Inactive IE homepage keeps popping up & incompatibility issues w/ MS Word

Status
Not open for further replies.
For 32-bit systems please download GrantPerms.zip and save it to your desktop.
For 64-bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

Code: 
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\?polar express train videos?? - YouTube.url

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

Then re-run Combofix again.
 
perm log

here is the perm log


GrantPerms by Farbar
Ran by Owner (administrator) at 2012-04-13 19:59:55

===============================================
ERROR: Parsing the SD of <\\?\c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\?polar express train videos?? - YouTube.url> failed with: The filename, directory name, or volume label syntax is incorrect.


Operating system error message: The filename, directory name, or volume label syntax is incorrect.
 
combofix log

herer is of combo fix log


ComboFix 12-04-12.03 - Owner 04/13/2012 20:04:25.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2492 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\04131737-00000f08-s6kil1al1r\tmpBDFA.tmp
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\?polar express train videos?? - YouTube.url . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 01:09 . 2012-04-14 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 01:09 . 2012-04-14 01:09 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2012-04-13 03:14 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17C855AD-2C43-461C-8DB2-9122E82207C0}\mpengine.dll
2012-04-12 09:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 09:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 09:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 09:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 23:44 . 2012-04-11 23:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-11 23:44 . 2012-04-11 23:44 -------- d-----w- c:\program files (x86)\Java
2012-04-11 23:13 . 2012-04-11 23:13 -------- d-----w- C:\_OTL
2012-04-05 05:13 . 2012-04-05 05:13 -------- d-----w- c:\programdata\Recovery
2012-04-05 02:24 . 2012-04-05 02:24 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 20:32 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-31 12:44 . 2012-03-31 12:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5236D53-40DF-40FE-A781-C53DFE2B2ABE}\gapaengine.dll
2012-03-31 07:45 . 2012-03-31 07:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-31 07:45 . 2012-03-31 07:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-30 23:15 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51954925-F92D-425A-A2F0-98D18E4F48EA}\mpengine.dll
2012-03-29 17:17 . 2012-03-29 17:17 -------- d-----w- c:\users\Owner\AppData\Roaming\Webroot
2012-03-18 14:59 . 2012-03-25 13:14 -------- d-----w- c:\program files\CCleaner
2012-03-17 00:44 . 2012-03-25 13:14 -------- d-----w- c:\program files (x86)\Sprint_Activation
2012-03-17 00:44 . 2012-03-25 13:14 -------- d-----w- c:\program files (x86)\Common Files\Motive
2012-03-17 00:43 . 2012-03-17 00:43 -------- d-----w- c:\programdata\Motive
2012-03-17 00:42 . 2012-03-25 13:14 -------- d-----w- c:\program files\Common Files\Motive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 23:44 . 2011-08-25 04:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-05 02:24 . 2011-12-08 11:13 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-13 22:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 07:31 . 2011-04-30 22:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-16 07:30 . 2011-04-30 22:29 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-16 06:44 . 2011-04-30 22:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-16 06:44 . 2011-12-04 06:00 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 23:57 . 2011-06-16 23:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-02-10 23:57 . 2011-06-16 23:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-10 23:57 . 2011-06-16 23:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-10 06:36 . 2012-03-13 22:35 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:35 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 13:48 . 2011-04-30 22:29 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-03 04:34 . 2012-03-13 22:35 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-06-08 06:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-13 22:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 22:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 22:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-20 17:48 . 2012-01-20 17:48 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-12_16.54.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-14 01:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-12 16:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-12 16:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 01:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-09 23:08 . 2012-04-12 17:07 53690 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-13 00:46 52336 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-08 05:49 . 2012-04-13 00:46 16332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-278354598-3277908703-583346675-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-04-12 17:01 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-14 01:10 . 2012-04-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-12 16:52 . 2012-04-12 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-14 01:10 . 2012-04-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-12 16:52 . 2012-04-12 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-14 01:10 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-12 16:52 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-08 07:29 . 2012-04-12 14:52 304916 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-06-08 07:29 . 2012-04-14 00:52 304916 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-12 09:25 626868 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-12 17:11 626868 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-12 09:25 108298 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-12 17:11 108298 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-14 01:09 512628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-12 16:52 512628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-19 03:20 . 2012-04-14 01:09 7292844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-278354598-3277908703-583346675-1000-4096.dat
- 2011-06-19 03:20 . 2012-04-12 16:52 7292844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-278354598-3277908703-583346675-1000-4096.dat
- 2010-06-08 05:46 . 2012-04-12 16:52 42504772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-278354598-3277908703-583346675-1000-8192.dat
+ 2010-06-08 05:46 . 2012-04-13 00:44 42504772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-278354598-3277908703-583346675-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"FPCCSMiddleware"="c:\program files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-03-07 536184]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-14 296056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
2009-05-20 06:16 222504 ------w- c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\Java\jre6\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2010-03-23 18:47 500792 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-06-13 441344]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:24]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 04:55]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 04:55]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-278354598-3277908703-583346675-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 18:34]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-278354598-3277908703-583346675-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 18:34]
.
2012-04-11 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-23 884584]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ea,2e,cf,e1,72,26,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-13 20:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 01:14
ComboFix2.txt 2012-04-12 16:58
ComboFix3.txt 2012-04-08 20:45
.
Pre-Run: 421,474,762,752 bytes free
Post-Run: 421,426,487,296 bytes free
.
- - End Of File - - CE3A9EBB9B9A24BDB334FF23498D011D
 
here is edited Perm...

GrantPerms by Farbar
Ran by Owner (administrator) at 2012-04-14 02:09:57

===============================================
ERROR: Parsing the SD of <\\?\c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\?polar express train videos?? - YouTube.url> failed with: The filename, directory name, or volume label syntax is incorrect.


Operating system error message: The filename, directory name, or volume label syntax is incorrect.
 
combofix log

ComboFix 12-04-12.03 - Owner 04/14/2012 2:15.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2249 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\?polar express train videos?? - YouTube.url . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 07:46 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{640D5E14-901A-4FE0-BD07-CF83DF56A1B8}\mpengine.dll
2012-04-14 07:20 . 2012-04-14 07:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 07:20 . 2012-04-14 07:20 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2012-04-14 01:25 . 2012-04-14 01:25 -------- d-----w- c:\windows\en
2012-04-14 01:23 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-14 01:21 . 2012-04-14 01:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e84f82721cd19dc03\DSETUP.dll
2012-04-14 01:21 . 2012-04-14 01:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e84f82721cd19dc03\DXSETUP.exe
2012-04-14 01:21 . 2012-04-14 01:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e84f82721cd19dc03\dsetup32.dll
2012-04-14 01:21 . 2012-04-14 01:21 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e888a3791cd19dc04\MeshBetaRemover.exe
2012-04-12 09:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 09:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 09:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 09:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 23:44 . 2012-04-11 23:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-11 23:44 . 2012-04-11 23:44 -------- d-----w- c:\program files (x86)\Java
2012-04-11 23:13 . 2012-04-11 23:13 -------- d-----w- C:\_OTL
2012-04-05 05:13 . 2012-04-05 05:13 -------- d-----w- c:\programdata\Recovery
2012-04-05 02:24 . 2012-04-05 02:24 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 20:32 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-31 12:44 . 2012-03-31 12:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5236D53-40DF-40FE-A781-C53DFE2B2ABE}\gapaengine.dll
2012-03-31 07:45 . 2012-03-31 07:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-31 07:45 . 2012-03-31 07:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-30 23:15 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51954925-F92D-425A-A2F0-98D18E4F48EA}\mpengine.dll
2012-03-29 17:17 . 2012-03-29 17:17 -------- d-----w- c:\users\Owner\AppData\Roaming\Webroot
2012-03-18 14:59 . 2012-03-25 13:14 -------- d-----w- c:\program files\CCleaner
2012-03-17 00:44 . 2012-03-25 13:14 -------- d-----w- c:\program files (x86)\Sprint_Activation
2012-03-17 00:44 . 2012-03-25 13:14 -------- d-----w- c:\program files (x86)\Common Files\Motive
2012-03-17 00:43 . 2012-03-17 00:43 -------- d-----w- c:\programdata\Motive
2012-03-17 00:42 . 2012-03-25 13:14 -------- d-----w- c:\program files\Common Files\Motive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:23 . 2010-06-24 17:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 23:44 . 2011-08-25 04:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-05 02:24 . 2011-12-08 11:13 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-17 06:38 . 2012-03-13 22:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 07:31 . 2011-04-30 22:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-16 07:30 . 2011-04-30 22:29 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-16 06:44 . 2011-04-30 22:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-16 06:44 . 2011-12-04 06:00 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 23:57 . 2011-06-16 23:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-02-10 23:57 . 2011-06-16 23:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-10 23:57 . 2011-06-16 23:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-10 06:36 . 2012-03-13 22:35 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:35 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 13:48 . 2011-04-30 22:29 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-03 04:34 . 2012-03-13 22:35 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-06-08 06:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-13 22:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 22:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 22:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-20 17:48 . 2012-01-20 17:48 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-12_16.54.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-14 07:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-12 16:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-12 16:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 07:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-09 23:08 . 2012-04-14 01:21 53802 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-14 01:21 52376 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-08 05:49 . 2012-04-14 01:21 16332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-278354598-3277908703-583346675-1000_UserData.bin
+ 2012-04-14 01:23 . 2012-03-08 23:40 48488 c:\windows\system32\DRVSTORE\fssfltr_F81BFAB31A96EBC51D97A2D005244F41BE442B43\fssfltr.sys
+ 2009-07-14 04:46 . 2012-04-12 17:01 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-14 01:21 . 2012-04-14 01:21 24576 c:\windows\Installer\3d8ba.msp
+ 2010-11-15 19:20 . 2010-11-15 19:20 56832 c:\windows\Installer\3d8b3.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 65536 c:\windows\Installer\3d8a7.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 30720 c:\windows\Installer\3d8a2.msp
+ 2010-11-15 19:20 . 2010-11-15 19:20 74240 c:\windows\Installer\3d89d.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 23552 c:\windows\Installer\3d898.msp
+ 2010-11-15 19:19 . 2010-11-15 19:19 29696 c:\windows\Installer\3d893.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 60416 c:\windows\Installer\3d88d.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 29184 c:\windows\Installer\3d826.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 67072 c:\windows\Installer\3d81b.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 39936 c:\windows\Installer\3d625.msp
+ 2010-11-15 19:19 . 2010-11-15 19:19 74240 c:\windows\Installer\3d620.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 26112 c:\windows\Installer\3d616.msi
+ 2012-04-14 01:24 . 2012-04-14 01:24 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2012-04-14 01:41 . 2012-04-14 01:41 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\17a2afe9e92c7eaf86ba583b5f43f812\WindowsLiveWriter.ni.exe
+ 2012-04-14 01:41 . 2012-04-14 01:41 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c78c244b8033acc827956db14bd4f1e\WindowsLive.Writer.Passport.ni.dll
- 2012-04-12 16:52 . 2012-04-12 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-14 07:21 . 2012-04-14 07:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-12 16:52 . 2012-04-12 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-14 07:21 . 2012-04-14 07:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-29 01:31 . 2011-03-29 01:31 209280 c:\windows\SysWOW64\LIVESSP.DLL
- 2009-07-14 04:54 . 2012-04-12 16:52 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 07:21 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-08 07:29 . 2012-04-14 07:02 305396 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-12 09:25 626868 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-14 01:31 626868 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-12 09:25 108298 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-14 01:31 108298 c:\windows\system32\perfc009.dat
- 2010-09-21 20:49 . 2010-09-21 20:49 252800 c:\windows\system32\LIVESSP.DLL
+ 2011-03-29 02:11 . 2011-03-29 02:11 252800 c:\windows\system32\LIVESSP.DLL
+ 2009-07-14 05:01 . 2012-04-14 07:20 512628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-12 16:52 512628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-15 19:19 . 2010-11-15 19:19 153600 c:\windows\Installer\3d888.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 509952 c:\windows\Installer\3d871.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 635904 c:\windows\Installer\3d867.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 468480 c:\windows\Installer\3d843.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 625664 c:\windows\Installer\3d834.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 276480 c:\windows\Installer\3d7f3.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 205824 c:\windows\Installer\3d79e.msp
+ 2010-11-15 19:19 . 2010-11-15 19:19 775168 c:\windows\Installer\3d795.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 715264 c:\windows\Installer\3d6ab.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 136704 c:\windows\Installer\3d680.msp
+ 2010-11-15 19:18 . 2010-11-15 19:18 429056 c:\windows\Installer\3d67b.msi
+ 2012-04-14 01:42 . 2012-04-14 01:42 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a6fb51744921e46bcb668824786e8287\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-04-14 01:42 . 2012-04-14 01:42 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e69ebc47847db9102611374af36403b1\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e5d7d83a5dadc3af9a6b9625eb0db9dc\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d701b054e9a57d35661106e3129008cb\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-04-14 01:42 . 2012-04-14 01:42 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b28c0d3b4a7e0daf5aef6c47d42d8af4\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ad9253672ba424757bb3546364e647e5\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8cba3ac89cc2bb34cbe39bb00709c1da\WindowsLive.Writer.Api.ni.dll
+ 2012-04-14 01:42 . 2012-04-14 01:42 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88c7a220bd93de68022850749e092a74\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\721c6efc6712f9acf006a0473f758151\WindowsLive.Writer.Interop.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ef8139565fd5dcb17bcc273c6dc1ae0\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5df97542d20b8fddbe83723f71ad63d1\WindowsLive.Writer.Controls.ni.dll
+ 2012-04-14 01:42 . 2012-04-14 01:42 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\593b5448f127bca7f5c06907769a78d6\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-04-14 01:42 . 2012-04-14 01:42 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\40987d55c7eac08478b5e14f1dc77c5e\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-04-14 01:42 . 2012-04-14 01:42 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\365fc1ad8068147966183bebb2789ab5\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-04-14 01:42 . 2012-04-14 01:42 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\41840d318bedd3f3cf820c99b85f7725\WindowsLive.Client.ni.dll
+ 2011-06-19 03:20 . 2012-04-14 07:20 7292844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-278354598-3277908703-583346675-1000-4096.dat
- 2011-06-19 03:20 . 2012-04-12 16:52 7292844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-278354598-3277908703-583346675-1000-4096.dat
+ 2012-04-14 01:21 . 2012-04-14 01:21 2146304 c:\windows\Installer\3d882.msp
+ 2010-11-15 19:19 . 2010-11-15 19:19 4250112 c:\windows\Installer\3d877.msi
+ 2010-11-15 19:19 . 2010-11-15 19:19 4175360 c:\windows\Installer\3d86c.msi
+ 2010-11-15 19:19 . 2010-11-15 19:19 3410944 c:\windows\Installer\3d861.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 5124096 c:\windows\Installer\3d85b.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 6661632 c:\windows\Installer\3d851.msi
+ 2010-11-15 19:19 . 2010-11-15 19:19 1070592 c:\windows\Installer\3d839.msi
+ 2010-11-15 19:18 . 2010-11-15 19:18 1492992 c:\windows\Installer\3d82b.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 1829376 c:\windows\Installer\3d815.msp
+ 2010-11-15 19:20 . 2010-11-15 19:20 3454976 c:\windows\Installer\3d80c.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 3105792 c:\windows\Installer\3d806.msp
+ 2010-11-15 19:20 . 2010-11-15 19:20 6195200 c:\windows\Installer\3d7fb.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 6363136 c:\windows\Installer\3d7b6.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 3734016 c:\windows\Installer\3d78c.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 2957312 c:\windows\Installer\3d744.msp
+ 2010-11-15 19:19 . 2010-11-15 19:19 8313856 c:\windows\Installer\3d72a.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 5868544 c:\windows\Installer\3d725.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 5535744 c:\windows\Installer\3d707.msp
+ 2012-04-14 01:21 . 2012-04-14 01:21 3312128 c:\windows\Installer\3d6cf.msp
+ 2010-11-15 19:19 . 2010-11-15 19:19 8332288 c:\windows\Installer\3d6b3.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 2310656 c:\windows\Installer\3d699.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 1139712 c:\windows\Installer\3d691.msp
+ 2010-11-15 19:18 . 2010-11-15 19:18 4004864 c:\windows\Installer\3d685.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 2932224 c:\windows\Installer\3d676.msp
+ 2010-11-15 19:18 . 2010-11-15 19:18 7710720 c:\windows\Installer\3d662.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 4426240 c:\windows\Installer\3d65d.msp
+ 2010-11-15 19:18 . 2010-11-15 19:18 9433088 c:\windows\Installer\3d64e.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 9553408 c:\windows\Installer\3d635.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 8822784 c:\windows\Installer\3d612.msi
+ 2010-09-23 06:17 . 2010-09-23 06:17 1204584 c:\windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502\wlarp.exe
+ 2012-04-14 01:41 . 2012-04-14 01:41 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a724add261acf0344e45068d5b27c66a\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56cbcc886f21818df024d05a0d44ad10\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\468c893374af1c2a332119ff0de5bc26\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-04-14 01:41 . 2012-04-14 01:41 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3de55a3b00709c87b1b685da6b763d77\WindowsLive.Writer.Localization.ni.dll
+ 2010-06-08 05:46 . 2012-04-13 00:44 42504772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-278354598-3277908703-583346675-1000-8192.dat
- 2010-06-08 05:46 . 2012-04-12 16:52 42504772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-278354598-3277908703-583346675-1000-8192.dat
+ 2010-11-15 19:19 . 2010-11-15 19:19 11846656 c:\windows\Installer\3d783.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 14624256 c:\windows\Installer\3d77b.msp
+ 2010-11-15 19:19 . 2010-11-15 19:19 34193408 c:\windows\Installer\3d74f.msi
+ 2010-11-15 19:19 . 2010-11-15 19:19 13850624 c:\windows\Installer\3d70e.msi
+ 2012-04-14 01:21 . 2012-04-14 01:21 22647296 c:\windows\Installer\3d6e2.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"FPCCSMiddleware"="c:\program files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-03-07 536184]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-14 296056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
2009-05-20 06:16 222504 ------w- c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\Java\jre6\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2010-03-23 18:47 500792 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-06-13 441344]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:24]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 04:55]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 04:55]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-278354598-3277908703-583346675-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 18:34]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-278354598-3277908703-583346675-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 18:34]
.
2012-04-11 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ea,2e,cf,e1,72,26,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-14 03:12:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 08:12
ComboFix2.txt 2012-04-14 01:14
ComboFix3.txt 2012-04-12 16:58
ComboFix4.txt 2012-04-08 20:45
.
Pre-Run: 421,094,907,904 bytes free
Post-Run: 420,815,384,576 bytes free
.
- - End Of File - - 18CA017ECEFB77A2C9946D57ADAB7592
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
*YouTube*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 13:22 on 15/04/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*YouTube*"
C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_ProduceYouTubeStep2.xml--a---- 3198 bytes[19:19 06/07/2009][19:19 06/07/2009] 6F2D78EA7241D2AC24FA6E6F53CF2E41
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\producestep1btn_youTube.png--a---- 17685 bytes[18:46 21/01/2009][18:46 21/01/2009] 08254BC2989278AC5B51D07D15D154F0
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\ProduceYouTubeStep2.PNG--a---- 4952 bytes[18:46 21/01/2009][18:46 21/01/2009] 27C6E0ADF4EC56B7268A040EC875ABBA
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\YouTube_Property.png--a---- 5983 bytes[18:46 21/01/2009][18:46 21/01/2009] A3FA350D325763135225500ECFFE9454
C:\Program Files (x86)\Google\Picasa3\runtime\youtube.fen--a---- 1704 bytes[01:16 08/02/2011][01:16 08/02/2011] 80B128DC7DC4BF1B4F7030829903C97C
C:\Program Files (x86)\Google\Picasa3\runtime\youtubelogin.fen--a---- 700 bytes[01:16 08/02/2011][01:16 08/02/2011] 17D5C40A261543A29529D033071ADBFA
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\Custom\Skin\Standard\Webcam\Layout\youtube\YouTubeDlg.bkml------- 5041 bytes[20:39 02/10/2009][20:39 02/10/2009] 76B1C8E959793A1C7A16E6BDD67A363F
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\Custom\Skin\Standard\Webcam\Layout\youtube\YouTubeStep1.bkml------- 4362 bytes[20:39 02/10/2009][20:39 02/10/2009] F1351C2156BDAF1457508B1A9630DBB6
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\Custom\Skin\Standard\Webcam\Layout\youtube\YouTubeStep2.bkml------- 5456 bytes[20:39 02/10/2009][20:39 02/10/2009] 57D52EDA0923BF747A5BDA982343DC16
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\Custom\Skin\Standard\Webcam\Layout\youtube\YouTubeStep3.bkml------- 3495 bytes[20:39 02/10/2009][20:39 02/10/2009] 4E619E3B9A238E9D550CD9B1012B0F48
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\Custom\Skin\Standard\Webcam\Layout\youtube\YouTubeStep4.bkml------- 6830 bytes[20:39 02/10/2009][20:39 02/10/2009] 914DA62E608C23DFF59C2D112A8689CD
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\Custom\Skin\Standard\Webcam\Media\youtube\YouTubeDlgbg.png------- 9489 bytes[20:36 02/10/2009][20:36 02/10/2009] 565B5EC062BEFC9164B347F17858AD4E
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\Custom\Skin\Standard\Webcam\Media\youtube\youtube_icon.png------- 4635 bytes[20:36 02/10/2009][20:36 02/10/2009] 6A7900E91C545EAE59A98EE76D97504F
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\UI\HP_MediaSmart_Webcam\YouTube\YouTubeDlg.kc------- 5808 bytes[20:39 02/10/2009][20:39 02/10/2009] FAE3CA7C784C860FB0F61F732E331E0E
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\UI\HP_MediaSmart_Webcam\YouTube\YouTubeStep1.kc------- 4083 bytes[20:39 02/10/2009][20:39 02/10/2009] 68BC25D89FDACD651A905A03690941A1
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\UI\HP_MediaSmart_Webcam\YouTube\YouTubeStep2.kc------- 4249 bytes[20:39 02/10/2009][20:39 02/10/2009] 93FD24EFF129077FC144E2920349092C
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\UI\HP_MediaSmart_Webcam\YouTube\YouTubeStep3.kc------- 3607 bytes[20:39 02/10/2009][20:39 02/10/2009] B7571D78461A817C32C8F6FC69A0284A
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\UI\HP_MediaSmart_Webcam\YouTube\YouTubeStep4.kc------- 4551 bytes[20:39 02/10/2009][20:39 02/10/2009] 594EFB316C5C75C4688FD3B6DA9886C3
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Customizations\Generic\Style\Standard\Layout\Video\Video_YouTube_1.xml------- 6215 bytes[07:07 06/10/2009][07:07 06/10/2009] 7837421CF488A97885F2C92CE7102FA9
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Customizations\Generic\Style\Standard\Layout\Video\Video_YouTube_2.xml------- 9399 bytes[07:07 06/10/2009][07:07 06/10/2009] E7D22A9BB310BDC0C263727D911B447A
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Customizations\Generic\Style\Standard\Layout\Video\Video_YouTube_3.xml------- 3959 bytes[07:07 06/10/2009][07:07 06/10/2009] 240AEFFB9DECA51E09C2FC5B3EBCBD94
C:\Program Files (x86)\Windows Live\Photo Gallery\WLYouTubePlugin.dll--a---- 137072 bytes[23:40 08/03/2012][23:40 08/03/2012] A0FD454BC321C50B8615E7C1F6738AB6
C:\Program Files (x86)\Windows Live\Photo Gallery\en\WLYouTubePlugin.resources.dll--a---- 51056 bytes[23:50 08/03/2012][23:50 08/03/2012] 630B222E22A07E7924768B878ADB370A
C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.152\default_apps\youtube.crx--a---- 6401 bytes[01:36 10/04/2012][19:42 09/04/2012] 6C88B6EFD075C8A05F66121DDFE666C8
C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\default_apps\youtube.crx--a---- 6401 bytes[17:36 14/04/2012][06:51 12/04/2012] 6C88B6EFD075C8A05F66121DDFE666C8
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage--a---- 3072 bytes[16:57 29/03/2012][22:36 11/04/2012] 1EA952025C229DE4F29966BB76841EE3
C:\Users\Owner\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2DJDMI1L\www.youtube[1].xml--a---- 184 bytes[11:48 27/03/2012][00:26 30/03/2012] E14D37226053682E4CAFE5C981027CB7
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent\‪polar express train videos‬‏ - YouTube.url--a---- 10943 bytes[23:30 30/08/2011][23:30 30/08/2011] B52F38CD531E5094D2ADAFA468E07DFE
C:\Users\Owner\Desktop\Spencer's coloring pages\‪polar express train videos‬‏ - YouTube.url--a---- 10943 bytes[23:30 30/08/2011][23:28 30/08/2011] B52F38CD531E5094D2ADAFA468E07DFE
C:\Users\Owner\Favorites\christmas lights to music - YouTube.url--a---- 361 bytes[18:22 09/09/2011][18:22 09/09/2011] FA797F80B59FCBDB01DB52AC1F9439FF
C:\Users\Owner\Favorites\‪polar express train videos‬‏ - YouTube.url--a---- 417 bytes[06:47 16/07/2011][17:50 19/07/2011] 708E28DF74C17BDC90EA60B5ACA5BAB0
C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502\WLYouTubePluginResFile-ra---- 51056 bytes[06:46 23/09/2010][06:46 23/09/2010] 35545D21983A12F768C94C7AA96F5608
C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLYouTubePluginDLL-ra---- 137072 bytes[06:37 23/09/2010][06:37 23/09/2010] 9049B70999A2D105F96E899CEA9CD214

-= EOF =-
 
Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe

  • Click OK at the warning.
  • Click the Script tab and copy/paste the following text there:
Code: 
DeleteFile:
"C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent\‪polar express train videos‬‏ - YouTube.url"
"C:\Users\Owner\Desktop\Spencer's coloring pages\‪polar express train videos‬‏ - YouTube.url"
"C:\Users\Owner\Favorites\‪polar express train videos‬‏ - YouTube.url"
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post the report created by Blitzblank.
    You can find it in the root of the drive, normally C:\
 
BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\users\owner\appdata\roaming\microsoft\windows\recent\‪polar express train videos‬‏ - youtube.url", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\users\owner\desktop\spencer's coloring pages\‪polar express train videos‬‏ - youtube.url", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\users\owner\favorites\‪polar express train videos‬‏ - youtube.url", destinationFile = "(null)", replaceWithDummy = 0
 
How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer is still doing the same thing......I will see what happens after I do this OTL

here is part of the OTL.txt

OTL logfile created on: 4/16/2012 8:04:08 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 56.84% Memory free
7.61 Gb Paging File | 5.58 Gb Available in Paging File | 73.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.34 Gb Total Space | 393.34 Gb Free Space | 86.96% Space Free | Partition Type: NTFS
Drive D: | 13.13 Gb Total Space | 2.17 Gb Free Space | 16.53% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 95.10 Mb Free Space | 96.04% Space Free | Partition Type: FAT32

Computer Name: CASSIELYNN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/04/09 17:33:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/14 18:48:56 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/28 15:30:20 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/10/14 19:08:44 | 000,308,720 | ---- | M] (Visan / RocketLife) -- C:\ProgramData\HP Photo Creations\PhotoProductCore.exe
PRC - [2009/10/06 02:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/03/06 19:47:06 | 000,536,184 | ---- | M] () -- C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
PRC - [2007/04/13 11:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 02:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/12 02:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 02:36:18 | 000,544,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\libglesv2.dll
MOD - [2012/04/12 02:36:17 | 000,117,744 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\libegl.dll
MOD - [2012/04/12 02:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 02:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 02:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/12 01:51:55 | 008,743,584 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2012/04/12 01:51:55 | 008,743,584 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\APPLIC~1\180102~1.162\gcswf32.dll
MOD - [2009/10/06 02:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/03/06 19:47:06 | 000,536,184 | ---- | M] () -- C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2012/04/15 02:17:34 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/28 15:30:20 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2007/04/13 11:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/05/31 14:05:04 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/08 11:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/26 10:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/07 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 22:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/29 13:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/04/01 14:33:16 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2010/12/18 12:42:00 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/12/18 12:42:00 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26357C63-5C07-4D5D-A015-F400CB5DC67F}
IE:64bit: - HKLM\..\SearchScopes\{06A4F563-4304-440A-B981-0DC97FE782F9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{26357C63-5C07-4D5D-A015-F400CB5DC67F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {26357C63-5C07-4D5D-A015-F400CB5DC67F}
IE - HKLM\..\SearchScopes\{06A4F563-4304-440A-B981-0DC97FE782F9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{26357C63-5C07-4D5D-A015-F400CB5DC67F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\..\SearchScopes,DefaultScope = {28C2533A-E4BF-4970-842E-25B4F037778C}
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\..\SearchScopes\{06A4F563-4304-440A-B981-0DC97FE782F9}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://www.bing.com/search?q={searc...install_date=20110914&iesrc={referrer:source}
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\..\SearchScopes\{26357C63-5C07-4D5D-A015-F400CB5DC67F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\..\SearchScopes\{28C2533A-E4BF-4970-842E-25B4F037778C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-278354598-3277908703-583346675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer v0.8;version=0.8: C:\ProgramData\Visan\Reseller2\npRLViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
second part of otl.txt

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/25 08:14:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/13 02:35:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/13 02:35:24 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z157&form=ZGACDF&install_date=20110914
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Plugins = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop\0.7.0_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Service Pages for Google Chrome\u2122 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmhjjohhiehaoljianalpmfcceojaff\4.5.0_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Picasa Extension (by Google) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp\0.1_0\
CHR - Extension: Ghostery = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\3.0.0_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.1.8_0\
CHR - Extension: Download = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp\0.1.5_0\
CHR - Extension: Secbrowsing - plugin version checker = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgkcfihepeihdlfphbndagmompiakeci\1.7_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/14 03:10:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-278354598-3277908703-583346675-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-278354598-3277908703-583346675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8528F691-CBFB-42FD-B63E-A7D1F7551261}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 12:39:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A7475DD4-724C-4477-A6BE-4BAA39415628}
[2012/04/16 12:36:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD2C89CF-4D5C-4DED-898C-0A9BDD747EB8}
[2012/04/15 16:39:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{607F540C-998A-4953-8C73-9D31D9A0D784}
[2012/04/15 16:39:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{67820E4A-AB60-4ADB-8936-CA29CA124A9B}
[2012/04/15 03:20:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6085A47B-006F-4A98-82A1-41963BB075AD}
[2012/04/14 15:20:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{37D6D578-A443-4A8D-9C85-83167A784654}
[2012/04/14 03:17:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C39ACD41-88ED-4F42-81CF-6905C64AE6E2}
[2012/04/14 03:17:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E2C01E4D-EA23-4E51-AF06-332AEEE979FA}
[2012/04/14 03:10:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/13 20:25:47 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/13 20:20:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BEB34679-D962-4032-8780-B33C214B2D26}
[2012/04/13 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E93FFB6C-74EF-4FCB-A683-5A115597C2FA}
[2012/04/13 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B18A1149-9EE1-472F-AEE9-BAEAA79B4CD9}
[2012/04/12 09:53:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3AE39B98-7913-4FC8-BC0B-1A35A21434A5}
[2012/04/11 18:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/11 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/11 18:13:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/09 17:30:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B27D0D64-2336-45D1-A52D-3081ECC07593}
[2012/04/08 15:32:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/08 15:32:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/08 15:32:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/08 15:32:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/08 15:32:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/06 04:40:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{408A86A3-D5A5-43EA-88AC-DE51B75A67A9}
[2012/04/05 21:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/05 21:09:20 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.60.1.1000.exe
[2012/04/05 12:42:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2359EC90-DE16-4B32-AFD3-6E4DA84F02E3}
[2012/04/05 00:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012/04/04 17:40:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{089AB1D1-C206-4F0C-BCAA-80DE526FD5CC}
[2012/04/03 19:10:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EB5A1DCE-B9A9-4E6F-9E74-E1B952B62123}
[2012/03/31 21:48:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F128828E-4AF3-41D1-B2D5-EAF8BEDF4450}
[2012/03/31 08:09:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{37BD4E2E-72D0-4028-8671-5AED4DE333A0}
[2012/03/31 02:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/31 02:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/29 12:17:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Webroot
[2012/03/25 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3D321CEC-F128-493D-8F51-2C04E3499297}
[2012/03/25 20:42:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0AD8E8CD-63FA-4CB3-BB0B-8F8FD1403352}
[2012/03/18 09:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/18 09:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2012/04/16 20:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/16 19:59:08 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278354598-3277908703-583346675-1000UA.job
[2012/04/16 19:59:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 19:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/16 12:50:35 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278354598-3277908703-583346675-1000Core.job
[2012/04/16 12:46:08 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/04/16 12:36:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 16:53:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 16:53:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 16:46:42 | 000,000,632 | RHS- | M] () -- C:\Users\Owner\ntuser.pol
[2012/04/15 16:46:14 | 3063,046,144 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 16:42:38 | 000,001,479 | ---- | M] () -- C:\Users\Owner\Desktop\BlitzBlank - Shortcut.lnk
[2012/04/15 13:21:56 | 000,001,092 | ---- | M] () -- C:\Users\Owner\Desktop\SystemLook_x64 - Shortcut.lnk
[2012/04/14 12:36:19 | 000,002,359 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2012/04/14 03:10:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/13 20:31:28 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/13 20:31:28 | 000,626,868 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/13 20:31:28 | 000,108,298 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/13 19:56:23 | 000,001,479 | ---- | M] () -- C:\Users\Owner\Desktop\GrantPerms64 - Shortcut.lnk
[2012/04/12 11:40:09 | 000,001,461 | ---- | M] () -- C:\Users\Owner\Desktop\ComboFix - Shortcut.lnk
[2012/04/11 18:26:48 | 000,001,551 | ---- | M] () -- C:\Users\Owner\Desktop\chromeinstall-6u31 - Shortcut.lnk
[2012/04/09 17:36:22 | 000,001,410 | ---- | M] () -- C:\Users\Owner\Desktop\OTL - Shortcut.lnk
[2012/04/08 08:45:13 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Owner\Desktop\boot_cleaner.exe
[2012/04/08 08:27:51 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/04/05 21:18:03 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/05 21:12:18 | 000,001,587 | ---- | M] () -- C:\Users\Owner\Desktop\mbam-setup-1.60.1.1000 - Shortcut.lnk
[2012/04/05 21:09:35 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.60.1.1000.exe
[2012/04/03 19:24:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/03 05:07:32 | 519,392,533 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/31 02:45:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/31 02:45:07 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/29 11:51:15 | 000,623,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/27 13:58:27 | 000,320,940 | ---- | M] () -- C:\Users\Owner\Documents\cc_20120327_135806.reg
[2012/03/26 20:58:27 | 000,007,606 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/03/25 21:02:37 | 000,208,477 | ---- | M] () -- C:\Windows\hpoins40.dat
[2012/03/24 23:24:05 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/24 23:24:05 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/19 19:12:42 | 000,037,559 | ---- | M] () -- C:\Users\Owner\Documents\Assignment 1 Adams and Jefferson.rtf

========== Files Created - No Company Name ==========

[2012/04/15 16:42:38 | 000,001,479 | ---- | C] () -- C:\Users\Owner\Desktop\BlitzBlank - Shortcut.lnk
[2012/04/15 13:21:56 | 000,001,092 | ---- | C] () -- C:\Users\Owner\Desktop\SystemLook_x64 - Shortcut.lnk
[2012/04/13 19:53:15 | 000,001,479 | ---- | C] () -- C:\Users\Owner\Desktop\GrantPerms64 - Shortcut.lnk
[2012/04/12 11:40:09 | 000,001,461 | ---- | C] () -- C:\Users\Owner\Desktop\ComboFix - Shortcut.lnk
[2012/04/11 18:23:19 | 000,001,551 | ---- | C] () -- C:\Users\Owner\Desktop\chromeinstall-6u31 - Shortcut.lnk
[2012/04/09 17:36:22 | 000,001,410 | ---- | C] () -- C:\Users\Owner\Desktop\OTL - Shortcut.lnk
[2012/04/08 15:32:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/08 15:32:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/08 15:32:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/08 15:32:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/08 15:32:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/08 08:27:51 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/04/05 21:18:03 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/05 21:12:18 | 000,001,587 | ---- | C] () -- C:\Users\Owner\Desktop\mbam-setup-1.60.1.1000 - Shortcut.lnk
[2012/04/04 21:24:09 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/03 05:07:32 | 519,392,533 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/31 08:11:46 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2012/03/31 02:45:27 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/31 02:45:07 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/31 02:45:02 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/27 13:58:13 | 000,320,940 | ---- | C] () -- C:\Users\Owner\Documents\cc_20120327_135806.reg
[2012/03/26 20:58:27 | 000,007,606 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/03/26 12:33:22 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/03/19 19:12:42 | 000,037,559 | ---- | C] () -- C:\Users\Owner\Documents\Assignment 1 Adams and Jefferson.rtf
[2012/03/13 02:20:51 | 000,201,770 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2011/12/10 19:42:11 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/10 19:42:11 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/22 23:22:39 | 000,059,447 | ---- | C] () -- C:\ProgramData\starcoloring_vehicles_coloring_book_cfg
[2011/02/21 22:26:20 | 000,001,854 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml
[2011/02/17 03:05:06 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2011/02/17 03:03:23 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/10/16 20:14:31 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/10/12 02:45:49 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/06/16 00:23:31 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2010/06/10 19:42:26 | 000,208,477 | ---- | C] () -- C:\Windows\hpoins40.dat

========== LOP Check ==========

[2010/10/11 19:38:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Avery
[2011/09/12 15:10:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2011/12/07 19:46:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CheckPoint
[2011/08/22 17:48:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/15 17:18:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LEGO Company
[2011/06/09 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NewSoft
[2011/02/17 03:03:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2010/10/12 02:45:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2011/09/30 20:29:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2012/03/14 09:46:10 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/03/26 01:59:00 | 000,009,785 | ---- | M] () -- C:\aaw7boot.log
[2012/04/15 16:45:43 | 000,001,210 | ---- | M] () -- C:\blitzblank.log
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/04/14 03:12:29 | 000,037,247 | ---- | M] () -- C:\ComboFix.txt
[2012/04/15 16:46:14 | 3063,046,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/20 17:44:14 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2012/01/20 18:23:50 | 000,001,570 | ---- | M] () -- C:\MAKEMSI_VBSCA-Kaspersky Security Scan(1.0.0.500)-Friday.log
[2012/04/15 16:46:14 | 4084,064,256 | -HS- | M] () -- C:\pagefile.sys
[2011/07/28 23:02:10 | 000,000,312 | ---- | M] () -- C:\rkill.log
[2010/06/20 17:40:11 | 000,000,084 | ---- | M] () -- C:\SYNTPAD.LOG

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/08 14:42:47 | 000,000,221 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/04/08 08:45:13 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Owner\Desktop\boot_cleaner.exe
[2011/02/04 04:56:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2012/04/05 21:09:35 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.60.1.1000.exe
[2011/12/08 03:58:21 | 000,462,496 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Owner\Desktop\uninstall_flash_player_64bit.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/16 20:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/16 12:36:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 19:59:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 12:50:35 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278354598-3277908703-583346675-1000Core.job
[2012/04/16 19:59:08 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278354598-3277908703-583346675-1000UA.job
[2012/04/16 12:46:08 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/04/15 16:46:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/14 09:46:10 | 000,032,636 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/08/27 02:51:32 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/08/27 02:51:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/08/23 22:35:52 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/08/23 22:35:52 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/08/27 02:51:32 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/15 04:27:37 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/03/25 10:28:23 | 000,000,188 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2012/03/25 21:02:38 | 000,013,045 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2012/01/01 14:57:29 | 000,059,447 | ---- | M] () -- C:\ProgramData\starcoloring_vehicles_coloring_book_cfg
[2010/02/16 04:39:49 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/01/09 20:05:56 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/02/16 04:39:24 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/01/09 20:02:19 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/02/16 04:38:51 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/02/16 04:39:39 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/01/09 20:01:27 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/01/09 20:05:13 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/02/16 04:39:56 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
 
OTL log is clean.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
my computer just hasn't stopped doing what it was doing..... :( here is part of the TDSSKiller log

18:37:58.0002 5772TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:37:58.0439 5772============================================================
18:37:58.0439 5772Current date / time: 2012/04/17 18:37:58.0439
18:37:58.0439 5772SystemInfo:
18:37:58.0439 5772
18:37:58.0439 5772OS Version: 6.1.7601 ServicePack: 1.0
18:37:58.0439 5772Product type: Workstation
18:37:58.0439 5772ComputerName: CASSIELYNN
18:37:58.0439 5772UserName: Owner
18:37:58.0439 5772Windows directory: C:\Windows
18:37:58.0439 5772System windows directory: C:\Windows
18:37:58.0439 5772Running under WOW64
18:37:58.0439 5772Processor architecture: Intel x64
18:37:58.0439 5772Number of processors: 4
18:37:58.0439 5772Page size: 0x1000
18:37:58.0439 5772Boot type: Normal boot
18:37:58.0439 5772============================================================
18:37:58.0938 5772Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:37:58.0954 5772\Device\Harddisk0\DR0:
18:37:58.0954 5772MBR used
18:37:58.0954 5772\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:37:58.0954 5772\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x388AC800
18:37:58.0954 5772\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38910800, BlocksNum 0x1A41800
18:37:58.0954 5772\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
18:37:59.0032 5772Initialize success
18:37:59.0032 5772============================================================
18:38:36.0566 2768============================================================
18:38:36.0566 2768Scan started
18:38:36.0566 2768Mode: Manual;
18:38:36.0566 2768============================================================
18:38:36.0909 27681394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:38:36.0909 27681394ohci - ok
18:38:36.0956 2768Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:38:36.0956 2768Accelerometer - ok
18:38:37.0002 2768ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:38:37.0002 2768ACPI - ok
18:38:37.0018 2768AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:38:37.0018 2768AcpiPmi - ok
18:38:37.0065 2768AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:38:37.0080 2768AdobeARMservice - ok
18:38:37.0221 2768AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:38:37.0221 2768AdobeFlashPlayerUpdateSvc - ok
18:38:37.0299 2768adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:38:37.0314 2768adp94xx - ok
18:38:37.0346 2768adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:38:37.0361 2768adpahci - ok
18:38:37.0408 2768adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:38:37.0424 2768adpu320 - ok
18:38:37.0455 2768AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:38:37.0455 2768AeLookupSvc - ok
18:38:37.0517 2768AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
18:38:37.0517 2768AESTFilters - ok
18:38:37.0595 2768AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:38:37.0611 2768AFD - ok
18:38:37.0673 2768agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:38:37.0673 2768agp440 - ok
18:38:37.0704 2768ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:38:37.0720 2768ALG - ok
18:38:37.0751 2768aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:38:37.0751 2768aliide - ok
18:38:37.0767 2768amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:38:37.0767 2768amdide - ok
18:38:37.0798 2768AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:38:37.0798 2768AmdK8 - ok
18:38:37.0845 2768AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:38:37.0845 2768AmdPPM - ok
18:38:37.0860 2768amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:38:37.0876 2768amdsata - ok
18:38:37.0907 2768amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:38:37.0907 2768amdsbs - ok
18:38:37.0970 2768amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:38:37.0970 2768amdxata - ok
18:38:38.0016 2768AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:38:38.0016 2768AppID - ok
18:38:38.0048 2768AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:38:38.0048 2768AppIDSvc - ok
18:38:38.0079 2768Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:38:38.0079 2768Appinfo - ok
18:38:38.0172 2768arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:38:38.0172 2768arc - ok
18:38:38.0219 2768arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:38:38.0219 2768arcsas - ok
18:38:38.0250 2768AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:38:38.0250 2768AsyncMac - ok
18:38:38.0297 2768atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:38:38.0297 2768atapi - ok
18:38:38.0360 2768AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:38:38.0360 2768AudioEndpointBuilder - ok
18:38:38.0375 2768AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:38:38.0375 2768AudioSrv - ok
18:38:38.0422 2768AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:38:38.0422 2768AxInstSV - ok
18:38:38.0500 2768b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:38:38.0500 2768b06bdrv - ok
18:38:38.0562 2768b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:38:38.0562 2768b57nd60a - ok
18:38:38.0625 2768BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:38:38.0625 2768BBSvc - ok
18:38:38.0687 2768BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:38:38.0703 2768BCM43XX - ok
18:38:38.0750 2768BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:38:38.0750 2768BDESVC - ok
18:38:38.0796 2768Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:38:38.0796 2768Beep - ok
18:38:38.0859 2768BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:38:38.0874 2768BFE - ok
18:38:38.0921 2768BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:38:38.0921 2768BITS - ok
18:38:38.0984 2768blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:38:38.0999 2768blbdrive - ok
18:38:39.0030 2768bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:38:39.0046 2768bowser - ok
18:38:39.0077 2768BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:38:39.0077 2768BrFiltLo - ok
18:38:39.0108 2768BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:38:39.0108 2768BrFiltUp - ok
18:38:39.0155 2768BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:38:39.0155 2768BridgeMP - ok
18:38:39.0218 2768Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:38:39.0218 2768Browser - ok
18:38:39.0264 2768Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:38:39.0264 2768Brserid - ok
18:38:39.0296 2768BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:38:39.0296 2768BrSerWdm - ok
18:38:39.0311 2768BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:38:39.0311 2768BrUsbMdm - ok
18:38:39.0342 2768BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:38:39.0342 2768BrUsbSer - ok
18:38:39.0374 2768BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:38:39.0374 2768BTHMODEM - ok
18:38:39.0405 2768bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:38:39.0420 2768bthserv - ok
18:38:39.0452 2768catchme - ok
18:38:39.0514 2768cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:38:39.0514 2768cdfs - ok
18:38:39.0576 2768cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:38:39.0592 2768cdrom - ok
18:38:39.0639 2768CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:38:39.0654 2768CertPropSvc - ok
18:38:39.0670 2768circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:38:39.0670 2768circlass - ok
18:38:39.0717 2768CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:38:39.0717 2768CLFS - ok
18:38:39.0779 2768clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:39.0779 2768clr_optimization_v2.0.50727_32 - ok
18:38:39.0810 2768clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:38:39.0826 2768clr_optimization_v2.0.50727_64 - ok
18:38:39.0888 2768clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:38:39.0888 2768clr_optimization_v4.0.30319_32 - ok
18:38:39.0935 2768clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:38:39.0935 2768clr_optimization_v4.0.30319_64 - ok
18:38:40.0029 2768CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:38:40.0029 2768CmBatt - ok
18:38:40.0076 2768cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:38:40.0076 2768cmdide - ok
18:38:40.0122 2768CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:38:40.0122 2768CNG - ok
18:38:40.0154 2768Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:38:40.0154 2768Compbatt - ok
18:38:40.0200 2768CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:38:40.0200 2768CompositeBus - ok
18:38:40.0232 2768COMSysApp - ok
18:38:40.0278 2768crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:38:40.0278 2768crcdisk - ok
18:38:40.0325 2768CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:38:40.0325 2768CryptSvc - ok
18:38:40.0388 2768DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:38:40.0388 2768DcomLaunch - ok
18:38:40.0434 2768defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:38:40.0434 2768defragsvc - ok
18:38:40.0497 2768DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:38:40.0497 2768DfsC - ok
18:38:40.0544 2768Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:38:40.0544 2768Dhcp - ok
18:38:40.0575 2768discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:38:40.0575 2768discache - ok
18:38:40.0653 2768Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:38:40.0653 2768Disk - ok
18:38:40.0700 2768Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:38:40.0700 2768Dnscache - ok
18:38:40.0746 2768dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:38:40.0746 2768dot3svc - ok
18:38:40.0793 2768Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:38:40.0809 2768Dot4 - ok
18:38:40.0840 2768Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:38:40.0840 2768Dot4Print - ok
18:38:40.0871 2768dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:38:40.0871 2768dot4usb - ok
18:38:40.0902 2768DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:38:40.0902 2768DPS - ok
18:38:40.0934 2768drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:38:40.0934 2768drmkaud - ok
18:38:40.0996 2768DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:38:40.0996 2768DXGKrnl - ok
18:38:41.0058 2768EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:38:41.0058 2768EapHost - ok
18:38:41.0152 2768ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:38:41.0199 2768ebdrv - ok
18:38:41.0261 2768EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:38:41.0261 2768EFS - ok
18:38:41.0324 2768ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:38:41.0339 2768ehRecvr - ok
18:38:41.0370 2768ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:38:41.0370 2768ehSched - ok
18:38:41.0433 2768elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:38:41.0448 2768elxstor - ok
18:38:41.0480 2768enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
18:38:41.0495 2768enecir - ok
18:38:41.0542 2768ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:38:41.0542 2768ErrDev - ok
18:38:41.0589 2768EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:38:41.0589 2768EventSystem - ok
18:38:41.0667 2768exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:38:41.0667 2768exfat - ok
18:38:41.0714 2768fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:38:41.0714 2768fastfat - ok
18:38:41.0760 2768Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:38:41.0776 2768Fax - ok
18:38:41.0823 2768fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:38:41.0823 2768fdc - ok
18:38:41.0854 2768fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:38:41.0854 2768fdPHost - ok
18:38:41.0870 2768FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:38:41.0870 2768FDResPub - ok
18:38:41.0932 2768FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:38:41.0932 2768FileInfo - ok
18:38:41.0963 2768Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:38:41.0979 2768Filetrace - ok
18:38:41.0994 2768flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:38:41.0994 2768flpydisk - ok
18:38:42.0026 2768FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:38:42.0041 2768FltMgr - ok
18:38:42.0104 2768FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
18:38:42.0104 2768FlyUsb - ok
18:38:42.0166 2768FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:38:42.0182 2768FontCache - ok
18:38:42.0260 2768FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:38:42.0260 2768FontCache3.0.0.0 - ok
18:38:42.0306 2768FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:38:42.0306 2768FsDepends - ok
18:38:42.0338 2768fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
18:38:42.0338 2768fssfltr - ok
18:38:42.0447 2768fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:38:42.0462 2768fsssvc - ok
18:38:42.0525 2768Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:38:42.0525 2768Fs_Rec - ok
18:38:42.0572 2768fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:38:42.0587 2768fvevol - ok
18:38:42.0618 2768gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:38:42.0634 2768gagp30kx - ok
18:38:42.0681 2768gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:38:42.0696 2768gpsvc - ok
18:38:42.0790 2768gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:38:42.0790 2768gupdate - ok
18:38:42.0790 2768gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:38:42.0790 2768gupdatem - ok
18:38:42.0821 2768gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:38:42.0821 2768gusvc - ok
18:38:42.0899 2768hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:38:42.0899 2768hcw85cir - ok
18:38:42.0962 2768HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:38:42.0962 2768HdAudAddService - ok
18:38:42.0993 2768HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:38:42.0993 2768HDAudBus - ok
18:38:43.0040 2768HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:38:43.0040 2768HECIx64 - ok
18:38:43.0055 2768HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:38:43.0055 2768HidBatt - ok
18:38:43.0071 2768HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:38:43.0086 2768HidBth - ok
18:38:43.0164 2768HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:38:43.0164 2768HidIr - ok
18:38:43.0196 2768hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:38:43.0196 2768hidserv - ok
18:38:43.0258 2768HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:38:43.0258 2768HidUsb - ok
18:38:43.0289 2768hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:38:43.0289 2768hkmsvc - ok
18:38:43.0336 2768HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:38:43.0336 2768HomeGroupListener - ok
18:38:43.0383 2768HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:38:43.0383 2768HomeGroupProvider - ok
18:38:43.0476 2768HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:38:43.0476 2768HP Support Assistant Service - ok
18:38:43.0554 2768HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:38:43.0554 2768HPDrvMntSvc.exe - ok
18:38:43.0617 2768hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:38:43.0617 2768hpdskflt - ok
18:38:43.0726 2768hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:38:43.0726 2768hpqcxs08 - ok
18:38:43.0773 2768hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:38:43.0773 2768hpqddsvc - ok
18:38:43.0851 2768HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:38:43.0851 2768HpqKbFiltr - ok
18:38:43.0929 2768hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:38:43.0944 2768hpqwmiex - ok
18:38:43.0991 2768HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:38:43.0991 2768HpSAMD - ok
18:38:44.0100 2768HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:38:44.0116 2768HPSLPSVC - ok
18:38:44.0163 2768hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
18:38:44.0163 2768hpsrv - ok
18:38:44.0241 2768HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:38:44.0256 2768HTTP - ok
18:38:44.0288 2768hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:38:44.0288 2768hwpolicy - ok
18:38:44.0350 2768i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:38:44.0350 2768i8042prt - ok
18:38:44.0397 2768iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
18:38:44.0397 2768iaStor - ok
18:38:44.0475 2768iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:38:44.0490 2768iaStorV - ok
18:38:44.0537 2768idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:38:44.0553 2768idsvc - ok
18:38:44.0740 2768igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:38:44.0818 2768igfx - ok
18:38:44.0912 2768iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:38:44.0912 2768iirsp - ok
18:38:44.0990 2768IJPLMSVC (2f95bef56aeeeb45de55ec44668e2695) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
18:38:45.0005 2768IJPLMSVC - ok
18:38:45.0052 2768IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:38:45.0068 2768IKEEXT - ok
18:38:45.0114 2768IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:38:45.0130 2768IntcDAud - ok
18:38:45.0224 2768intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:38:45.0239 2768intelide - ok
18:38:45.0270 2768intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:38:45.0270 2768intelppm - ok
18:38:45.0302 2768IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:38:45.0302 2768IPBusEnum - ok
18:38:45.0348 2768IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:38:45.0348 2768IpFilterDriver - ok
18:38:45.0380 2768iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:38:45.0395 2768iphlpsvc - ok
18:38:45.0426 2768IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:38:45.0442 2768IPMIDRV - ok
18:38:45.0504 2768IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:38:45.0504 2768IPNAT - ok
18:38:45.0551 2768IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:38:45.0551 2768IRENUM - ok
18:38:45.0567 2768isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:38:45.0567 2768isapnp - ok
18:38:45.0598 2768iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:38:45.0598 2768iScsiPrt - ok
18:38:45.0629 2768kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:38:45.0629 2768kbdclass - ok
18:38:45.0660 2768kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:38:45.0660 2768kbdhid - ok
18:38:45.0707 2768KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:45.0707 2768KeyIso - ok
18:38:45.0723 2768KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:38:45.0723 2768KSecDD - ok
18:38:45.0801 2768KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:38:45.0801 2768KSecPkg - ok
18:38:45.0832 2768ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:38:45.0848 2768ksthunk - ok
18:38:45.0894 2768KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:38:45.0894 2768KtmRm - ok
18:38:45.0941 2768LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:38:45.0941 2768LanmanServer - ok
18:38:45.0988 2768LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:38:45.0988 2768LanmanWorkstation - ok
18:38:46.0097 2768LeapFrog Connect Device Service (96639bad7601260cf662d41d4545c195) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
18:38:46.0113 2768LeapFrog Connect Device Service - ok
18:38:46.0160 2768LightScribeService (07b1888209c54b675ffccbde9f06d2c6) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:38:46.0175 2768LightScribeService - ok
18:38:46.0238 2768lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:38:46.0253 2768lltdio - ok
18:38:46.0284 2768lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:38:46.0284 2768lltdsvc - ok
18:38:46.0316 2768lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:38:46.0316 2768lmhosts - ok
18:38:46.0409 2768LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:38:46.0409 2768LMS - ok
18:38:46.0487 2768LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:38:46.0487 2768LSI_FC - ok
18:38:46.0503 2768LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:38:46.0518 2768LSI_SAS - ok
18:38:46.0534 2768LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:38:46.0550 2768LSI_SAS2 - ok
18:38:46.0565 2768LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:38:46.0565 2768LSI_SCSI - ok
18:38:46.0596 2768luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:38:46.0596 2768luafv - ok
18:38:46.0659 2768McciCMService (944b3087b142cd9bf8da6b3039fbfba5) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
18:38:46.0659 2768McciCMService - ok
18:38:46.0721 2768McciCMService64 (fbd57a7c443c85cc6c6169493a020fdf) C:\Program Files\Common
 
here is the other part......


Files\Motive\McciCMService.exe
18:38:46.0721 2768McciCMService64 - ok
18:38:46.0799 2768Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:38:46.0799 2768Mcx2Svc - ok
18:38:46.0830 2768megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:38:46.0830 2768megasas - ok
18:38:46.0862 2768MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:38:46.0862 2768MegaSR - ok
18:38:46.0940 2768Microsoft SharePoint Workspace Audit Service - ok
18:38:46.0986 2768MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:38:47.0002 2768MMCSS - ok
18:38:47.0018 2768Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:38:47.0018 2768Modem - ok
18:38:47.0080 2768monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:38:47.0080 2768monitor - ok
18:38:47.0142 2768mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:38:47.0142 2768mouclass - ok
18:38:47.0174 2768mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:38:47.0189 2768mouhid - ok
18:38:47.0236 2768mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:38:47.0236 2768mountmgr - ok
18:38:47.0267 2768MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:38:47.0283 2768MpFilter - ok
18:38:47.0314 2768mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:38:47.0314 2768mpio - ok
18:38:47.0376 2768MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:38:47.0376 2768MpNWMon - ok
18:38:47.0408 2768mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:38:47.0423 2768mpsdrv - ok
18:38:47.0486 2768MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:38:47.0501 2768MpsSvc - ok
18:38:47.0564 2768MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
18:38:47.0564 2768MREMP50 - ok
18:38:47.0610 2768MREMP50a64 - ok
18:38:47.0626 2768MREMPR5 - ok
18:38:47.0626 2768MRENDIS5 - ok
18:38:47.0657 2768MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
18:38:47.0657 2768MRESP50 - ok
18:38:47.0673 2768MRESP50a64 - ok
18:38:47.0735 2768MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:38:47.0751 2768MRxDAV - ok
18:38:47.0782 2768mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:38:47.0782 2768mrxsmb - ok
18:38:47.0813 2768mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:38:47.0813 2768mrxsmb10 - ok
18:38:47.0829 2768mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:38:47.0829 2768mrxsmb20 - ok
18:38:47.0876 2768msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:38:47.0876 2768msahci - ok
18:38:47.0907 2768msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:38:47.0907 2768msdsm - ok
18:38:47.0938 2768MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:38:47.0954 2768MSDTC - ok
18:38:47.0985 2768Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:38:47.0985 2768Msfs - ok
18:38:48.0063 2768mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:38:48.0063 2768mshidkmdf - ok
18:38:48.0078 2768msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:38:48.0078 2768msisadrv - ok
18:38:48.0110 2768MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:38:48.0110 2768MSiSCSI - ok
18:38:48.0125 2768msiserver - ok
18:38:48.0156 2768MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:38:48.0156 2768MSKSSRV - ok
18:38:48.0234 2768MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:38:48.0234 2768MsMpSvc - ok
18:38:48.0250 2768MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:38:48.0250 2768MSPCLOCK - ok
18:38:48.0281 2768MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:38:48.0281 2768MSPQM - ok
18:38:48.0312 2768MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:38:48.0328 2768MsRPC - ok
18:38:48.0390 2768mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:38:48.0390 2768mssmbios - ok
18:38:48.0422 2768MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:38:48.0422 2768MSTEE - ok
18:38:48.0453 2768MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:38:48.0453 2768MTConfig - ok
18:38:48.0484 2768Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:38:48.0484 2768Mup - ok
18:38:48.0515 2768napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:38:48.0515 2768napagent - ok
18:38:48.0562 2768NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:38:48.0578 2768NativeWifiP - ok
18:38:48.0624 2768NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:38:48.0640 2768NDIS - ok
18:38:48.0687 2768NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:38:48.0687 2768NdisCap - ok
18:38:48.0718 2768NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:38:48.0718 2768NdisTapi - ok
18:38:48.0765 2768Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:38:48.0765 2768Ndisuio - ok
18:38:48.0796 2768NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:38:48.0812 2768NdisWan - ok
18:38:48.0858 2768NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:38:48.0858 2768NDProxy - ok
18:38:48.0905 2768Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
18:38:48.0905 2768Net Driver HPZ12 - ok
18:38:48.0968 2768NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:38:48.0968 2768NetBIOS - ok
18:38:49.0030 2768NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:38:49.0030 2768NetBT - ok
18:38:49.0077 2768Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:49.0092 2768Netlogon - ok
18:38:49.0139 2768Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:38:49.0139 2768Netman - ok
18:38:49.0170 2768netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:38:49.0170 2768netprofm - ok
18:38:49.0217 2768NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:38:49.0233 2768NetTcpPortSharing - ok
18:38:49.0420 2768NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:38:49.0498 2768NETw5s64 - ok
18:38:49.0701 2768netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:38:49.0748 2768netw5v64 - ok
18:38:49.0779 2768nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:38:49.0779 2768nfrd960 - ok
18:38:49.0872 2768NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:38:49.0872 2768NisDrv - ok
18:38:49.0950 2768NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
18:38:49.0950 2768NisSrv - ok
18:38:49.0997 2768NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:38:50.0013 2768NlaSvc - ok
18:38:50.0028 2768Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:38:50.0028 2768Npfs - ok
18:38:50.0060 2768nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:38:50.0060 2768nsi - ok
18:38:50.0075 2768nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:38:50.0075 2768nsiproxy - ok
18:38:50.0138 2768Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:38:50.0153 2768Ntfs - ok
18:38:50.0247 2768Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:38:50.0247 2768Null - ok
18:38:50.0278 2768nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:38:50.0278 2768nvraid - ok
18:38:50.0309 2768nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:38:50.0309 2768nvstor - ok
18:38:50.0340 2768nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:38:50.0340 2768nv_agp - ok
18:38:50.0356 2768ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:38:50.0356 2768ohci1394 - ok
18:38:50.0434 2768ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:38:50.0450 2768ose - ok
18:38:50.0606 2768osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:38:50.0652 2768osppsvc - ok
18:38:50.0730 2768p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:38:50.0730 2768p2pimsvc - ok
18:38:50.0777 2768p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:38:50.0777 2768p2psvc - ok
18:38:50.0808 2768Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:38:50.0824 2768Parport - ok
18:38:50.0855 2768partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:38:50.0855 2768partmgr - ok
18:38:50.0871 2768PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:38:50.0871 2768PcaSvc - ok
18:38:50.0918 2768pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:38:50.0918 2768pci - ok
18:38:50.0933 2768pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:38:50.0933 2768pciide - ok
18:38:50.0964 2768pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:38:50.0964 2768pcmcia - ok
18:38:51.0027 2768pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:38:51.0027 2768pcw - ok
18:38:51.0074 2768PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:38:51.0074 2768PEAUTH - ok
18:38:51.0136 2768PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:38:51.0136 2768PerfHost - ok
18:38:51.0198 2768pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:38:51.0230 2768pla - ok
18:38:51.0276 2768PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:38:51.0292 2768PlugPlay - ok
18:38:51.0354 2768Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
18:38:51.0354 2768Pml Driver HPZ12 - ok
18:38:51.0401 2768PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:38:51.0401 2768PNRPAutoReg - ok
18:38:51.0417 2768PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:38:51.0432 2768PNRPsvc - ok
18:38:51.0448 2768PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:38:51.0464 2768PolicyAgent - ok
18:38:51.0495 2768Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:38:51.0510 2768Power - ok
18:38:51.0542 2768PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:38:51.0557 2768PptpMiniport - ok
18:38:51.0588 2768Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:38:51.0588 2768Processor - ok
18:38:51.0620 2768ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:38:51.0635 2768ProfSvc - ok
18:38:51.0698 2768ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:51.0698 2768ProtectedStorage - ok
18:38:51.0744 2768Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:38:51.0760 2768Psched - ok
18:38:51.0822 2768ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:38:51.0838 2768ql2300 - ok
18:38:51.0869 2768ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:38:51.0869 2768ql40xx - ok
18:38:51.0900 2768QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:38:51.0900 2768QWAVE - ok
18:38:51.0932 2768QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:38:51.0932 2768QWAVEdrv - ok
18:38:51.0994 2768RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:38:51.0994 2768RasAcd - ok
18:38:52.0025 2768RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:38:52.0025 2768RasAgileVpn - ok
18:38:52.0041 2768RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:38:52.0056 2768RasAuto - ok
18:38:52.0088 2768Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:38:52.0088 2768Rasl2tp - ok
18:38:52.0134 2768RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:38:52.0150 2768RasMan - ok
18:38:52.0181 2768RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:38:52.0181 2768RasPppoe - ok
18:38:52.0197 2768RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:38:52.0212 2768RasSstp - ok
18:38:52.0244 2768rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:38:52.0244 2768rdbss - ok
18:38:52.0306 2768rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:38:52.0306 2768rdpbus - ok
18:38:52.0353 2768RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:38:52.0353 2768RDPCDD - ok
18:38:52.0368 2768RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:38:52.0368 2768RDPENCDD - ok
18:38:52.0400 2768RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:38:52.0400 2768RDPREFMP - ok
18:38:52.0431 2768RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:38:52.0431 2768RDPWD - ok
18:38:52.0493 2768rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:38:52.0493 2768rdyboost - ok
18:38:52.0524 2768RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:38:52.0540 2768RemoteAccess - ok
18:38:52.0556 2768RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:38:52.0571 2768RemoteRegistry - ok
18:38:52.0649 2768RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:38:52.0649 2768RichVideo - ok
18:38:52.0712 2768RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:38:52.0712 2768RpcEptMapper - ok
18:38:52.0743 2768RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:38:52.0743 2768RpcLocator - ok
18:38:52.0790 2768RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
18:38:52.0790 2768RpcSs - ok
18:38:52.0836 2768rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:38:52.0836 2768rspndr - ok
18:38:52.0883 2768RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
18:38:52.0899 2768RSUSBSTOR - ok
18:38:52.0946 2768RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:38:52.0946 2768RTL8167 - ok
18:38:53.0008 2768SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:53.0008 2768SamSs - ok
18:38:53.0055 2768sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:38:53.0055 2768sbp2port - ok
18:38:53.0086 2768SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:38:53.0086 2768SCardSvr - ok
18:38:53.0133 2768scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:38:53.0133 2768scfilter - ok
18:38:53.0180 2768Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:38:53.0195 2768Schedule - ok
18:38:53.0242 2768SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:38:53.0242 2768SCPolicySvc - ok
18:38:53.0336 2768sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:38:53.0336 2768sdbus - ok
18:38:53.0367 2768SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:38:53.0367 2768SDRSVC - ok
18:38:53.0445 2768SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:38:53.0445 2768SeaPort - ok
18:38:53.0492 2768secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:38:53.0492 2768secdrv - ok
18:38:53.0538 2768seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:38:53.0538 2768seclogon - ok
18:38:53.0601 2768SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:38:53.0601 2768SENS - ok
18:38:53.0632 2768SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:38:53.0632 2768SensrSvc - ok
18:38:53.0679 2768Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:38:53.0679 2768Serenum - ok
18:38:53.0694 2768Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:38:53.0694 2768Serial - ok
18:38:53.0741 2768sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:38:53.0741 2768sermouse - ok
18:38:53.0788 2768SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:38:53.0788 2768SessionEnv - ok
18:38:53.0835 2768sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:38:53.0835 2768sffdisk - ok
18:38:53.0882 2768sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:38:53.0882 2768sffp_mmc - ok
18:38:53.0913 2768sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:38:53.0913 2768sffp_sd - ok
18:38:53.0928 2768sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:38:53.0928 2768sfloppy - ok
18:38:53.0991 2768SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:38:53.0991 2768SharedAccess - ok
18:38:54.0038 2768ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:38:54.0053 2768ShellHWDetection - ok
18:38:54.0084 2768SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:38:54.0084 2768SiSRaid2 - ok
18:38:54.0131 2768SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:38:54.0131 2768SiSRaid4 - ok
18:38:54.0194 2768Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:38:54.0194 2768Smb - ok
18:38:54.0240 2768SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:38:54.0240 2768SNMPTRAP - ok
18:38:54.0272 2768spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:38:54.0272 2768spldr - ok
18:38:54.0303 2768Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:38:54.0318 2768Spooler - ok
18:38:54.0412 2768sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:38:54.0459 2768sppsvc - ok
18:38:54.0506 2768sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:38:54.0521 2768sppuinotify - ok
18:38:54.0584 2768srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:38:54.0584 2768srv - ok
18:38:54.0615 2768srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:38:54.0630 2768srv2 - ok
18:38:54.0662 2768SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:38:54.0662 2768SrvHsfHDA - ok
18:38:54.0708 2768SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:38:54.0724 2768SrvHsfV92 - ok
18:38:54.0755 2768SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:38:54.0771 2768SrvHsfWinac - ok
18:38:54.0818 2768srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:38:54.0818 2768srvnet - ok
18:38:54.0864 2768SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:38:54.0880 2768SSDPSRV - ok
18:38:54.0896 2768SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:38:54.0896 2768SstpSvc - ok
18:38:54.0958 2768STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
18:38:54.0974 2768STacSV - ok
18:38:55.0005 2768stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:38:55.0005 2768stexstor - ok
18:38:55.0083 2768STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
18:38:55.0098 2768STHDA - ok
18:38:55.0130 2768StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:38:55.0130 2768StillCam - ok
18:38:55.0192 2768stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:38:55.0192 2768stisvc - ok
18:38:55.0239 2768swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:38:55.0239 2768swenum - ok
18:38:55.0270 2768swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:38:55.0270 2768swprv - ok
18:38:55.0364 2768SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
18:38:55.0364 2768SynTP - ok
18:38:55.0473 2768SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:38:55.0504 2768SysMain - ok
18:38:55.0551 2768TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:38:55.0551 2768TabletInputService - ok
18:38:55.0598 2768TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:38:55.0613 2768TapiSrv - ok
18:38:55.0644 2768TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:38:55.0644 2768TBS - ok
18:38:55.0754 2768Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:38:55.0785 2768Tcpip - ok
18:38:55.0832 2768TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:38:55.0847 2768TCPIP6 - ok
18:38:55.0878 2768tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:38:55.0878 2768tcpipreg - ok
18:38:55.0925 2768TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:38:55.0925 2768TDPIPE - ok
18:38:55.0956 2768TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:38:55.0956 2768TDTCP - ok
18:38:55.0988 2768tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:38:56.0003 2768tdx - ok
18:38:56.0066 2768TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:38:56.0066 2768TermDD - ok
18:38:56.0097 2768TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:38:56.0112 2768TermService - ok
18:38:56.0144 2768Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:38:56.0144 2768Themes - ok
18:38:56.0175 2768THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:38:56.0175 2768THREADORDER - ok
18:38:56.0206 2768TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:38:56.0206 2768TrkWks - ok
18:38:56.0237 2768TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:38:56.0237 2768TrustedInstaller - ok
18:38:56.0284 2768tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:38:56.0284 2768tssecsrv - ok
18:38:56.0362 2768TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:38:56.0362 2768TsUsbFlt - ok
18:38:56.0409 2768tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:38:56.0409 2768tunnel - ok
18:38:56.0440 2768uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:38:56.0456 2768uagp35 - ok
18:38:56.0487 2768udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:38:56.0502 2768udfs - ok
18:38:56.0534 2768UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:38:56.0534 2768UI0Detect - ok
18:38:56.0580 2768uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:38:56.0580 2768uliagpkx - ok
18:38:56.0674 2768umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:38:56.0674 2768umbus - ok
18:38:56.0705 2768UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:38:56.0705 2768UmPass - ok
18:38:56.0846 2768UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:38:56.0877 2768UNS - ok
18:38:56.0939 2768upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:38:56.0939 2768upnphost - ok
18:38:56.0986 2768usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:38:56.0986 2768usbccgp - ok
18:38:57.0017 2768usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:38:57.0017 2768usbcir - ok
18:38:57.0048 2768usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:38:57.0048 2768usbehci - ok
18:38:57.0095 2768usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:38:57.0095 2768usbhub - ok
18:38:57.0111 2768usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:38:57.0111 2768usbohci - ok
18:38:57.0158 2768usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:38:57.0158 2768usbprint - ok
18:38:57.0173 2768usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:38:57.0173 2768usbscan - ok
18:38:57.0204 2768USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:38:57.0204 2768USBSTOR - ok
18:38:57.0267 2768usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:38:57.0267 2768usbuhci - ok
18:38:57.0298 2768usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:38:57.0298 2768usbvideo - ok
18:38:57.0329 2768UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:38:57.0329 2768UxSms - ok
18:38:57.0392 2768VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:57.0392 2768VaultSvc - ok
18:38:57.0423 2768vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:38:57.0423 2768vdrvroot - ok
18:38:57.0470 2768vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:38:57.0485 2768vds - ok
18:38:57.0516 2768vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:38:57.0516 2768vga - ok
18:38:57.0579 2768VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:38:57.0579 2768VgaSave - ok
18:38:57.0626 2768vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:38:57.0626 2768vhdmp - ok
18:38:57.0641 2768viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:38:57.0641 2768viaide - ok
18:38:57.0672 2768volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:38:57.0672 2768volmgr - ok
18:38:57.0735 2768volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:38:57.0735 2768volmgrx - ok
18:38:57.0766 2768volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:38:57.0782 2768volsnap - ok
18:38:57.0813 2768vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:38:57.0813 2768vsmraid - ok
18:38:57.0938 2768VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:38:57.0953 2768VSS - ok
18:38:58.0000 2768vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:38:58.0000 2768vwifibus - ok
18:38:58.0031 2768vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:38:58.0031 2768vwififlt - ok
18:38:58.0062 2768vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:38:58.0062 2768vwifimp - ok
18:38:58.0109 2768W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:38:58.0109 2768W32Time - ok
18:38:58.0172 2768WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:38:58.0172 2768WacomPen - ok
18:38:58.0218 2768WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:38:58.0234 2768WANARP - ok
18:38:58.0234 2768Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:38:58.0234 2768Wanarpv6 - ok
18:38:58.0312 2768WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:38:58.0343 2768WatAdminSvc - ok
18:38:58.0390 2768wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:38:58.0421 2768wbengine - ok
18:38:58.0468 2768WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:38:58.0468 2768WbioSrvc - ok
18:38:58.0515 2768wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:38:58.0530 2768wcncsvc - ok
18:38:58.0546 2768WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:38:58.0546 2768WcsPlugInService - ok
18:38:58.0593 2768Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:38:58.0593 2768Wd - ok
18:38:58.0640 2768Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:38:58.0655 2768Wdf01000 - ok
18:38:58.0671 2768WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:38:58.0671 2768WdiServiceHost - ok
18:38:58.0686 2768WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:38:58.0686 2768WdiSystemHost - ok
18:38:58.0718 2768WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:38:58.0733 2768WebClient - ok
18:38:58.0749 2768Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:38:58.0749 2768Wecsvc - ok
18:38:58.0811 2768wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:38:58.0811 2768wercplsupport - ok
18:38:58.0842 2768WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:38:58.0842 2768WerSvc - ok
18:38:58.0874 2768WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:38:58.0874 2768WfpLwf - ok
18:38:58.0905 2768WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:38:58.0905 2768WIMMount - ok
18:38:58.0936 2768WinDefend - ok
18:38:58.0936 2768WinHttpAutoProxySvc - ok
18:38:58.0983 2768Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:38:58.0998 2768Winmgmt - ok
18:38:59.0061 2768WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:38:59.0092 2768WinRM - ok
18:38:59.0186 2768WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:38:59.0186 2768WinUsb - ok
18:38:59.0232 2768Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:38:59.0248 2768Wlansvc - ok
18:38:59.0295 2768wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:38:59.0295 2768wlcrasvc - ok
18:38:59.0404 2768wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:38:59.0435 2768wlidsvc - ok
18:38:59.0498 2768WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:38:59.0498 2768WmiAcpi - ok
18:38:59.0560 2768wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:38:59.0560 2768wmiApSrv - ok
18:38:59.0591 2768WMPNetworkSvc - ok
18:38:59.0622 2768WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:38:59.0638 2768WPCSvc - ok
18:38:59.0669 2768WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:38:59.0685 2768WPDBusEnum - ok
18:38:59.0700 2768ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:38:59.0716 2768ws2ifsl - ok
18:38:59.0778 2768wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:38:59.0778 2768wscsvc - ok
18:38:59.0825 2768WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:38:59.0825 2768WSDPrintDevice - ok
18:38:59.0841 2768WSearch - ok
18:38:59.0919 2768wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:38:59.0950 2768wuauserv - ok
18:38:59.0997 2768WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:38:59.0997 2768WudfPf - ok
18:39:00.0075 2768WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:00.0075 2768WUDFRd - ok
18:39:00.0106 2768wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:39:00.0122 2768wudfsvc - ok
18:39:00.0153 2768WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:39:00.0153 2768WwanSvc - ok
18:39:00.0200 2768xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
18:39:00.0215 2768xusb21 - ok
18:39:00.0246 2768yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:39:00.0262 2768yukonw7 - ok
18:39:00.0293 2768MBR (0x1B8) (67d4bca827b95d5015166ebb70100b11) \Device\Harddisk0\DR0
18:39:00.0309 2768\Device\Harddisk0\DR0 - ok
18:39:00.0340 2768Boot (0x1200) (ecd3cb77841f8b9d11cfb3ac0b0f7aaa) \Device\Harddisk0\DR0\Partition0
18:39:00.0340 2768\Device\Harddisk0\DR0\Partition0 - ok
18:39:00.0356 2768Boot (0x1200) (f0beec54a7d0a3e22748d993785eaf99) \Device\Harddisk0\DR0\Partition1
18:39:00.0356 2768\Device\Harddisk0\DR0\Partition1 - ok
18:39:00.0387 2768Boot (0x1200) (47df0528a4040b2a564a73b9f81bae71) \Device\Harddisk0\DR0\Partition2
18:39:00.0387 2768\Device\Harddisk0\DR0\Partition2 - ok
18:39:00.0402 2768Boot (0x1200) (6f5e958154d7f4c49f4924ab7859e930) \Device\Harddisk0\DR0\Partition3
18:39:00.0402 2768\Device\Harddisk0\DR0\Partition3 - ok
18:39:00.0402 2768============================================================
18:39:00.0402 2768Scan finished
18:39:00.0402 2768============================================================
18:39:00.0402 0268Detected object count: 0
18:39:00.0402 0268Actual detected object count: 0
 
On your desktop you should have MBR.dat file.
Zip that file and attach it to your next reply.
 
I have been trying to open this MBR.dat file and somehow it reccomended me to download RegTask in order to open the file, so I did and Reg Task is saying I have over 300 errors on my computer and in order for me to have them removed, I need to pay membership $5.00 monthly for 1 year. Is RegTask a good thing to have? After that downloaded, I went and tried to open the MBR.dat file on my desktop and it didn't open and brought up different programs that I have on my computer asking me to choose one to open the MBR.dat file. So I stupidly chose word pad and now I get a bunch of jibberish!!!! I have copied and pasted the jibberish.......I am so disgusted with this whole computer thing...... I'm sorry, do you know what happened and if I need regtask?

3ÀŽÐ¼3ÀŽÐ¼ 3ÀŽÐ¼

there is a lot more on the page but it won't allow me to paste it all. I am going to keep trying to figure it out. thank you
 
Here is what is is when I opened it with 'free file viewer.com' :(

3ÀŽÐ¼ |ûŽÀŽØ‹ô¿ ¹ üó¤ê` RecoveryMgr ‘8
W ÿÿÿÿÿÿÿÿ†L½¾0¬´3ÛÍ
Àuõã þSSèm ë6¸_fºQPH_Í€ãt ë$‹lúf¡¿T±òf¯ût
¡= ƒø$væ°„Àu»Æ}f‹7f‹>,f;÷t€Ãsîë»(ë»Â}€ü x€Ãsõëþfÿwè ÿäÈ ´²€ÍŠÁ$?þÆŠØöæÀé†ÍA‘÷á9V‹V‹Fs÷ñ‘’öó†ÍÀáÌAŠð¸» |†&ëƒÄRPh |jj‹ô¸ B²€ÍÉ PS» $ˆGä`<àt<t<*t <6t<8t„Àyfƒ' ëþˆ[Xê ŒK € ! ~%  8 ~&þÿÿ @ ÈŠ8 þÿÿþÿÿ ‘8 ¤ þÿÿ þÿÿ 5:08 Uª
 
I didn't ask you to open that file but to zip it and attach it to your next reply.
 
I am so sorry! I guess I read it wrong.....I've attached what you need, the MBR.dat file and its zipped.
 

Attachments

  • MBR.zip
    531 bytes · Views: 1
That's clean.

Please click HERE to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button
    p4484522.gif
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button
    p4484523.gif
    then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.
 
Status
Not open for further replies.

Similar threads

N
Issue with Dark and Light settings in forums mode
Replies
4
Views
674
Neatfeatguy
N
Shawn Knight
Microsoft removes WordPad from the latest Windows 11 Canary build
Replies
2
Views
201
Amamoh
A
M
Virus warning popup
Replies
1
Views
544
Mark Fuller
M

Latest posts

Back