TechSpot

Win64 Patched.a virus

Solved
By eharvey650
Sep 17, 2012
  1. Hello,
    Its seems my daughter's laptop is infected with a virus. AVG warns that it has detected this win64.patched.a trojan. Normal virus removal doesn't seem to work. From the posts on this forum it seems this virus is very prevalent. Can I get help cleaning it from her computer?
     
  2. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    What Windows version is it?
     
  3. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    It's windows 7 home premium 64bit.
     
  4. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  5. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    Here are the results of the two scans.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2012 01
    Ran by SYSTEM at 19-09-2012 03:13:15
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
    HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-03] ()
    HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-03] ()
    HKU\Michelle\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
    HKU\Michelle\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3478336 2012-01-24] (DT Soft Ltd)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    ==================== Services ====================

    3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-05-30] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-03] ()

    ==================== Drivers =================================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-03] (AVG Technologies)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-01-25] (DT Soft Ltd)

    ==================== NetSvcs (Whitelisted) =================


    ==================== One Month Created Files and Folders ======================

    2012-09-14 02:09 - 2012-09-14 02:09 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-09-14 02:08 - 2012-09-14 05:46 - 00000000 ____D C:\Users\All Users\0C1CFB13E70BDBD3DB703C33F875F002
    2012-09-14 02:03 - 2012-09-14 02:03 - 00479232 ____A ( ) C:\Users\Michelle\Documents\f74de5d.exe
    2012-09-11 23:11 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-11 23:11 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-11 23:11 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-09-07 19:15 - 2012-09-14 02:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
    2012-09-03 23:06 - 2012-09-03 23:06 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys


    ==================== 3 Months Modified Files ================================

    2012-09-16 17:38 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-16 17:38 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-16 17:18 - 2011-10-08 16:42 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForMichelle.job
    2012-09-16 17:10 - 2011-10-08 16:28 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-09-16 17:02 - 2009-07-13 21:13 - 00713714 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-16 16:57 - 2011-07-17 17:02 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-16 16:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-14 05:45 - 2011-07-17 17:02 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-14 02:14 - 2012-05-26 11:59 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-14 02:14 - 2012-05-26 11:59 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-14 02:03 - 2012-09-14 02:03 - 00479232 ____A ( ) C:\Users\Michelle\Documents\f74de5d.exe
    2012-09-12 23:00 - 2011-01-08 15:39 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-10 13:58 - 2011-10-08 16:38 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-09-03 23:06 - 2012-09-03 23:06 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-31 18:47 - 2011-07-17 17:05 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-08-24 09:56 - 2009-07-13 21:08 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-22 10:12 - 2012-09-11 23:11 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-11 23:11 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-11 23:11 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-16 07:51 - 2009-07-13 20:45 - 00352672 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-25 23:21 - 2012-07-25 23:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-07-18 10:15 - 2012-08-15 13:32 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-14 09:36 - 2012-07-14 09:35 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log
    2012-07-05 18:06 - 2012-07-14 09:36 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-05 18:06 - 2012-05-26 12:03 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-05 18:06 - 2012-05-26 12:03 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-04 14:16 - 2012-08-15 13:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 13:32 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 13:32 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 13:32 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 13:32 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-06-28 20:55 - 2012-08-15 23:04 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-15 23:04 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-15 23:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-15 23:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-15 23:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-15 23:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-15 23:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-15 23:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-15 23:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-15 23:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-15 23:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-15 23:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-15 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-15 23:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-15 23:04 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-15 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-15 23:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-15 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-15 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-15 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-15 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-15 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-15 23:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-15 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-15 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-15 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-15 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-15 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-26 21:43 - 2012-07-14 09:36 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-26 21:43 - 2012-07-14 09:36 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

    ZeroAccess:
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\@
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\L
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\L\00000004.@
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\L\201d3dde
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\00000004.@
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\00000008.@
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\000000cb.@
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\80000000.@
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\80000032.@
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-08-13 14:06:50
    Restore point made on: 2012-08-15 23:00:35
    Restore point made on: 2012-08-24 11:44:50
    Restore point made on: 2012-08-31 12:54:42
    Restore point made on: 2012-09-01 12:48:18
    Restore point made on: 2012-09-08 21:02:33
    Restore point made on: 2012-09-12 23:00:25
    Restore point made on: 2012-09-16 17:13:38

    ==================== Memory info ===========================

    Percentage of memory in use: 21%
    Total physical RAM: 3002.92 MB
    Available physical RAM: 2358.3 MB
    Total Pagefile: 3001.07 MB
    Available Pagefile: 2359.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions ============================

    1 Drive c: () (Fixed) (Total:283.76 GB) (Free:215.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:14.03 GB) (Free:2.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    4 Drive g: (Sims3EP06) (CDROM) (Total:5.22 GB) (Free:0 GB) UDF
    6 Drive I: () (Removable) (Total:7.45 GB) (Free:6.34 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 7629 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 283 GB 200 MB
    Partition 3 Primary 14 GB 283 GB
    Partition 4 Primary 103 MB 297 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 283 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7629 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT32 Removable 7629 MB Healthy

    ==================================================================================

    Last Boot: 2012-09-06 16:05

    ==================== End Of Log =============================




    Farbar Recovery Scan Tool (x64) Version: 14-09-2012 01
    Ran by SYSTEM at 2012-09-19 03:16:01
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  6. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    =============================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  7. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    I ran the programs as directed. The logs are below. they are to large to upload in one post so I'll have to do it with multiple posts. Also as I was running Roguekiller, I got a popup message from AVG saying threat detected with the following message:

    File name:c:\windows\assembly\GAC_64\Desktop.ini
    Threat name:Trojan Horse Generic29.ANPX

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-09-2012 01
    Ran by SYSTEM at 2012-09-20 01:13:01 Run:2
    Running from I:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini not found.
    C:\Windows\assembly\GAC_64\Desktop.ini not found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    23:04:06.0612 3040 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    23:04:07.0065 3040 ============================================================
    23:04:07.0065 3040 Current date / time: 2012/09/19 23:04:07.0065
    23:04:07.0065 3040 SystemInfo:
    23:04:07.0065 3040
    23:04:07.0065 3040 OS Version: 6.1.7601 ServicePack: 1.0
    23:04:07.0065 3040 Product type: Workstation
    23:04:07.0065 3040 ComputerName: MICHELLE-PC
    23:04:07.0065 3040 UserName: Michelle
    23:04:07.0065 3040 Windows directory: C:\Windows
    23:04:07.0065 3040 System windows directory: C:\Windows
    23:04:07.0065 3040 Running under WOW64
    23:04:07.0065 3040 Processor architecture: Intel x64
    23:04:07.0065 3040 Number of processors: 2
    23:04:07.0065 3040 Page size: 0x1000
    23:04:07.0065 3040 Boot type: Normal boot
    23:04:07.0065 3040 ============================================================
    23:04:08.0578 3040 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:04:08.0578 3040 Drive \Device\Harddisk1\DR1 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    23:04:08.0593 3040 ============================================================
    23:04:08.0593 3040 \Device\Harddisk0\DR0:
    23:04:08.0593 3040 MBR partitions:
    23:04:08.0593 3040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    23:04:08.0593 3040 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23787800
    23:04:08.0593 3040 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x237EB800, BlocksNum 0x1C0F000
    23:04:08.0593 3040 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    23:04:08.0593 3040 \Device\Harddisk1\DR1:
    23:04:08.0593 3040 MBR partitions:
    23:04:08.0593 3040 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE6BE0
    23:04:08.0593 3040 ============================================================
    23:04:08.0609 3040 C: <-> \Device\Harddisk0\DR0\Partition2
    23:04:08.0640 3040 D: <-> \Device\Harddisk0\DR0\Partition3
    23:04:08.0656 3040 E: <-> \Device\Harddisk0\DR0\Partition4
    23:04:08.0656 3040 ============================================================
    23:04:08.0656 3040 Initialize success
    23:04:08.0656 3040 ============================================================
    23:04:15.0816 3576 ============================================================
    23:04:15.0816 3576 Scan started
    23:04:15.0816 3576 Mode: Manual;
    23:04:15.0816 3576 ============================================================
    23:04:16.0066 3576 ================ Scan system memory ========================
    23:04:16.0066 3576 System memory - ok
    23:04:16.0066 3576 ================ Scan services =============================
    23:04:16.0222 3576 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    23:04:16.0222 3576 1394ohci - ok
    23:04:16.0269 3576 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    23:04:16.0284 3576 ACPI - ok
    23:04:16.0300 3576 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    23:04:16.0300 3576 AcpiPmi - ok
    23:04:16.0425 3576 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:04:16.0425 3576 AdobeARMservice - ok
    23:04:16.0456 3576 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    23:04:16.0471 3576 adp94xx - ok
    23:04:16.0487 3576 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    23:04:16.0503 3576 adpahci - ok
    23:04:16.0534 3576 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    23:04:16.0549 3576 adpu320 - ok
    23:04:16.0581 3576 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    23:04:16.0596 3576 AeLookupSvc - ok
    23:04:16.0643 3576 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    23:04:16.0643 3576 AERTFilters - ok
    23:04:16.0690 3576 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    23:04:16.0690 3576 AFD - ok
    23:04:16.0752 3576 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
    23:04:16.0752 3576 AgereModemAudio - ok
    23:04:16.0815 3576 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    23:04:16.0830 3576 AgereSoftModem - ok
    23:04:16.0877 3576 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    23:04:16.0877 3576 agp440 - ok
    23:04:16.0924 3576 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    23:04:16.0924 3576 ALG - ok
    23:04:16.0955 3576 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    23:04:16.0955 3576 aliide - ok
    23:04:16.0986 3576 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    23:04:16.0986 3576 amdide - ok
    23:04:17.0017 3576 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    23:04:17.0017 3576 AmdK8 - ok
    23:04:17.0064 3576 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    23:04:17.0064 3576 AmdPPM - ok
    23:04:17.0111 3576 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    23:04:17.0111 3576 amdsata - ok
    23:04:17.0142 3576 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    23:04:17.0142 3576 amdsbs - ok
    23:04:17.0173 3576 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    23:04:17.0173 3576 amdxata - ok
    23:04:17.0220 3576 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    23:04:17.0220 3576 AppID - ok
    23:04:17.0267 3576 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    23:04:17.0283 3576 AppIDSvc - ok
    23:04:17.0329 3576 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    23:04:17.0329 3576 Appinfo - ok
    23:04:17.0345 3576 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    23:04:17.0345 3576 arc - ok
    23:04:17.0376 3576 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    23:04:17.0376 3576 arcsas - ok
    23:04:17.0423 3576 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    23:04:17.0423 3576 AsyncMac - ok
    23:04:17.0470 3576 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    23:04:17.0470 3576 atapi - ok
    23:04:17.0532 3576 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    23:04:17.0548 3576 athr - ok
    23:04:17.0595 3576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    23:04:17.0610 3576 AudioEndpointBuilder - ok
    23:04:17.0626 3576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    23:04:17.0626 3576 AudioSrv - ok
    23:04:17.0735 3576 [ 124D235185004F699FAF115EBD85733E ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    23:04:17.0751 3576 AVG Security Toolbar Service - ok
    23:04:17.0922 3576 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    23:04:17.0953 3576 AVGIDSAgent - ok
    23:04:18.0000 3576 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    23:04:18.0000 3576 AVGIDSDriver - ok
    23:04:18.0016 3576 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    23:04:18.0016 3576 AVGIDSFilter - ok
    23:04:18.0031 3576 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    23:04:18.0031 3576 AVGIDSHA - ok
    23:04:18.0094 3576 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    23:04:18.0094 3576 Avgldx64 - ok
    23:04:18.0109 3576 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    23:04:18.0109 3576 Avgmfx64 - ok
    23:04:18.0156 3576 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    23:04:18.0156 3576 Avgrkx64 - ok
    23:04:18.0187 3576 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    23:04:18.0187 3576 Avgtdia - ok
    23:04:18.0250 3576 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    23:04:18.0250 3576 avgtp - ok
    23:04:18.0297 3576 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    23:04:18.0297 3576 avgwd - ok
    23:04:18.0343 3576 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    23:04:18.0343 3576 AxInstSV - ok
    23:04:18.0390 3576 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    23:04:18.0406 3576 b06bdrv - ok
    23:04:18.0437 3576 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    23:04:18.0437 3576 b57nd60a - ok
    23:04:18.0484 3576 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    23:04:18.0484 3576 BDESVC - ok
    23:04:18.0499 3576 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    23:04:18.0499 3576 Beep - ok
    23:04:18.0531 3576 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    23:04:18.0531 3576 blbdrive - ok
    23:04:18.0562 3576 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    23:04:18.0577 3576 bowser - ok
    23:04:18.0593 3576 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    23:04:18.0593 3576 BrFiltLo - ok
    23:04:18.0624 3576 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    23:04:18.0624 3576 BrFiltUp - ok
    23:04:18.0655 3576 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    23:04:18.0655 3576 Browser - ok
    23:04:18.0718 3576 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    23:04:18.0718 3576 Brserid - ok
    23:04:18.0749 3576 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    23:04:18.0749 3576 BrSerWdm - ok
    23:04:18.0765 3576 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:04:18.0780 3576 BrUsbMdm - ok
    23:04:18.0796 3576 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    23:04:18.0796 3576 BrUsbSer - ok
    23:04:18.0811 3576 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    23:04:18.0827 3576 BTHMODEM - ok
    23:04:18.0858 3576 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    23:04:18.0858 3576 bthserv - ok
    23:04:18.0874 3576 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    23:04:18.0874 3576 cdfs - ok
    23:04:18.0921 3576 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    23:04:18.0921 3576 cdrom - ok
    23:04:18.0967 3576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    23:04:18.0967 3576 CertPropSvc - ok
    23:04:18.0983 3576 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    23:04:18.0999 3576 circlass - ok
    23:04:19.0014 3576 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    23:04:19.0030 3576 CLFS - ok
    23:04:19.0092 3576 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:04:19.0092 3576 clr_optimization_v2.0.50727_32 - ok
    23:04:19.0139 3576 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:04:19.0139 3576 clr_optimization_v2.0.50727_64 - ok
    23:04:19.0170 3576 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    23:04:19.0170 3576 CmBatt - ok
    23:04:19.0201 3576 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    23:04:19.0201 3576 cmdide - ok
    23:04:19.0248 3576 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    23:04:19.0248 3576 CNG - ok
    23:04:19.0295 3576 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    23:04:19.0295 3576 Compbatt - ok
    23:04:19.0326 3576 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    23:04:19.0326 3576 CompositeBus - ok
    23:04:19.0342 3576 COMSysApp - ok
    23:04:19.0357 3576 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    23:04:19.0357 3576 crcdisk - ok
    23:04:19.0404 3576 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    23:04:19.0420 3576 CryptSvc - ok
    23:04:19.0451 3576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    23:04:19.0467 3576 DcomLaunch - ok
    23:04:19.0498 3576 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    23:04:19.0498 3576 defragsvc - ok
    23:04:19.0529 3576 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    23:04:19.0529 3576 DfsC - ok
    23:04:19.0591 3576 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    23:04:19.0591 3576 Dhcp - ok
    23:04:19.0607 3576 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    23:04:19.0623 3576 discache - ok
    23:04:19.0638 3576 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    23:04:19.0638 3576 Disk - ok
    23:04:19.0685 3576 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    23:04:19.0685 3576 Dnscache - ok
    23:04:19.0732 3576 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    23:04:19.0732 3576 dot3svc - ok
    23:04:19.0763 3576 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    23:04:19.0763 3576 DPS - ok
    23:04:19.0794 3576 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    23:04:19.0794 3576 drmkaud - ok
    23:04:19.0841 3576 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    23:04:19.0857 3576 dtsoftbus01 - ok
    23:04:19.0903 3576 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    23:04:19.0919 3576 DXGKrnl - ok
    23:04:19.0950 3576 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    23:04:19.0950 3576 EapHost - ok
    23:04:20.0059 3576 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    23:04:20.0106 3576 ebdrv - ok
    23:04:20.0137 3576 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    23:04:20.0137 3576 EFS - ok
    23:04:20.0200 3576 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    23:04:20.0215 3576 ehRecvr - ok
    23:04:20.0247 3576 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    23:04:20.0247 3576 ehSched - ok
    23:04:20.0278 3576 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    23:04:20.0293 3576 elxstor - ok
    23:04:20.0325 3576 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    23:04:20.0325 3576 ErrDev - ok
    23:04:20.0371 3576 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    23:04:20.0371 3576 EventSystem - ok
    23:04:20.0403 3576 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    23:04:20.0403 3576 exfat - ok
    23:04:20.0418 3576 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    23:04:20.0418 3576 fastfat - ok
    23:04:20.0465 3576 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    23:04:20.0481 3576 Fax - ok
    23:04:20.0512 3576 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    23:04:20.0512 3576 fdc - ok
    23:04:20.0527 3576 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    23:04:20.0527 3576 fdPHost - ok
    23:04:20.0543 3576 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    23:04:20.0543 3576 FDResPub - ok
    23:04:20.0574 3576 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    23:04:20.0574 3576 FileInfo - ok
    23:04:20.0590 3576 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    23:04:20.0590 3576 Filetrace - ok
    23:04:20.0590 3576 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    23:04:20.0605 3576 flpydisk - ok
    23:04:20.0621 3576 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    23:04:20.0621 3576 FltMgr - ok
    23:04:20.0683 3576 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    23:04:20.0699 3576 FontCache - ok
    23:04:20.0746 3576 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:04:20.0746 3576 FontCache3.0.0.0 - ok
    23:04:20.0761 3576 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    23:04:20.0777 3576 FsDepends - ok
    23:04:20.0793 3576 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    23:04:20.0793 3576 Fs_Rec - ok
    23:04:20.0839 3576 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    23:04:20.0839 3576 fvevol - ok
    23:04:20.0871 3576 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    23:04:20.0871 3576 gagp30kx - ok
    23:04:20.0933 3576 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    23:04:20.0933 3576 GameConsoleService - ok
    23:04:20.0980 3576 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    23:04:20.0995 3576 gpsvc - ok
    23:04:21.0058 3576 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:04:21.0058 3576 gupdate - ok
    23:04:21.0073 3576 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:04:21.0089 3576 gupdatem - ok
    23:04:21.0105 3576 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    23:04:21.0105 3576 hcw85cir - ok
    23:04:21.0136 3576 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    23:04:21.0136 3576 HdAudAddService - ok
    23:04:21.0167 3576 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    23:04:21.0167 3576 HDAudBus - ok
    23:04:21.0183 3576 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    23:04:21.0183 3576 HidBatt - ok
    23:04:21.0198 3576 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    23:04:21.0198 3576 HidBth - ok
    23:04:21.0214 3576 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    23:04:21.0229 3576 HidIr - ok
    23:04:21.0245 3576 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    23:04:21.0245 3576 hidserv - ok
    23:04:21.0276 3576 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    23:04:21.0276 3576 HidUsb - ok
    23:04:21.0307 3576 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    23:04:21.0307 3576 hkmsvc - ok
    23:04:21.0354 3576 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    23:04:21.0354 3576 HomeGroupListener - ok
    23:04:21.0385 3576 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    23:04:21.0401 3576 HomeGroupProvider - ok
    23:04:21.0448 3576 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    23:04:21.0448 3576 HP Health Check Service - ok
    23:04:21.0495 3576 [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    23:04:21.0495 3576 hpqwmiex - ok
    23:04:21.0526 3576 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    23:04:21.0526 3576 HpSAMD - ok
    23:04:21.0588 3576 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    23:04:21.0588 3576 HPWMISVC - ok
    23:04:21.0635 3576 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    23:04:21.0651 3576 HTTP - ok
    23:04:21.0666 3576 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    23:04:21.0666 3576 hwpolicy - ok
    23:04:21.0713 3576 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    23:04:21.0713 3576 i8042prt - ok
    23:04:21.0760 3576 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    23:04:21.0760 3576 iaStor - ok
    23:04:21.0791 3576 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    23:04:21.0807 3576 iaStorV - ok
    23:04:21.0853 3576 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:04:21.0869 3576 idsvc - ok
    23:04:22.0119 3576 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    23:04:22.0337 3576 igfx - ok
    23:04:22.0368 3576 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    23:04:22.0368 3576 iirsp - ok
    23:04:22.0431 3576 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    23:04:22.0431 3576 IKEEXT - ok
    23:04:22.0509 3576 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    23:04:22.0540 3576 IntcAzAudAddService - ok
    23:04:22.0571 3576 [ CFC68CA36A63637E8CA69669EE3693DA ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
    23:04:22.0571 3576 IntcHdmiAddService - ok
    23:04:22.0587 3576 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    23:04:22.0602 3576 intelide - ok
    23:04:22.0633 3576 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    23:04:22.0633 3576 intelppm - ok
    23:04:22.0649 3576 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    23:04:22.0665 3576 IPBusEnum - ok
    23:04:22.0696 3576 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:04:22.0711 3576 IpFilterDriver - ok
    23:04:22.0727 3576 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    23:04:22.0743 3576 IPMIDRV - ok
    23:04:22.0774 3576 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    23:04:22.0774 3576 IPNAT - ok
    23:04:22.0789 3576 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    23:04:22.0789 3576 IRENUM - ok
    23:04:22.0821 3576 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    23:04:22.0821 3576 isapnp - ok
    23:04:22.0852 3576 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    23:04:22.0852 3576 iScsiPrt - ok
    23:04:22.0867 3576 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
     
  8. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    23:04:22.0867 3576 kbdclass - ok
    23:04:22.0899 3576 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    23:04:22.0899 3576 kbdhid - ok
    23:04:22.0914 3576 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    23:04:22.0914 3576 KeyIso - ok
    23:04:22.0945 3576 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    23:04:22.0945 3576 KSecDD - ok
    23:04:22.0961 3576 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    23:04:22.0977 3576 KSecPkg - ok
    23:04:22.0992 3576 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    23:04:22.0992 3576 ksthunk - ok
    23:04:23.0039 3576 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    23:04:23.0039 3576 KtmRm - ok
    23:04:23.0101 3576 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    23:04:23.0101 3576 LanmanServer - ok
    23:04:23.0133 3576 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    23:04:23.0133 3576 LanmanWorkstation - ok
    23:04:23.0179 3576 [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    23:04:23.0179 3576 LightScribeService - ok
    23:04:23.0211 3576 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    23:04:23.0226 3576 lltdio - ok
    23:04:23.0242 3576 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    23:04:23.0257 3576 lltdsvc - ok
    23:04:23.0273 3576 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    23:04:23.0273 3576 lmhosts - ok
    23:04:23.0304 3576 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    23:04:23.0304 3576 LSI_FC - ok
    23:04:23.0320 3576 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    23:04:23.0335 3576 LSI_SAS - ok
    23:04:23.0351 3576 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    23:04:23.0351 3576 LSI_SAS2 - ok
    23:04:23.0367 3576 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    23:04:23.0382 3576 LSI_SCSI - ok
    23:04:23.0382 3576 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    23:04:23.0398 3576 luafv - ok
    23:04:23.0429 3576 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    23:04:23.0429 3576 Mcx2Svc - ok
    23:04:23.0445 3576 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    23:04:23.0460 3576 megasas - ok
    23:04:23.0460 3576 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    23:04:23.0476 3576 MegaSR - ok
    23:04:23.0491 3576 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    23:04:23.0491 3576 MMCSS - ok
    23:04:23.0507 3576 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    23:04:23.0523 3576 Modem - ok
    23:04:23.0538 3576 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    23:04:23.0538 3576 monitor - ok
    23:04:23.0554 3576 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    23:04:23.0569 3576 mouclass - ok
    23:04:23.0601 3576 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    23:04:23.0601 3576 mouhid - ok
    23:04:23.0632 3576 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    23:04:23.0632 3576 mountmgr - ok
    23:04:23.0679 3576 [ CC85DEC3B8932F7EC2976DCE2286213A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    23:04:23.0679 3576 MozillaMaintenance - ok
    23:04:23.0710 3576 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    23:04:23.0710 3576 mpio - ok
    23:04:23.0725 3576 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    23:04:23.0741 3576 mpsdrv - ok
    23:04:23.0772 3576 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    23:04:23.0772 3576 MRxDAV - ok
    23:04:23.0803 3576 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:04:23.0819 3576 mrxsmb - ok
    23:04:23.0850 3576 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:04:23.0850 3576 mrxsmb10 - ok
    23:04:23.0866 3576 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:04:23.0866 3576 mrxsmb20 - ok
    23:04:23.0897 3576 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    23:04:23.0897 3576 msahci - ok
    23:04:23.0928 3576 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    23:04:23.0928 3576 msdsm - ok
    23:04:23.0959 3576 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    23:04:23.0975 3576 MSDTC - ok
    23:04:23.0991 3576 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    23:04:23.0991 3576 Msfs - ok
    23:04:24.0022 3576 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    23:04:24.0022 3576 mshidkmdf - ok
    23:04:24.0037 3576 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    23:04:24.0037 3576 msisadrv - ok
    23:04:24.0069 3576 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    23:04:24.0084 3576 MSiSCSI - ok
    23:04:24.0084 3576 msiserver - ok
    23:04:24.0115 3576 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    23:04:24.0115 3576 MSKSSRV - ok
    23:04:24.0115 3576 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    23:04:24.0115 3576 MSPCLOCK - ok
    23:04:24.0131 3576 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    23:04:24.0147 3576 MSPQM - ok
    23:04:24.0178 3576 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    23:04:24.0193 3576 MsRPC - ok
    23:04:24.0209 3576 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    23:04:24.0209 3576 mssmbios - ok
    23:04:24.0225 3576 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    23:04:24.0240 3576 MSTEE - ok
    23:04:24.0256 3576 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    23:04:24.0256 3576 MTConfig - ok
    23:04:24.0271 3576 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    23:04:24.0271 3576 Mup - ok
    23:04:24.0303 3576 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    23:04:24.0303 3576 napagent - ok
    23:04:24.0365 3576 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    23:04:24.0365 3576 NativeWifiP - ok
    23:04:24.0427 3576 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    23:04:24.0443 3576 NDIS - ok
    23:04:24.0459 3576 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    23:04:24.0459 3576 NdisCap - ok
    23:04:24.0474 3576 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    23:04:24.0474 3576 NdisTapi - ok
    23:04:24.0505 3576 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    23:04:24.0521 3576 Ndisuio - ok
    23:04:24.0552 3576 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    23:04:24.0552 3576 NdisWan - ok
    23:04:24.0583 3576 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    23:04:24.0583 3576 NDProxy - ok
    23:04:24.0615 3576 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    23:04:24.0615 3576 NetBIOS - ok
    23:04:24.0646 3576 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    23:04:24.0646 3576 NetBT - ok
    23:04:24.0661 3576 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    23:04:24.0677 3576 Netlogon - ok
    23:04:24.0708 3576 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    23:04:24.0724 3576 Netman - ok
    23:04:24.0739 3576 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    23:04:24.0739 3576 netprofm - ok
    23:04:24.0771 3576 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:04:24.0786 3576 NetTcpPortSharing - ok
    23:04:24.0927 3576 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    23:04:24.0989 3576 netw5v64 - ok
    23:04:25.0005 3576 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    23:04:25.0020 3576 nfrd960 - ok
    23:04:25.0067 3576 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    23:04:25.0067 3576 NlaSvc - ok
    23:04:25.0083 3576 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    23:04:25.0083 3576 Npfs - ok
    23:04:25.0114 3576 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    23:04:25.0114 3576 nsi - ok
    23:04:25.0129 3576 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    23:04:25.0129 3576 nsiproxy - ok
    23:04:25.0207 3576 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    23:04:25.0223 3576 Ntfs - ok
    23:04:25.0223 3576 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    23:04:25.0239 3576 Null - ok
    23:04:25.0254 3576 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    23:04:25.0270 3576 nvraid - ok
    23:04:25.0285 3576 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    23:04:25.0285 3576 nvstor - ok
    23:04:25.0332 3576 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    23:04:25.0332 3576 nv_agp - ok
    23:04:25.0395 3576 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:04:25.0410 3576 odserv - ok
    23:04:25.0441 3576 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    23:04:25.0441 3576 ohci1394 - ok
    23:04:25.0457 3576 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:04:25.0457 3576 ose - ok
    23:04:25.0504 3576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    23:04:25.0504 3576 p2pimsvc - ok
    23:04:25.0535 3576 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    23:04:25.0535 3576 p2psvc - ok
    23:04:25.0582 3576 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    23:04:25.0582 3576 Parport - ok
    23:04:25.0613 3576 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    23:04:25.0613 3576 partmgr - ok
    23:04:25.0629 3576 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    23:04:25.0644 3576 PcaSvc - ok
    23:04:25.0660 3576 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    23:04:25.0660 3576 pci - ok
    23:04:25.0707 3576 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    23:04:25.0707 3576 pciide - ok
    23:04:25.0738 3576 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    23:04:25.0738 3576 pcmcia - ok
    23:04:25.0753 3576 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    23:04:25.0753 3576 pcw - ok
    23:04:25.0785 3576 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    23:04:25.0785 3576 PEAUTH - ok
    23:04:25.0847 3576 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    23:04:25.0863 3576 PerfHost - ok
    23:04:25.0925 3576 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    23:04:25.0956 3576 pla - ok
    23:04:26.0003 3576 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    23:04:26.0003 3576 PlugPlay - ok
    23:04:26.0034 3576 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    23:04:26.0034 3576 PNRPAutoReg - ok
    23:04:26.0050 3576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    23:04:26.0050 3576 PNRPsvc - ok
    23:04:26.0081 3576 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    23:04:26.0097 3576 PolicyAgent - ok
    23:04:26.0128 3576 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    23:04:26.0128 3576 Power - ok
    23:04:26.0175 3576 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    23:04:26.0190 3576 PptpMiniport - ok
    23:04:26.0206 3576 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    23:04:26.0206 3576 Processor - ok
    23:04:26.0237 3576 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    23:04:26.0237 3576 ProfSvc - ok
    23:04:26.0253 3576 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    23:04:26.0268 3576 ProtectedStorage - ok
    23:04:26.0299 3576 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    23:04:26.0299 3576 Psched - ok
    23:04:26.0346 3576 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    23:04:26.0377 3576 ql2300 - ok
    23:04:26.0393 3576 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    23:04:26.0393 3576 ql40xx - ok
    23:04:26.0440 3576 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    23:04:26.0440 3576 QWAVE - ok
    23:04:26.0455 3576 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    23:04:26.0455 3576 QWAVEdrv - ok
    23:04:26.0471 3576 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    23:04:26.0471 3576 RasAcd - ok
    23:04:26.0502 3576 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:04:26.0502 3576 RasAgileVpn - ok
    23:04:26.0518 3576 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    23:04:26.0533 3576 RasAuto - ok
    23:04:26.0565 3576 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:04:26.0565 3576 Rasl2tp - ok
    23:04:26.0596 3576 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    23:04:26.0596 3576 RasMan - ok
    23:04:26.0627 3576 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    23:04:26.0627 3576 RasPppoe - ok
    23:04:26.0643 3576 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    23:04:26.0643 3576 RasSstp - ok
    23:04:26.0689 3576 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    23:04:26.0689 3576 rdbss - ok
    23:04:26.0705 3576 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    23:04:26.0705 3576 rdpbus - ok
    23:04:26.0721 3576 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:04:26.0721 3576 RDPCDD - ok
    23:04:26.0752 3576 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    23:04:26.0752 3576 RDPENCDD - ok
    23:04:26.0767 3576 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    23:04:26.0767 3576 RDPREFMP - ok
    23:04:26.0799 3576 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    23:04:26.0799 3576 RDPWD - ok
    23:04:26.0845 3576 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    23:04:26.0861 3576 rdyboost - ok
    23:04:26.0892 3576 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    23:04:26.0892 3576 RemoteAccess - ok
    23:04:26.0908 3576 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    23:04:26.0923 3576 RemoteRegistry - ok
    23:04:26.0970 3576 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    23:04:26.0986 3576 RichVideo - ok
    23:04:26.0986 3576 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    23:04:27.0001 3576 RpcEptMapper - ok
    23:04:27.0017 3576 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    23:04:27.0017 3576 RpcLocator - ok
    23:04:27.0048 3576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    23:04:27.0064 3576 RpcSs - ok
    23:04:27.0095 3576 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    23:04:27.0095 3576 rspndr - ok
    23:04:27.0142 3576 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    23:04:27.0157 3576 RSUSBSTOR - ok
    23:04:27.0189 3576 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    23:04:27.0189 3576 RTL8167 - ok
    23:04:27.0204 3576 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    23:04:27.0204 3576 SamSs - ok
    23:04:27.0235 3576 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    23:04:27.0235 3576 sbp2port - ok
    23:04:27.0267 3576 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    23:04:27.0267 3576 SCardSvr - ok
    23:04:27.0298 3576 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    23:04:27.0298 3576 scfilter - ok
    23:04:27.0360 3576 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    23:04:27.0376 3576 Schedule - ok
    23:04:27.0407 3576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    23:04:27.0407 3576 SCPolicySvc - ok
    23:04:27.0438 3576 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    23:04:27.0438 3576 sdbus - ok
    23:04:27.0469 3576 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    23:04:27.0469 3576 SDRSVC - ok
    23:04:27.0516 3576 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    23:04:27.0516 3576 secdrv - ok
    23:04:27.0547 3576 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    23:04:27.0547 3576 seclogon - ok
    23:04:27.0579 3576 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    23:04:27.0579 3576 SENS - ok
    23:04:27.0594 3576 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    23:04:27.0594 3576 SensrSvc - ok
    23:04:27.0610 3576 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    23:04:27.0610 3576 Serenum - ok
    23:04:27.0625 3576 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    23:04:27.0641 3576 Serial - ok
    23:04:27.0657 3576 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    23:04:27.0672 3576 sermouse - ok
    23:04:27.0703 3576 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    23:04:27.0719 3576 SessionEnv - ok
    23:04:27.0735 3576 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    23:04:27.0735 3576 sffdisk - ok
    23:04:27.0750 3576 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    23:04:27.0750 3576 sffp_mmc - ok
    23:04:27.0766 3576 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    23:04:27.0766 3576 sffp_sd - ok
    23:04:27.0781 3576 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    23:04:27.0781 3576 sfloppy - ok
    23:04:27.0828 3576 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    23:04:27.0844 3576 ShellHWDetection - ok
    23:04:27.0859 3576 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    23:04:27.0859 3576 SiSRaid2 - ok
    23:04:27.0891 3576 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    23:04:27.0891 3576 SiSRaid4 - ok
    23:04:27.0922 3576 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    23:04:27.0922 3576 Smb - ok
    23:04:27.0953 3576 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    23:04:27.0953 3576 SNMPTRAP - ok
    23:04:27.0969 3576 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    23:04:27.0969 3576 spldr - ok
    23:04:28.0000 3576 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    23:04:28.0015 3576 Spooler - ok
    23:04:28.0125 3576 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    23:04:28.0171 3576 sppsvc - ok
    23:04:28.0187 3576 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    23:04:28.0203 3576 sppuinotify - ok
    23:04:28.0234 3576 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    23:04:28.0234 3576 srv - ok
    23:04:28.0249 3576 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    23:04:28.0249 3576 srv2 - ok
    23:04:28.0296 3576 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    23:04:28.0296 3576 SrvHsfHDA - ok
    23:04:28.0343 3576 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    23:04:28.0359 3576 SrvHsfV92 - ok
    23:04:28.0390 3576 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    23:04:28.0405 3576 SrvHsfWinac - ok
    23:04:28.0437 3576 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    23:04:28.0452 3576 srvnet - ok
    23:04:28.0483 3576 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    23:04:28.0483 3576 SSDPSRV - ok
    23:04:28.0499 3576 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    23:04:28.0515 3576 SstpSvc - ok
    23:04:28.0530 3576 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    23:04:28.0530 3576 stexstor - ok
    23:04:28.0593 3576 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    23:04:28.0593 3576 stisvc - ok
    23:04:28.0624 3576 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    23:04:28.0624 3576 swenum - ok
    23:04:28.0671 3576 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    23:04:28.0686 3576 swprv - ok
    23:04:28.0733 3576 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    23:04:28.0733 3576 SynTP - ok
    23:04:28.0827 3576 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    23:04:28.0842 3576 SysMain - ok
    23:04:28.0873 3576 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    23:04:28.0873 3576 TabletInputService - ok
    23:04:28.0905 3576 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    23:04:28.0905 3576 TapiSrv - ok
    23:04:28.0920 3576 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    23:04:28.0936 3576 TBS - ok
    23:04:29.0014 3576 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    23:04:29.0029 3576 Tcpip - ok
    23:04:29.0076 3576 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    23:04:29.0092 3576 TCPIP6 - ok
    23:04:29.0139 3576 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    23:04:29.0139 3576 tcpipreg - ok
    23:04:29.0185 3576 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    23:04:29.0185 3576 TDPIPE - ok
    23:04:29.0217 3576 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    23:04:29.0217 3576 TDTCP - ok
    23:04:29.0248 3576 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    23:04:29.0248 3576 tdx - ok
    23:04:29.0295 3576 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    23:04:29.0295 3576 TermDD - ok
    23:04:29.0326 3576 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    23:04:29.0341 3576 TermService - ok
    23:04:29.0373 3576 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    23:04:29.0373 3576 Themes - ok
    23:04:29.0388 3576 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    23:04:29.0388 3576 THREADORDER - ok
    23:04:29.0404 3576 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    23:04:29.0419 3576 TrkWks - ok
    23:04:29.0466 3576 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    23:04:29.0466 3576 TrustedInstaller - ok
    23:04:29.0513 3576 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:04:29.0513 3576 tssecsrv - ok
    23:04:29.0560 3576 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    23:04:29.0560 3576 TsUsbFlt - ok
    23:04:29.0607 3576 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    23:04:29.0622 3576 tunnel - ok
    23:04:29.0638 3576 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    23:04:29.0653 3576 uagp35 - ok
    23:04:29.0685 3576 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    23:04:29.0700 3576 udfs - ok
    23:04:29.0731 3576 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    23:04:29.0731 3576 UI0Detect - ok
    23:04:29.0747 3576 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    23:04:29.0747 3576 uliagpkx - ok
    23:04:29.0794 3576 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    23:04:29.0794 3576 umbus - ok
    23:04:29.0809 3576 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    23:04:29.0809 3576 UmPass - ok
    23:04:29.0825 3576 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    23:04:29.0841 3576 upnphost - ok
    23:04:29.0856 3576 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    23:04:29.0872 3576 usbccgp - ok
    23:04:29.0903 3576 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    23:04:29.0903 3576 usbcir - ok
    23:04:29.0919 3576 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    23:04:29.0919 3576 usbehci - ok
    23:04:29.0950 3576 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    23:04:29.0950 3576 usbhub - ok
    23:04:29.0981 3576 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    23:04:29.0981 3576 usbohci - ok
    23:04:29.0997 3576 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    23:04:30.0012 3576 usbprint - ok
    23:04:30.0043 3576 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    23:04:30.0043 3576 usbscan - ok
    23:04:30.0059 3576 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:04:30.0059 3576 USBSTOR - ok
    23:04:30.0075 3576 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    23:04:30.0075 3576 usbuhci - ok
    23:04:30.0106 3576 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    23:04:30.0106 3576 UxSms - ok
    23:04:30.0121 3576 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    23:04:30.0121 3576 VaultSvc - ok
    23:04:30.0168 3576 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    23:04:30.0168 3576 vdrvroot - ok
    23:04:30.0215 3576 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    23:04:30.0231 3576 vds - ok
    23:04:30.0262 3576 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    23:04:30.0262 3576 vga - ok
    23:04:30.0277 3576 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    23:04:30.0277 3576 VgaSave - ok
    23:04:30.0309 3576 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    23:04:30.0309 3576 vhdmp - ok
    23:04:30.0340 3576 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    23:04:30.0340 3576 viaide - ok
    23:04:30.0355 3576 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    23:04:30.0355 3576 volmgr - ok
    23:04:30.0387 3576 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    23:04:30.0387 3576 volmgrx - ok
    23:04:30.0418 3576 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    23:04:30.0418 3576 volsnap - ok
    23:04:30.0433 3576 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    23:04:30.0433 3576 vsmraid - ok
    23:04:30.0496 3576 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    23:04:30.0527 3576 VSS - ok
    23:04:30.0636 3576 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    23:04:30.0636 3576 vToolbarUpdater12.2.6 - ok
    23:04:30.0667 3576 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    23:04:30.0667 3576 vwifibus - ok
    23:04:30.0699 3576 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    23:04:30.0699 3576 vwififlt - ok
    23:04:30.0745 3576 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    23:04:30.0745 3576 W32Time - ok
    23:04:30.0761 3576 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    23:04:30.0761 3576 WacomPen - ok
    23:04:30.0808 3576 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    23:04:30.0808 3576 WANARP - ok
    23:04:30.0823 3576 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    23:04:30.0823 3576 Wanarpv6 - ok
    23:04:30.0886 3576 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    23:04:30.0901 3576 WatAdminSvc - ok
    23:04:30.0964 3576 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    23:04:30.0995 3576 wbengine - ok
    23:04:31.0026 3576 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    23:04:31.0026 3576 WbioSrvc - ok
    23:04:31.0073 3576 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    23:04:31.0089 3576 wcncsvc - ok
    23:04:31.0104 3576 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    23:04:31.0104 3576 WcsPlugInService - ok
    23:04:31.0120 3576 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    23:04:31.0120 3576 Wd - ok
    23:04:31.0151 3576 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    23:04:31.0167 3576 Wdf01000 - ok
    23:04:31.0182 3576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    23:04:31.0182 3576 WdiServiceHost - ok
    23:04:31.0182 3576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    23:04:31.0198 3576 WdiSystemHost - ok
    23:04:31.0229 3576 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    23:04:31.0245 3576 WebClient - ok
    23:04:31.0276 3576 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    23:04:31.0291 3576 Wecsvc - ok
    23:04:31.0291 3576 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    23:04:31.0291 3576 wercplsupport - ok
    23:04:31.0338 3576 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    23:04:31.0338 3576 WerSvc - ok
    23:04:31.0369 3576 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    23:04:31.0369 3576 WfpLwf - ok
    23:04:31.0385 3576 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    23:04:31.0385 3576 WIMMount - ok
    23:04:31.0385 3576 WinHttpAutoProxySvc - ok
    23:04:31.0432 3576 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    23:04:31.0432 3576 Winmgmt - ok
    23:04:31.0510 3576 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    23:04:31.0541 3576 WinRM - ok
    23:04:31.0588 3576 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    23:04:31.0603 3576 WinUsb - ok
    23:04:31.0635 3576 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    23:04:31.0650 3576 Wlansvc - ok
    23:04:31.0666 3576 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    23:04:31.0666 3576 WmiAcpi - ok
    23:04:31.0713 3576 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    23:04:31.0728 3576 wmiApSrv - ok
    23:04:31.0744 3576 WMPNetworkSvc - ok
    23:04:31.0759 3576 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    23:04:31.0759 3576 WPCSvc - ok
    23:04:31.0791 3576 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    23:04:31.0806 3576 WPDBusEnum - ok
    23:04:31.0822 3576 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    23:04:31.0822 3576 ws2ifsl - ok
    23:04:31.0837 3576 WSearch - ok
    23:04:31.0869 3576 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    23:04:31.0869 3576 WudfPf - ok
    23:04:31.0900 3576 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:04:31.0900 3576 WUDFRd - ok
    23:04:31.0947 3576 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    23:04:31.0947 3576 wudfsvc - ok
    23:04:31.0978 3576 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    23:04:31.0978 3576 WwanSvc - ok
    23:04:32.0025 3576 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    23:04:32.0025 3576 yukonw7 - ok
    23:04:32.0056 3576 ================ Scan global ===============================
    23:04:32.0071 3576 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    23:04:32.0103 3576 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    23:04:32.0118 3576 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    23:04:32.0134 3576 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    23:04:32.0165 3576 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    23:04:32.0181 3576 [Global] - ok
    23:04:32.0181 3576 ================ Scan MBR ==================================
    23:04:32.0196 3576 [ 21F4A2DB69230CC3C47459B495D5651B ] \Device\Harddisk0\DR0
    23:04:32.0368 3576 \Device\Harddisk0\DR0 - ok
    23:04:32.0383 3576 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    23:04:32.0383 3576 \Device\Harddisk1\DR1 - ok
    23:04:32.0383 3576 ================ Scan VBR ==================================
    23:04:32.0399 3576 [ 42245801637EC19D5BA68E0851F587B4 ] \Device\Harddisk0\DR0\Partition1
    23:04:32.0399 3576 \Device\Harddisk0\DR0\Partition1 - ok
    23:04:32.0415 3576 [ 4427E5FFF23E7F36D11C157E06816529 ] \Device\Harddisk0\DR0\Partition2
    23:04:32.0415 3576 \Device\Harddisk0\DR0\Partition2 - ok
    23:04:32.0446 3576 [ E8AFC2BE22B42DA9E2A02AF2BDA7F840 ] \Device\Harddisk0\DR0\Partition3
    23:04:32.0446 3576 \Device\Harddisk0\DR0\Partition3 - ok
    23:04:32.0461 3576 [ 173630687CE5AA463D3AB7E06773BDAE ] \Device\Harddisk0\DR0\Partition4
    23:04:32.0461 3576 \Device\Harddisk0\DR0\Partition4 - ok
    23:04:32.0461 3576 [ CDABF17E523A560E3A7BA80FD07BC498 ] \Device\Harddisk1\DR1\Partition1
    23:04:32.0461 3576 \Device\Harddisk1\DR1\Partition1 - ok
    23:04:32.0461 3576 ============================================================
    23:04:32.0461 3576 Scan finished
    23:04:32.0461 3576 ============================================================
    23:04:32.0493 3656 Detected object count: 0
    23:04:32.0493 3656 Actual detected object count: 0
    23:06:36.0372 3032 Deinitialize success
     
  9. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Michelle [Admin rights]
    Mode : Remove -- Date : 09/19/2012 23:22:31
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\@ --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\00000004.@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\000000cb.@ --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\80000000.@ --> REMOVED
    [Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\80000032.@ --> REMOVED
    [Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U\80000064.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{4c48af5f-8e17-36f8-75c9-bfdf50da5211}\L --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS725032A9A364 +++++
    --- User ---
    [MBR] 4478c002d25aedb6e7350e85f46b662e
    [BSP] b3746218d35615a56f187e9bee06f9be : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 290575 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 595507200 | Size: 14366 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
    --- User ---
    [MBR] 8e9737343bfa63bf09ce4a0d4fa6c636
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7629 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-19 23:30:38
    -----------------------------
    23:30:38.363 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:30:38.363 Number of processors: 2 586 0x170A
    23:30:38.363 ComputerName: MICHELLE-PC UserName: Michelle
    23:30:39.299 Initialize success
    23:33:40.390 AVAST engine defs: 12091901
    23:46:47.864 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:46:47.864 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
    23:46:47.879 Disk 0 MBR read successfully
    23:46:47.879 Disk 0 MBR scan
    23:46:47.895 Disk 0 unknown MBR code
    23:46:47.895 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    23:46:47.910 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290575 MB offset 409600
    23:46:47.942 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14366 MB offset 595507200
    23:46:47.957 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
    23:46:47.988 Disk 0 scanning C:\Windows\system32\drivers
    23:46:56.787 Service scanning
    23:47:18.502 Modules scanning
    23:47:18.518 Disk 0 trace - called modules:
    23:47:18.549 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    23:47:18.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800304d5c0]
    23:47:18.564 3 CLASSPNP.SYS[fffff880013ad43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e4d050]
    23:47:19.376 AVAST engine scan C:\Windows
    23:47:20.889 AVAST engine scan C:\Windows\system32
    23:49:52.646 AVAST engine scan C:\Windows\system32\drivers
    23:50:03.582 AVAST engine scan C:\Users\Michelle
    23:52:44.231 File: C:\Users\Michelle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77674e5a-5d52eead **INFECTED** Win32:Downloader-QPN [Trj]
    23:53:42.949 File: C:\Users\Michelle\Documents\f74de5d.exe **INFECTED** Win32:MalOb-KZ [Trj]
    23:53:47.629 AVAST engine scan C:\ProgramData
    23:55:50.791 Scan finished successfully
    23:58:03.376 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
    23:58:03.392 The log file has been saved successfully to "H:\aswMBR.txt"
    Also, MBR.dat was saved to flashdrive by mistake. I went back and saved it to desktop as instructed.
     
  10. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ======================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    This may be a problem. I temporarily disabled avg2012 antivirus per the instructions, but when combofix started to run it warned that it was still somehow showing active. As I was attempting to close combofix so I could uninstall avg, combofix ran anyway. I can rerun combofix if it is necessary. Here is the log it produced.

    ComboFix 12-09-20.03 - Michelle 09/21/2012 0:02.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1972 [GMT -4:00]
    Running from: c:\users\Michelle\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-19 11:13 . 2012-09-19 11:13 -------- d-----w- C:\FRST
    2012-09-14 10:09 . 2012-09-14 10:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-09-14 10:08 . 2012-09-14 13:46 -------- d-----w- c:\programdata\0C1CFB13E70BDBD3DB703C33F875F002
    2012-09-12 07:11 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 07:11 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 07:11 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-08 03:15 . 2012-09-14 10:29 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 8
    2012-09-04 07:06 . 2012-09-04 07:06 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-14 10:14 . 2012-05-26 19:59 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-14 10:14 . 2012-05-26 19:59 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-13 07:00 . 2011-01-08 23:39 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2012-07-18 18:15 . 2012-08-15 21:32 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-06 02:06 . 2012-05-26 20:03 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-07-06 02:06 . 2012-05-26 20:03 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-04 22:16 . 2012-08-15 21:32 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-15 21:32 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-15 21:32 136704 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-15 21:32 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-06-29 04:55 . 2012-08-16 07:04 17809920 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-29 04:09 . 2012-08-16 07:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-29 03:56 . 2012-08-16 07:04 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 03:49 . 2012-08-16 07:04 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-29 03:49 . 2012-08-16 07:04 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 03:48 . 2012-08-16 07:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 03:47 . 2012-08-16 07:04 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-29 03:45 . 2012-08-16 07:04 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-29 03:44 . 2012-08-16 07:04 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-06-29 03:43 . 2012-08-16 07:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 03:42 . 2012-08-16 07:04 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-29 03:40 . 2012-08-16 07:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-29 03:39 . 2012-08-16 07:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-29 03:35 . 2012-08-16 07:04 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-29 00:16 . 2012-08-16 07:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09 . 2012-08-16 07:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-29 00:08 . 2012-08-16 07:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04 . 2012-08-16 07:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00 . 2012-08-16 07:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-09-04 07:06 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 947808]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 136176]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-14 114656]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-26 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 01:01]
    .
    2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 01:01]
    .
    2012-09-20 c:\windows\Tasks\HPCeeScheduleForMichelle.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\b6ivaqq8.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.sega.com/
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={F4972F28-F29A-4A63-A197-35382A53F155}&mid=3f8a9e33e03147d19bff1943ef82e342-2c9f23065ea81056394729045fcd7c84d5b38daf&lang=en&ds=AVG&pr=fr&d=2012-06-09 20:36&v=12.2.5.32&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-21 00:13:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-21 04:13
    .
    Pre-Run: 231,055,278,080 bytes free
    Post-Run: 230,811,611,136 bytes free
    .
    - - End Of File - - 459F5B54C990B2C59978E7E2B6E520F6
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    I guess you're lucky nothing got messed up.

    How is computer doing?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    Sometimes it's better to be lucky than to be good. Also, while running OTL I got another AVG popup threat notification:
    Filename: c:\users\michelle\documents\f74de5d.exe
    Threatname: Trojan Horse Fake AV_r.NS

    It asked if I wanted to quarantine, so I did. This file shows up in the OTL logfile under files/folders created in the last 30 days and also in files modified in last 30 days.

    OTL logfile created on: 9/22/2012 1:21:19 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Michelle\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.09% Memory free
    5.86 Gb Paging File | 4.58 Gb Available in Paging File | 78.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.76 Gb Total Space | 215.02 Gb Free Space | 75.77% Space Free | Partition Type: NTFS
    Drive D: | 14.03 Gb Total Space | 2.32 Gb Free Space | 16.53% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 92.68 Mb Free Space | 93.30% Space Free | Partition Type: FAT32
    Drive F: | 5.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: MICHELLE-PC | User Name: Michelle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/22 01:18:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\otl.exe
    PRC - [2012/09/04 03:06:05 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    PRC - [2012/09/04 03:06:04 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/04 03:06:07 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
    MOD - [2012/09/04 03:06:06 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
    MOD - [2012/09/04 03:06:04 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2010/02/22 14:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2010/02/22 14:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2010/02/22 14:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/01/18 18:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV - [2012/09/14 06:29:45 | 000,114,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/04 03:06:05 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/04 03:06:06 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/01/26 03:18:21 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/05/27 23:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/03/05 15:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/10/05 12:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/09/22 21:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/09/22 21:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5DB81A70-ED4D-4DD7-B0CE-6B3DB2AF76E9}
    IE:64bit: - HKLM\..\SearchScopes\{10FCE09C-EF66-4926-AE57-2E59AB1445CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{5DB81A70-ED4D-4DD7-B0CE-6B3DB2AF76E9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {5DB81A70-ED4D-4DD7-B0CE-6B3DB2AF76E9}
    IE - HKLM\..\SearchScopes\{10FCE09C-EF66-4926-AE57-2E59AB1445CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{5DB81A70-ED4D-4DD7-B0CE-6B3DB2AF76E9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\..\SearchScopes\{10FCE09C-EF66-4926-AE57-2E59AB1445CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\..\SearchScopes\{5DB81A70-ED4D-4DD7-B0CE-6B3DB2AF76E9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...c84d5b38daf&lang=en&ds=AVG&pr=fr&d=2012-06-09 20:36:23&v=12.2.5.32&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.sega.com/"
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=...c84d5b38daf&lang=en&ds=AVG&pr=fr&d=2012-06-09 20:36:23&v=12.2.5.32&sap=ku&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 15:41:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 17:58:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/04 03:06:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2012/09/14 06:29:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2012/09/14 06:29:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins

    [2010/12/25 19:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions
    [2012/09/12 12:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\b6ivaqq8.default\extensions
    [2012/09/04 03:06:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
    [2012/09/12 12:55:50 | 000,621,521 | ---- | M] () (No name found) -- C:\USERS\MICHELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B6IVAQQ8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

    O1 HOSTS File: ([2012/09/21 00:09:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.5.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F943B98-6E33-4C55-B498-6E05D628A8FC}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/02/03 02:11:25 | 000,055,136 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2011/11/14 11:40:17 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/22 01:19:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Michelle\Desktop\otl.exe
    [2012/09/21 00:13:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/21 00:09:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/21 00:01:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/21 00:01:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/21 00:01:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/21 00:00:25 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/21 00:00:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/20 23:53:04 | 004,754,290 | R--- | C] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
    [2012/09/19 23:29:21 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Michelle\Desktop\aswMBR.exe
    [2012/09/19 23:13:14 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\RK_Quarantine
    [2012/09/19 07:13:04 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michelle\Desktop\TDSSKiller.exe
    [2012/09/14 06:09:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/09/14 06:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB13E70BDBD3DB703C33F875F002
    [2012/09/10 17:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/09/07 23:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
    [2012/09/04 03:06:06 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/08/24 15:43:16 | 000,384,352 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/09/22 01:20:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/22 01:20:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/22 01:18:52 | 000,713,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/22 01:18:52 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/22 01:18:52 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/22 01:18:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\otl.exe
    [2012/09/22 01:17:14 | 095,467,223 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/09/22 01:13:43 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/22 01:13:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/22 01:13:18 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/21 00:09:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/21 00:00:03 | 004,754,290 | R--- | M] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
    [2012/09/20 02:45:17 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/19 23:58:04 | 000,000,512 | ---- | M] () -- C:\Users\Michelle\Desktop\MBR.dat
    [2012/09/19 23:29:31 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Michelle\Desktop\aswMBR.exe
    [2012/09/19 23:11:23 | 001,382,912 | ---- | M] () -- C:\Users\Michelle\Desktop\RogueKiller.exe
    [2012/09/19 23:03:04 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michelle\Desktop\TDSSKiller.exe
    [2012/09/19 23:01:00 | 002,193,278 | ---- | M] () -- C:\Users\Michelle\Desktop\tdsskiller.zip
    [2012/09/19 22:46:49 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichelle.job
    [2012/09/14 06:29:49 | 000,002,151 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
    [2012/09/14 06:03:46 | 000,479,232 | ---- | M] () -- C:\Users\Michelle\Documents\f74de5d.exe
    [2012/09/10 17:58:28 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/09/07 17:37:37 | 000,410,601 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/09/04 03:06:06 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/08/31 22:47:21 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

    ========== Files Created - No Company Name ==========

    [2012/09/21 00:01:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/21 00:01:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/21 00:01:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/21 00:01:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/21 00:01:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/20 00:00:30 | 000,000,512 | ---- | C] () -- C:\Users\Michelle\Desktop\MBR.dat
    [2012/09/19 23:11:23 | 001,382,912 | ---- | C] () -- C:\Users\Michelle\Desktop\RogueKiller.exe
    [2012/09/19 23:00:59 | 002,193,278 | ---- | C] () -- C:\Users\Michelle\Desktop\tdsskiller.zip
    [2012/09/14 06:03:46 | 000,479,232 | ---- | C] () -- C:\Users\Michelle\Documents\f74de5d.exe

    ========== LOP Check ==========

    [2011/04/24 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Atari
    [2011/10/08 20:37:11 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\AVG2012
    [2012/02/01 21:28:19 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\DAEMON Tools Lite
    [2011/04/24 18:55:17 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Leadertech
    [2011/08/01 00:06:14 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\ooVoo Details
    [2012/02/26 23:17:55 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Origin
    [2010/12/25 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\PictureMover
    [2011/02/26 23:55:31 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\WildTangent
    [2012/08/24 13:56:58 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  14. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    OTL Extras logfile created on: 9/22/2012 1:21:20 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Michelle\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.09% Memory free
    5.86 Gb Paging File | 4.58 Gb Available in Paging File | 78.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.76 Gb Total Space | 215.02 Gb Free Space | 75.77% Space Free | Partition Type: NTFS
    Drive D: | 14.03 Gb Total Space | 2.32 Gb Free Space | 16.53% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 92.68 Mb Free Space | 93.30% Space Free | Partition Type: FAT32
    Drive F: | 5.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: MICHELLE-PC | User Name: Michelle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3686807488-1388826910-3173516872-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5ECBB161-A79A-4598-81DA-C6E1633B395C}" = HP Deskjet 1000 J110 series Basic Device Software
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
    "AVG" = AVG 2012
    "CCleaner" = CCleaner
    "LSI Soft Modem" = LSI HDA Modem
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{3366A98C-7D00-4CE2-AF68-005852831BAF}" = Toon Boom Studio 6.0 Trial
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
    "{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
    "{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photo Creations" = HP Photo Creations
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "My HP Game Console" = HP Game Console
    "Origin" = Origin
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT082122" = Blackhawk Striker 2
    "WT082124" = Blasterball 3
    "WT082133" = Dora's Carnival Adventure
    "WT082141" = FATE
    "WT082168" = Penguins!
    "WT082170" = Plants vs. Zombies
    "WT082171" = Poker Superstars III
    "WT082172" = Polar Bowler
    "WT082173" = Polar Golfer
    "WT082188" = Virtual Families
    "WT082189" = Wheel of Fortune 2
    "WT082192" = Bejeweled 2 Deluxe
    "WT082200" = Chuzzle Deluxe
    "WT082241" = Virtual Villagers - The Secret City
    "WT082396" = Diner Dash 2 Restaurant Rescue
    "WT082438" = Build-a-lot 2
    "WT082442" = Faerie Solitaire
    "WT082443" = Jewel Quest 3
    "WT082456" = Mystery P.I. - The New York Fortune
    "WT082463" = Zuma's Revenge
    "WT082468" = Jewel Quest Solitaire 2
    "WT083477" = Cake Mania
    "WT083484" = Escape Rosecliff Island
    "WT083491" = TextTwist 2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/22/2012 1:07:04 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 8/22/2012 1:07:58 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 8/23/2012 12:07:25 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 8/23/2012 12:08:20 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 8/25/2012 10:24:22 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 8/25/2012 10:25:22 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 8/26/2012 10:28:04 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 8/26/2012 10:28:56 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 8/28/2012 10:37:59 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 8/28/2012 10:38:51 PM | Computer Name = Michelle-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    [ Hewlett-Packard Events ]
    Error - 4/14/2012 9:40:23 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 5/5/2012 10:15:25 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 5/5/2012 10:15:26 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 5/19/2012 8:21:22 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 5/19/2012 8:21:22 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 6/17/2012 4:26:08 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 6/17/2012 4:26:09 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 8/18/2012 8:13:55 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 8/18/2012 8:13:55 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 9/8/2012 8:51:08 PM | Computer Name = Michelle-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    [ System Events ]
    Error - 9/20/2012 1:14:17 AM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 9/20/2012 1:14:17 AM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 9/20/2012 1:14:17 AM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 9/20/2012 11:47:32 PM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 9/20/2012 11:47:32 PM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 9/20/2012 11:47:32 PM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 9/21/2012 12:05:35 AM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/21/2012 12:08:04 AM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/21/2012 12:09:06 AM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 9/21/2012 12:11:12 AM | Computer Name = Michelle-PC | Source = Service Control Manager | ID = 7000
    Description = The HP Health Check Service service failed to start due to the following
    error: %%31


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      [2012/09/19 07:13:04 | 000,000,000 | ---D | C] -- C:\FRST
      [2012/09/14 06:03:46 | 000,479,232 | ---- | M] () -- C:\Users\Michelle\Documents\f74de5d.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    [2012/09/19 07:13:04 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/14 06:03:46 | 000,479,232 | ---- | M] () -- C:\Users\Michelle\Documents\f74de5d.exe

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]



    Results of screen317's Security Check version 0.99.50
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    JavaFX 2.1.1
    Java(TM) 6 Update 17
    Java(TM) 7 Update 5
    Java version out of Date!
    Adobe Flash Player 11.3.300.271 Flash Player out of Date!
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````



    Farbar Service Scanner Version: 06-08-2012
    Ran by Michelle (administrator) on 22-09-2012 at 17:53:10
    Running from "C:\Users\Michelle\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-09-12 03:11] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  17. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    # AdwCleaner v2.002 - Logfile created 09/22/2012 at 18:17:56
    # Updated 16/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Michelle - MICHELLE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Michelle\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Browser Manager

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Deleted on reboot : C:\ProgramData\Browser Manager
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\user.js
    File Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\b6ivaqq8.default\searchplugins\BabylonMngr.xml
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\BabylonToolbar
    Folder Deleted : C:\Program Files (x86)\Giant Savings
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\Users\Michelle\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Michelle\AppData\Local\Giant Savings
    Folder Deleted : C:\Users\Michelle\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Michelle\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Michelle\AppData\Roaming\BabylonToolbar
    Folder Deleted : C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\b6ivaqq8.default\extensions\crossriderapp4479@crossrider.com
    Folder Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\b6ivaqq8.default\extensions\ffxtlbr@babylon.com

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\BrowserMngr
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\b
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445579}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446679}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKU\S-1-5-21-3686807488-1388826910-3173516872-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=70af06a600000000000078e4003f8667 --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=70af06a600000000000078e4003f8667 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3812_8&babsrc=NT_ss&mntrId=70af06a600000000000078e4003f8667 --> hxxp://www.google.com

    -\\ Mozilla Firefox v16.0 (en-US)

    Profile name : default
    File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\b6ivaqq8.default\prefs.js

    C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\b6ivaqq8.default\user.js ... Deleted !

    Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
    Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3812_8&babsrc[...]
    Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3812_8&[...]
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110790&tt=120912_ccp_3812_8");
    Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "22");
    Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
    Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "1C0A910C64F9618181841673FA0F52F6");
    Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
    Deleted : user_pref("extensions.BabylonToolbar.id", "70af06a600000000000078e4003f8667");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15605");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1218:04:23");
    Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
    Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
    Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
    Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
    Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1218:04:23");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110790&tt=120912_ccp_3812_8");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1218:04:23");
    Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348351446);
    Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
    Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
    Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
    Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
    Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 6);
    Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
    Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348351446");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348351446");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Sat Sep 22 2012 18:[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Sat Sep 29 2012 [...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1348351747");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2258453%22");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1348351765569");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2285097%22");
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348351746793");
    Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons dis[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
    Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "40");
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Sun Sep 23[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
    Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 6);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16,47,1000015");
    Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
    Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 15);
    Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
    Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 40);
    Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
    Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
    Deleted : user_pref("extensions.crossriderapp4479.bic", "139f004283afc2bf46c35e05710be320");
    Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
    Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1348351568);
    Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22472526);
    Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22472530);
    Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
    Deleted : user_pref("extensions.enabledAddons", "avg@toolbar:12.2.5.32,testpilot@labs.mozilla.com:1.2.2,crossr[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.1] : urls_to_restore_on_startup ={"session": { "restore_on_startup": 4, [ "hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=70af06a600000000000078e4003f8667" ] },
    Deleted [l.2] : icon_url ="browser":{"window_placement":{"bottom":718,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":728,"work_area_left":0,"work_area_right":1366,"work_area_top":0}},"countryid_at_install":21843,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&{google:instantFieldTrialGroupParameter}ie={inputEncoding}&ion=1{searchTerms}&nord=1","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":true,"system_level":true,"verbose_logging":false},"download":{"directory_upgrade":true},"extensions":{"autoupdate":{"next_check":"12967636307389691"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"jmfkcklnlgedgbglfkkgedjfmejoahla":{"active_permissions":{"api":["plugin"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"12967616960265148","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"js":["content/jquery-1.4.4.min.js","content/avgls-inline.js","content/searchengine.js","content/searchshield.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"}],"description":"Securing your clicks.","format_version":1,"icons":{"128":"content/Icons/128x128.png","16":"content/Icons/16x16.png","48":"content/Icons/48x48.png","64":"content/Icons/64x64.png"},"id":"881AC4EF96904f5fA0B49048C377CD59E8A84102","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrH3sthUrxOpfC3hPSHs4tIWO24/z8ZQCH5oHRTRkwgdSZ7/ah1PgRHQeNkTYJT0bwLQoxsG1jBLvWLu4I9t3KCTXj0uanaCw7VJjmSIPQCip/1m7ewfS9XdPR9CSUkR2wwp8HeDryToyCINwP8Yg3Lws/FV0nGmF2IV8jpQ6OWQIDAQAB","minimum_chrome_version":"9","name":"AVG Safe Search","plugins":[{"path":"plugins/avgnpss.dll","public":true}],"version":"12.0.0.1857"},"path":"jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1857_0","state":1}}},"homepage":"hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=70af06a600000000000078e4003f8667","homepage_is_newtabpage":false,"hxxp_throttling":{"enabled":true},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\15.0.874.121","plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\15.0.874.121\\gcswf32.dll","version":"11,1,102,55"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32.dll","version":"10,1,102,64"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.170.4","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeploytk.dll","version":"6.0.170.4"},{"enabled":true,"name":"Java(TM) Platform SE 6 U17","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.170.4"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\3.0.40624.0\\npctrl.dll","version":"3.0.40624.0"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw.dll","version":"11.5.1r601"},{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\15.0.874.121\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\15.0.874.121\\pdf.dll","version":""},{"enabled":true,"name":"AVG Internet Security","path":"C:\\Users\\Michelle\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1857_0\\plugins/avgnpss.dll","version":"12.0.0.1857"},{"enabled":false,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll","version":"9.1.0.2009022700"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.79\\npGoogleUpdate3.dll","version":"1.3.21.79"},{"enabled":true,"name":"Windows Live® Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"14.0.8081.0709_ship.wlx.w3m3 (ship)"},{"enabled":true,"name":"Default Plug-in","path":"default_plugin","version":"1"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"AVG Internet Security"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Windows Live® Photo Gallery"},{"enabled":true,"name":"Default Plug-in"}]},"profile":{"content_settings":{"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false}}

    *************************

    AdwCleaner[S1].txt - [36252 octets] - [22/09/2012 18:17:56]

    ########## EOF - C:\AdwCleaner[S1].txt - [36313 octets] ##########
     
  18. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    OTL log is incorrect.
    You just pasted my script.
    Re-read my instructions and redo.
     
  19. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    Here is the Eset text file. There was a file that I unwittingly downloaded and installed when I was searching for the adwcleaner.exe file. I realized when it was installing, that it was the wrong file and downloaded the correct file. I'm glad that Eset identified it as a virus and deleted it.

    C:\Users\Michelle\Desktop\DownloadManagerSetup.exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined
    C:\Users\Michelle\Downloads\DownloadManagerSetup(1).exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined
    C:\Users\Michelle\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined
    C:\Windows\System32\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.ALSW trojan cleaned by deleting - quarantined
     
  20. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Please read my previous reply.
     
  21. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    Sorry! The error was not in following your instructions. I just posted the content of the wrong text file I had created. Here is the results of OTL scan/fix.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3686807488-1388826910-3173516872-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
    C:\FRST\Quarantine\{4c48af5f-8e17-36f8-75c9-bfdf50da5211} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    File C:\Users\Michelle\Documents\f74de5d.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Michelle
    ->Temp folder emptied: 251051 bytes
    ->Temporary Internet Files folder emptied: 238051 bytes
    ->Java cache emptied: 233085 bytes
    ->FireFox cache emptied: 83895642 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 899 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22021 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 81.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Michelle
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Michelle
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 09222012_173555

    Files\Folders moved on Reboot...
    C:\Users\Michelle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Michelle\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    =========================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  23. eharvey650

    eharvey650 TS Rookie Topic Starter Posts: 24

    Broni I want to thank you on behalf of my daughter for all your time and tech support. I would like to make a donation to you also and plan to do so. Thank you again so much. And God bless.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Michelle
    ->Temp folder emptied: 23338609 bytes
    ->Temporary Internet Files folder emptied: 4302988 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46286474 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1123 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9693 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 71.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Michelle
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Michelle
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.56.0 log created on 09232012_205037

    Files\Folders moved on Reboot...
    C:\Users\Michelle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Michelle\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  24. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)

    ...and thank you :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.