C] () -- C:\Users\erica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 968 bytes -> C:\ProgramData\TEMP:35E5AF34
    < End of report >
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  21. DaTBoYJoe

    DaTBoYJoe Newcomer, in training Topic Starter Posts: 26

    OK so I ran the custom fix using OTL like you said and got a blue screen so I restarted the computer and a box popped up saying the system recovered from an unexpected error and there's no log file

    I'm running the ESET online scan now
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Waiting for the scan... :)
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Get the scan done or not?
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, are you still with us? Please update us with the state of your situation, so we know how to continue from here.

    We'd still like to help. Topic marked inactive, until your return.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.