snap.do Invasion

TKnappMI1 · #1 December 14th, 2012, 06:54 PM

I have gotten the snap.do search engine from the Youtubedownload program -ugh
I need to make sure that I have uninstalled and cleared everything. Thanks

**Jintan** · #2 December 15th, 2012, 01:19 AM

Hello TKnappMI1,

Let's take a look.

If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
If avast! antivirus is already installed, just do the next step.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.

TKnappMI1 · #3 December 15th, 2012, 01:25 AM

OTL logfile created on: 12/14/2012 12:40:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.87% Memory free
3.93 Gb Paging File | 2.67 Gb Available in Paging File | 67.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 185.85 Gb Free Space | 65.91% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/14 12:39:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
PRC - [2012/12/11 21:03:26 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_5_502_135.exe
PRC - [2012/12/02 12:50:00 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/08 14:57:48 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/03/25 21:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/11/11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2007/03/25 16:44:00 | 000,081,920 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/03/20 18:09:26 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
PRC - [2007/03/20 15:22:06 | 000,114,344 | ---- | M] ( ) -- C:\Program Files (x86)\Maxtor\Utils\SyncServices.exe
PRC - [2007/02/27 17:57:48 | 000,716,456 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Maxtor\ManagerApp\OneTouch.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/11 21:03:25 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_50 2_135.dll
MOD - [2012/12/02 12:49:59 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/25 21:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 21:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/11 21:03:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/02 12:50:00 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/09 21:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/20 18:09:26 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2007/03/20 15:22:06 | 000,114,344 | ---- | M] ( ) [Auto | Running] -- C:\Program Files (x86)\Maxtor\Utils\SyncServices.exe -- (NTService1)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/05 09:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...5v1j5r4562s38p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.as...5v1j5r4562s38p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...5v1j5r4562s38p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.as...5v1j5r4562s38p
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2269050&SSPV=IENOSGBR

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...5v1j5r4562s38p
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\..\SearchScopes,DefaultScope = {7F690221-6EF1-4DDA-84DE-01C8E15A34E2}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACEW_enUS453
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\..\SearchScopes\{7F690221-6EF1-4DDA-84DE-01C8E15A34E2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_50 2_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_50 2_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic601.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/03 13:34:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2012/06/08 14:58:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/02 12:50:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/03 13:34:07 | 000,000,000 | ---D | M]

[2011/10/12 23:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2012/12/14 11:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Prof iles\hw41jr21.default\extensions
[2012/10/29 22:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/29 22:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/29 22:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/29 22:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/02 12:50:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 10:47:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 23:46:22 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\s wg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\s wg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2038435613-138853392-2710362757-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.5 64.233.217.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{69036CF3-8F59-430B-82DD-F282FAA819DE}: DhcpNameServer = 64.233.217.5 64.233.217.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/14 12:39:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2012/12/13 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2012/12/13 00:33:35 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/12/13 00:33:35 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/12/13 00:33:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/12/13 00:33:34 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/12/13 00:33:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/12/13 00:33:34 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/12/13 00:33:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/12/13 00:33:30 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/13 00:33:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/13 00:33:30 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/13 00:33:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/13 00:33:25 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/12/13 00:33:25 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/12/13 00:33:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/12/13 00:33:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/12/13 00:33:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/12/13 00:33:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/12/13 00:33:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/12/13 00:33:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/12/13 00:33:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/12/13 00:33:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/12/13 00:33:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/12/13 00:33:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 00:33:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 00:33:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/12/13 00:33:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 00:33:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 00:33:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 00:33:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 00:33:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 00:33:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 00:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 00:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 00:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 00:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 00:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 00:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 00:33:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 00:33:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 00:33:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 00:33:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 00:33:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 00:33:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 00:33:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 00:33:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/13 00:33:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 00:33:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 00:33:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 00:33:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 00:33:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/12/13 00:32:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/12/13 00:32:56 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012/12/05 00:41:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\eMusic
[2012/12/05 00:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMusic Download Manager 6
[2012/12/01 01:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/01 01:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/01 01:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/01 01:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/01 01:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/28 19:27:40 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\My Kindle Content
[2012/11/28 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Amazon
[2012/11/28 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Amazon
[2012/11/16 14:09:21 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 14:09:21 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/16 14:01:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/16 14:01:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 14:01:44 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/16 14:01:44 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/16 11:45:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/16 11:45:04 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/16 11:45:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/16 11:44:59 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/16 11:44:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/16 11:44:59 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/16 11:44:58 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/16 11:44:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/16 11:44:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/16 11:44:45 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/16 11:44:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll

========== Files - Modified Within 30 Days ==========

[2012/12/14 12:40:02 | 000,302,592 | ---- | M] () -- C:\Users\Home\Desktop\entzjlji.exe
[2012/12/14 12:39:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2012/12/14 12:38:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/14 12:03:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/14 11:00:03 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/14 11:00:03 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/14 10:57:15 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/14 10:57:15 | 000,624,162 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/14 10:57:15 | 000,106,538 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/14 10:52:52 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/14 10:52:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/14 10:52:24 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/13 12:05:35 | 000,428,248 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/12 14:23:27 | 000,001,142 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/12/11 21:03:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 21:03:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/02 03:25:19 | 002,110,796 | ---- | M] () -- C:\Users\Home\.DLMSave_back.xml
[2012/12/02 03:25:19 | 002,110,796 | ---- | M] () -- C:\Users\Home\.DLMSave.xml
[2012/12/02 03:11:37 | 000,001,238 | ---- | M] () -- C:\Users\Home\.Setting.ini
[2012/12/01 01:28:31 | 000,957,685 | ---- | M] () -- C:\Users\Home\Desktop\Dubliners.pdf
[2012/12/01 01:27:44 | 000,078,653 | ---- | M] () -- C:\Users\Home\Desktop\James Joyce Dubliners.pdf
[2012/11/28 19:27:00 | 000,002,229 | ---- | M] () -- C:\Users\Home\Desktop\Kindle.lnk
[2012/11/24 02:17:43 | 016,107,964 | ---- | M] () -- C:\Users\Home\Desktop\Ho'oponoponomeditationmixed. mp3
[2012/11/24 00:21:35 | 000,122,322 | ---- | M] () -- C:\Users\Home\Desktop\Spiritual-Partnership-Guidelines.pdf
[2012/11/24 00:18:16 | 000,315,622 | ---- | M] () -- C:\Users\Home\Desktop\Authentic-Power-vs-External-Power.pdf
[2012/11/23 18:31:18 | 000,026,988 | ---- | M] () -- C:\Users\Home\Desktop\ILoveYou.jpg

========== Files Created - No Company Name ==========

[2012/12/14 12:40:00 | 000,302,592 | ---- | C] () -- C:\Users\Home\Desktop\entzjlji.exe
[2012/12/01 01:28:28 | 000,957,685 | ---- | C] () -- C:\Users\Home\Desktop\Dubliners.pdf
[2012/12/01 01:27:44 | 000,078,653 | ---- | C] () -- C:\Users\Home\Desktop\James Joyce Dubliners.pdf
[2012/11/28 19:27:00 | 000,002,229 | ---- | C] () -- C:\Users\Home\Desktop\Kindle.lnk
[2012/11/24 02:17:33 | 016,107,964 | ---- | C] () -- C:\Users\Home\Desktop\Ho'oponoponomeditationmixed. mp3
[2012/11/24 00:21:35 | 000,122,322 | ---- | C] () -- C:\Users\Home\Desktop\Spiritual-Partnership-Guidelines.pdf
[2012/11/24 00:18:16 | 000,315,622 | ---- | C] () -- C:\Users\Home\Desktop\Authentic-Power-vs-External-Power.pdf
[2012/11/23 18:31:17 | 000,026,988 | ---- | C] () -- C:\Users\Home\Desktop\ILoveYou.jpg
[2012/11/16 14:09:23 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_ Inbox_Critical.Wdf
[2012/11/16 14:01:44 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00 _Inbox_Critical.Wdf
[2012/11/12 21:36:47 | 000,004,608 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/31 14:50:38 | 000,011,972 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Comma Separated Values (Windows).CAL
[2012/03/03 13:23:57 | 000,220,631 | ---- | C] () -- C:\windows\hpoins35.dat
[2012/03/03 13:23:57 | 000,000,778 | ---- | C] () -- C:\windows\hpomdl35.dat
[2012/01/17 02:35:41 | 000,219,969 | ---- | C] () -- C:\windows\hpoins35.dat.temp
[2012/01/17 02:35:41 | 000,000,778 | ---- | C] () -- C:\windows\hpomdl35.dat.temp
[2012/01/13 11:50:06 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{61FC7E3A-3294-47E7-B095-766124656565}
[2011/12/04 15:13:18 | 000,017,982 | ---- | C] () -- C:\Users\Home\AppData\Roaming\UserTile.png
[2011/12/02 22:33:09 | 000,058,214 | ---- | C] () -- C:\Users\Home\.DLMDiagnosisFile.xml
[2011/11/06 13:47:51 | 002,110,796 | ---- | C] () -- C:\Users\Home\.DLMSave_back.xml
[2011/11/06 13:47:51 | 002,110,796 | ---- | C] () -- C:\Users\Home\.DLMSave.xml
[2011/11/06 13:40:16 | 000,001,238 | ---- | C] () -- C:\Users\Home\.Setting.ini
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

**Jintan** · #4 December 15th, 2012, 01:53 AM

Gmer and aswMBR, and we'll move from there.

TKnappMI1 · #5 December 15th, 2012, 02:54 AM

OTL Extras logfile created on: 12/14/2012 12:40:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.87% Memory free
3.93 Gb Paging File | 2.67 Gb Available in Paging File | 67.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 185.85 Gb Free Space | 65.91% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{02B605C0-A2B3-44AB-BE05-3811E02DD5A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{03567BFA-F0C6-45BE-A720-D15DDADC18E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{18B71BCB-7EB4-4E50-8773-61E5ACF65D49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1E634788-07B4-4045-A883-365A2DDD4776}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EA6F4F3-BFF3-4999-B255-2F237F069ADA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3EF91912-CF16-45A7-8B48-34156BA9B70B}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F30694B-A5A0-49CF-A3FB-770158D79E4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42F0A638-9739-4B5E-8C46-BBE51AE65F5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44BB2457-3FE1-4EE3-8F9E-8E1D6763B87B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C2601E0-DF4A-4F28-A33B-94B405A15DCA}" = rport=139 | protocol=6 | dir=out | app=system |
"{4EADB028-3B37-4796-A0E1-B29F65F83F37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67529AC6-4BD7-4993-89B0-774C275F45B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{708C0E2F-7B8E-4621-9783-96B1547125C2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7A2B04C5-A42F-4EAB-B47A-8530E875845D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8145DC3D-2D17-439D-8EAC-EAB1E4508B5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8162E071-04A0-4F56-8D50-465AE8843D10}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{89634744-99DF-4AB6-885A-2DD13DB0C100}" = lport=137 | protocol=17 | dir=in | app=system |
"{968114A6-89B0-4501-B9CC-E39C8CBCDB96}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B799920C-C43E-44BB-BAE8-8CD91922B303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B907EB7F-178C-4F45-9721-2B9FB637DE02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9B33BA2-4938-44B4-BCAD-30CEFD3D5827}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF3F4E60-6621-4FAA-99B2-AD17F6257CC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D1075528-610E-4BF0-A6AA-CFEE7BB19961}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DBD73561-8269-47B2-BCD3-BE6A92B5F22C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E41EE57C-81F0-405A-81AE-830538249C54}" = lport=445 | protocol=6 | dir=in | app=system |
"{E61A10D0-88CC-4A4C-8DE4-7A00A163DC00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB2B3C0A-9486-4E94-8BB1-223871C4F7F9}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{04469E74-D3FD-4719-8861-9CB7ECFFBD85}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{06DB6E76-BFB6-4894-B50E-F2D3B6FB2B0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0AA971FD-256C-4C7A-BBA8-AA358080165F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{103DA3B8-04B6-42E6-96A6-711DC8122A36}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs3680\hppiw .exe |
"{17F57CA8-AD93-4C0B-A79C-A3E107564DA1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{1A521B05-B43B-4F75-BEA3-1BA3DAFD9740}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{201854ED-E67B-46DF-A5A4-B4A90CA54C5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{20D36291-DB43-4647-9BEB-8EAAD77926EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{250D9184-846C-4F95-967A-204C9279643C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2DBE02F2-1A74-491F-86A4-FBB985E69CF0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{3319AFA7-8532-435C-911D-60FA54AD7882}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35E8AC25-B2A7-4EA8-A3F2-A549F5C14211}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3833C8EF-70AA-4958-8B6F-6C2834D8D9F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{38455A92-05AA-49AF-B591-A78C674B7699}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{3C8870BA-F99E-4053-B312-2EB1F5E3135A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{3F81C383-3C87-4A77-8E02-26A4FC02B88E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4083722E-E685-4989-AC55-76917CCBAB8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{418495DB-0CBF-4CC7-98A9-DD2CC6074FC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48D4A945-50E2-4C0A-9405-9A6072A152AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4B57249A-4594-468E-87FF-3C07F1842F72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B999353-CB31-4CBF-AE41-4BCCFA8AED7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{4C770E1F-4A63-4DEE-B4E2-08FE1CB66AA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D6F1CD9-14DA-492E-8776-CD91512E6BEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53727AE1-CF79-4070-99F4-A5302225BBCF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{57C1E11A-A1B9-415E-B990-658989034072}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{57E80D9A-F4C1-4B22-B99D-0185DB7FA18E}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |
"{5BBE306C-9464-44E3-BFC1-2C560B22BE51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{669F6343-0DDE-4DCE-8FBD-CD350E81B758}" = dir=in | app=c:\users\home\appdata\local\temp\7zs5c59\setup \hpznui40.exe |
"{6BC7E98D-B3AF-4991-A056-9BBF16B219A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{703C672C-5B4F-474E-8BEE-90337B1E8A9C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{706BC03D-7196-49A1-B3E9-EE9E03991C01}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7636C2D6-17CD-4922-AC00-F6B447B41CD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7BF66944-1D0A-4F77-9F10-0AA1CF9F53FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D872A1F-C4B1-4DE5-AA7E-1E242A18A373}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E840BB0-D098-43E0-8BA2-FFDB36CC3B6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{85EAF43D-3E35-4DBF-B4BF-FB33B5455AD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{8C0CB138-98D2-4CB9-83CF-A6D65B8E39B5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{8D78E5FF-6DFD-4B4B-97B7-DD356BB3BFE4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8FFA79C2-40E6-41FE-BEC3-1A568CCFDD2B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{9095057F-C633-4B9D-B6F2-B8670A8258E5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{94B978E5-D86B-4714-B4D0-5DAD26DE275B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{9B255B7B-1064-4BFB-BF97-E5708B530616}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9CC15165-BA9C-4D87-85C6-49520DDABE7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{A256F886-88B2-49EA-A6AC-EE32E8C916C0}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs3680\hppiw .exe |
"{A87EEE6A-DC42-4F24-8BB8-C432B3E41F04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2B9C781-FBD0-4BE7-9537-06354E407A7E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3976A2A-8DF8-4867-92A3-26E47B0D7CB3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{BD44104A-5B83-4710-93A4-E49DDA1033D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D55D91BA-0E5D-4579-8F28-3971CD4155A5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{D721A7B4-360D-4007-B092-B104FDF27A9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D97CBE45-E7C7-4227-9333-10C0B226F6C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DA74C974-72E3-4467-AAD6-0E137234288C}" = protocol=6 | dir=out | app=system |
"{E0F9A377-2313-4A71-9387-07074B800F69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{E45968E0-B05C-45FB-AADB-8B77E7A6CBFC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{ECC1939D-5074-4230-824C-9BCD1CA34034}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{EED4F90B-4DDA-4ED4-87D7-8B449F1700D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA04B2E1-EFAD-4FBC-8725-AC4571677319}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{37FB8BCE-12F0-4121-9649-B8AF87FAF94A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{A9138EB6-F816-4704-BCB1-E920D7E794FB}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{29C51578-8DC5-4F80-987D-57FCAAB0226B}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{D33B33FC-3D12-433C-89A8-6E53F3B88556}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{b5447e12-ce50-45bc-8cc7-e54c099ba41f}" = Nero 9 Essentials
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"eMusic Download Manager 5.0.5" = eMusic Download Manager
"eMusic Download Manager 6" = eMusic Download Manager 6
"FBReader for Windows" = FBReader for Windows
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 15.0" = RealPlayer
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"ULTIMATER" = Microsoft Office Ultimate 2007
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.11
"WT078910" = Bejeweled 2 Deluxe
"WT078930" = Zuma Deluxe
"WT078954" = Blackhawk Striker 2
"WT078962" = Bob the Builder Can-Do-Zoo
"WT079018" = Faerie Solitaire
"WT079022" = FATE - The Traitor Soul
"WT079066" = Jewel Quest Solitaire 3
"WT079098" = Monopoly
"WT079102" = Mystery P.I. - Lost in Los Angeles
"WT079106" = Penguins!
"WT079110" = Plants vs. Zombies
"WT079114" = Polar Bowler
"WT079118" = Polar Golfer
"WT079150" = Scrabble Plus
"WT079154" = The Price is Right
"WT079175" = Virtual Villagers - A New Home
"WT079180" = Yahtzee
"WT079283" = Build-a-lot 2
"WT079316" = Escape Rosecliff Island
"WT079418" = Virtual Families

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2012 2:44:52 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GregHSRW.exe, version: 1.0.2001.0, time
stamp: 0x2a425e19 Faulting module name: GregHSRW.exe, version: 1.0.2001.0, time
stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x000bf4dc Faulting process
id: 0x59c Faulting application start time: 0x01cdcf8f54a8d698 Faulting application
path: C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe Faulting module
path: C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe Report Id: 9b8121f6-3b82-11e2-ac75-1078d2a71a49

Error - 12/1/2012 12:14:27 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GregHSRW.exe, version: 1.0.2001.0, time
stamp: 0x2a425e19 Faulting module name: GregHSRW.exe, version: 1.0.2001.0, time
stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x000bf4dc Faulting process
id: 0x59c Faulting application start time: 0x01cdcfdee6d0006b Faulting application
path: C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe Faulting module
path: C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe Report Id: 2da07bd7-3bd2-11e2-9912-1078d2a71a49

Error - 12/1/2012 12:44:42 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BU ILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/1/2012 12:45:21 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32", version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",ve rsion="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/1/2012 12:45:36 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/1/2012 12:45:36 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/1/2012 12:45:36 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/1/2012 12:45:36 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/1/2012 12:50:45 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 12/1/2012 5:50:32 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GregHSRW.exe, version: 1.0.2001.0, time
stamp: 0x2a425e19 Faulting module name: GregHSRW.exe, version: 1.0.2001.0, time
stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x000bf4dc Faulting process
id: 0x584 Faulting application start time: 0x01cdd00dd9e71bbc Faulting application
path: C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe Faulting module
path: C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe Report Id: 20bd5414-3c01-11e2-8f2a-1078d2a71a49

[ System Events ]
Error - 12/14/2012 11:36:34 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/14/2012 11:36:34 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/14/2012 11:36:34 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/14/2012 11:38:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/14/2012 11:38:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/14/2012 11:38:40 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/14/2012 11:43:53 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the GRegService
service to connect.

Error - 12/14/2012 11:43:53 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The GRegService service failed to start due to the following error:
%%1053

Error - 12/14/2012 11:52:56 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the GRegService
service to connect.

Error - 12/14/2012 11:52:56 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The GRegService service failed to start due to the following error:
%%1053

< End of report >

TKnappMI1 · #6 December 15th, 2012, 03:07 AM

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-14 20:56:25
-----------------------------
20:56:25.465 OS Version: Windows x64 6.1.7601 Service Pack 1
20:56:25.465 Number of processors: 2 586 0x170A
20:56:25.465 ComputerName: HOME-PC UserName: Home
20:56:26.167 Initialize success
20:57:29.045 AVAST engine defs: 12121400
20:58:59.620 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:58:59.620 Disk 0 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
20:58:59.636 Disk 0 MBR read successfully
20:58:59.636 Disk 0 MBR scan
20:58:59.652 Disk 0 unknown MBR code
20:58:59.652 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
20:58:59.683 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
20:58:59.683 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288759 MB offset 33761280
20:58:59.714 Disk 0 scanning C:\windows\system32\drivers
20:59:09.168 Service scanning
20:59:30.959 Modules scanning
20:59:30.969 Disk 0 trace - called modules:
20:59:30.989 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
20:59:30.999 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002757060]
20:59:31.009 3 CLASSPNP.SYS[fffff8800196543f] -> nt!IofCallDriver -> [0xfffffa80022d7520]
20:59:31.009 5 ACPI.sys[fffff88000f327a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80022d3680]
20:59:31.700 AVAST engine scan C:\windows
20:59:33.880 AVAST engine scan C:\windows\system32
21:02:22.287 AVAST engine scan C:\windows\system32\drivers
21:02:36.898 AVAST engine scan C:\Users\Home
21:05:41.606 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
21:05:41.616 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"

**Jintan** · #7 December 16th, 2012, 01:14 AM

Missing the Gmer log still. But based on one part of the logs posted so far, I'd like to turn up the heat before we simmer back down to adware removal.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

-----------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

TKnappMI1 · #8 December 16th, 2012, 06:13 AM

00:10:59.0608 2868 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:10:59.0952 2868 ================================================== ==========
00:10:59.0952 2868 Current date / time: 2012/12/16 00:10:59.0952
00:10:59.0952 2868 SystemInfo:
00:10:59.0952 2868
00:10:59.0952 2868 OS Version: 6.1.7601 ServicePack: 1.0
00:10:59.0952 2868 Product type: Workstation
00:10:59.0952 2868 ComputerName: HOME-PC
00:10:59.0952 2868 UserName: Home
00:10:59.0952 2868 Windows directory: C:\windows
00:10:59.0952 2868 System windows directory: C:\windows
00:10:59.0952 2868 Running under WOW64
00:10:59.0952 2868 Processor architecture: Intel x64
00:10:59.0952 2868 Number of processors: 2
00:10:59.0952 2868 Page size: 0x1000
00:10:59.0952 2868 Boot type: Normal boot
00:10:59.0952 2868 ================================================== ==========
00:11:00.0669 2868 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:11:00.0669 2868 ================================================== ==========
00:11:00.0669 2868 \Device\Harddisk0\DR0:
00:11:00.0669 2868 MBR partitions:
00:11:00.0669 2868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
00:11:00.0669 2868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x233FB800
00:11:00.0669 2868 ================================================== ==========
00:11:00.0685 2868 C: <-> \Device\Harddisk0\DR0\Partition2
00:11:00.0685 2868 ================================================== ==========
00:11:00.0685 2868 Initialize success
00:11:00.0685 2868 ================================================== ==========
00:11:20.0154 4856 ================================================== ==========
00:11:20.0154 4856 Scan started
00:11:20.0154 4856 Mode: Manual;
00:11:20.0154 4856 ================================================== ==========
00:11:20.0388 4856 ================ Scan system memory ========================
00:11:20.0388 4856 System memory - ok
00:11:20.0388 4856 ================ Scan services =============================
00:11:20.0528 4856 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
00:11:20.0544 4856 1394ohci - ok
00:11:20.0575 4856 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
00:11:20.0590 4856 ACPI - ok
00:11:20.0622 4856 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
00:11:20.0622 4856 AcpiPmi - ok
00:11:20.0715 4856 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:11:20.0715 4856 AdobeARMservice - ok
00:11:20.0809 4856 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
00:11:20.0809 4856 AdobeFlashPlayerUpdateSvc - ok
00:11:20.0856 4856 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
00:11:20.0871 4856 adp94xx - ok
00:11:20.0902 4856 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
00:11:20.0918 4856 adpahci - ok
00:11:20.0934 4856 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
00:11:20.0934 4856 adpu320 - ok
00:11:20.0965 4856 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
00:11:20.0965 4856 AeLookupSvc - ok
00:11:20.0996 4856 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
00:11:20.0996 4856 AFD - ok
00:11:21.0043 4856 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
00:11:21.0043 4856 agp440 - ok
00:11:21.0058 4856 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
00:11:21.0058 4856 ALG - ok
00:11:21.0074 4856 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
00:11:21.0074 4856 aliide - ok
00:11:21.0105 4856 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
00:11:21.0105 4856 amdide - ok
00:11:21.0136 4856 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
00:11:21.0136 4856 AmdK8 - ok
00:11:21.0152 4856 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
00:11:21.0152 4856 AmdPPM - ok
00:11:21.0183 4856 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
00:11:21.0183 4856 amdsata - ok
00:11:21.0214 4856 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
00:11:21.0214 4856 amdsbs - ok
00:11:21.0230 4856 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
00:11:21.0230 4856 amdxata - ok
00:11:21.0277 4856 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
00:11:21.0277 4856 AppID - ok
00:11:21.0308 4856 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
00:11:21.0308 4856 AppIDSvc - ok
00:11:21.0339 4856 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
00:11:21.0339 4856 Appinfo - ok
00:11:21.0433 4856 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:11:21.0433 4856 Apple Mobile Device - ok
00:11:21.0464 4856 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
00:11:21.0464 4856 arc - ok
00:11:21.0495 4856 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
00:11:21.0495 4856 arcsas - ok
00:11:21.0511 4856 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
00:11:21.0511 4856 AsyncMac - ok
00:11:21.0542 4856 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
00:11:21.0542 4856 atapi - ok
00:11:21.0604 4856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:11:21.0620 4856 AudioEndpointBuilder - ok
00:11:21.0651 4856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
00:11:21.0651 4856 AudioSrv - ok
00:11:21.0714 4856 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
00:11:21.0714 4856 AxInstSV - ok
00:11:21.0745 4856 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
00:11:21.0760 4856 b06bdrv - ok
00:11:21.0792 4856 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
00:11:21.0792 4856 b57nd60a - ok
00:11:21.0823 4856 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
00:11:21.0823 4856 BDESVC - ok
00:11:21.0838 4856 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
00:11:21.0838 4856 Beep - ok
00:11:21.0901 4856 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
00:11:21.0916 4856 BFE - ok
00:11:21.0963 4856 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
00:11:21.0979 4856 BITS - ok
00:11:22.0010 4856 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
00:11:22.0010 4856 blbdrive - ok
00:11:22.0072 4856 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:11:22.0088 4856 Bonjour Service - ok
00:11:22.0119 4856 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
00:11:22.0119 4856 bowser - ok
00:11:22.0135 4856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
00:11:22.0135 4856 BrFiltLo - ok
00:11:22.0150 4856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
00:11:22.0166 4856 BrFiltUp - ok
00:11:22.0197 4856 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
00:11:22.0197 4856 Browser - ok
00:11:22.0213 4856 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
00:11:22.0228 4856 Brserid - ok
00:11:22.0244 4856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
00:11:22.0244 4856 BrSerWdm - ok
00:11:22.0260 4856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
00:11:22.0260 4856 BrUsbMdm - ok
00:11:22.0275 4856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
00:11:22.0275 4856 BrUsbSer - ok
00:11:22.0291 4856 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
00:11:22.0291 4856 BTHMODEM - ok
00:11:22.0306 4856 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
00:11:22.0322 4856 bthserv - ok
00:11:22.0338 4856 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
00:11:22.0338 4856 cdfs - ok
00:11:22.0369 4856 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
00:11:22.0369 4856 cdrom - ok
00:11:22.0416 4856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
00:11:22.0416 4856 CertPropSvc - ok
00:11:22.0431 4856 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
00:11:22.0431 4856 circlass - ok
00:11:22.0462 4856 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
00:11:22.0462 4856 CLFS - ok
00:11:22.0525 4856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
00:11:22.0525 4856 clr_optimization_v2.0.50727_32 - ok
00:11:22.0572 4856 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe
00:11:22.0572 4856 clr_optimization_v2.0.50727_64 - ok
00:11:22.0665 4856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
00:11:22.0665 4856 clr_optimization_v4.0.30319_32 - ok
00:11:22.0712 4856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe
00:11:22.0728 4856 clr_optimization_v4.0.30319_64 - ok
00:11:22.0759 4856 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
00:11:22.0759 4856 CmBatt - ok
00:11:22.0790 4856 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
00:11:22.0790 4856 cmdide - ok
00:11:22.0837 4856 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
00:11:22.0852 4856 CNG - ok
00:11:22.0868 4856 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
00:11:22.0868 4856 Compbatt - ok
00:11:22.0884 4856 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
00:11:22.0884 4856 CompositeBus - ok
00:11:22.0899 4856 COMSysApp - ok
00:11:22.0915 4856 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
00:11:22.0915 4856 crcdisk - ok
00:11:22.0977 4856 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
00:11:22.0977 4856 CryptSvc - ok
00:11:23.0024 4856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
00:11:23.0040 4856 DcomLaunch - ok
00:11:23.0071 4856 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
00:11:23.0086 4856 defragsvc - ok
00:11:23.0118 4856 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
00:11:23.0133 4856 DfsC - ok
00:11:23.0164 4856 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
00:11:23.0180 4856 Dhcp - ok
00:11:23.0196 4856 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
00:11:23.0211 4856 discache - ok
00:11:23.0227 4856 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
00:11:23.0227 4856 Disk - ok
00:11:23.0258 4856 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
00:11:23.0258 4856 Dnscache - ok
00:11:23.0305 4856 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
00:11:23.0305 4856 dot3svc - ok
00:11:23.0352 4856 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
00:11:23.0352 4856 Dot4 - ok
00:11:23.0367 4856 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
00:11:23.0367 4856 Dot4Print - ok
00:11:23.0383 4856 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
00:11:23.0383 4856 dot4usb - ok
00:11:23.0414 4856 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
00:11:23.0414 4856 DPS - ok
00:11:23.0461 4856 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
00:11:23.0461 4856 drmkaud - ok
00:11:23.0523 4856 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
00:11:23.0554 4856 DXGKrnl - ok
00:11:23.0586 4856 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
00:11:23.0586 4856 EapHost - ok
00:11:23.0664 4856 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
00:11:23.0742 4856 ebdrv - ok
00:11:23.0773 4856 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
00:11:23.0773 4856 EFS - ok
00:11:23.0851 4856 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
00:11:23.0866 4856 ehRecvr - ok
00:11:23.0882 4856 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
00:11:23.0882 4856 ehSched - ok
00:11:23.0913 4856 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
00:11:23.0929 4856 elxstor - ok
00:11:23.0976 4856 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
00:11:23.0976 4856 ErrDev - ok
00:11:24.0022 4856 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
00:11:24.0038 4856 EventSystem - ok
00:11:24.0054 4856 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
00:11:24.0054 4856 exfat - ok
00:11:24.0069 4856 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
00:11:24.0085 4856 fastfat - ok
00:11:24.0132 4856 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
00:11:24.0163 4856 Fax - ok
00:11:24.0163 4856 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
00:11:24.0163 4856 fdc - ok
00:11:24.0178 4856 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
00:11:24.0178 4856 fdPHost - ok
00:11:24.0194 4856 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
00:11:24.0194 4856 FDResPub - ok
00:11:24.0210 4856 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
00:11:24.0210 4856 FileInfo - ok
00:11:24.0225 4856 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
00:11:24.0225 4856 Filetrace - ok
00:11:24.0241 4856 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
00:11:24.0241 4856 flpydisk - ok
00:11:24.0303 4856 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
00:11:24.0303 4856 FltMgr - ok
00:11:24.0366 4856 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
00:11:24.0397 4856 FontCache - ok
00:11:24.0459 4856 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
00:11:24.0459 4856 FontCache3.0.0.0 - ok
00:11:24.0475 4856 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
00:11:24.0475 4856 FsDepends - ok
00:11:24.0506 4856 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
00:11:24.0506 4856 Fs_Rec - ok
00:11:24.0553 4856 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
00:11:24.0553 4856 fvevol - ok
00:11:24.0584 4856 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
00:11:24.0584 4856 gagp30kx - ok
00:11:24.0631 4856 [ 6858C318E8DAA40E747E6FB9B214E104 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
00:11:24.0646 4856 GameConsoleService - ok
00:11:24.0678 4856 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
00:11:24.0678 4856 GEARAspiWDM - ok
00:11:24.0724 4856 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
00:11:24.0740 4856 gpsvc - ok
00:11:24.0802 4856 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
00:11:24.0834 4856 Greg_Service - ok
00:11:24.0880 4856 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:11:24.0880 4856 gupdate - ok
00:11:24.0912 4856 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:11:24.0912 4856 gupdatem - ok
00:11:24.0927 4856 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:11:24.0943 4856 gusvc - ok
00:11:24.0958 4856 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
00:11:24.0974 4856 hcw85cir - ok
00:11:25.0021 4856 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:11:25.0021 4856 HdAudAddService - ok
00:11:25.0052 4856 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
00:11:25.0052 4856 HDAudBus - ok
00:11:25.0068 4856 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
00:11:25.0068 4856 HidBatt - ok
00:11:25.0083 4856 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
00:11:25.0083 4856 HidBth - ok
00:11:25.0099 4856 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
00:11:25.0099 4856 HidIr - ok
00:11:25.0130 4856 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
00:11:25.0130 4856 hidserv - ok
00:11:25.0161 4856 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
00:11:25.0161 4856 HidUsb - ok
00:11:25.0192 4856 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
00:11:25.0192 4856 hkmsvc - ok
00:11:25.0239 4856 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:11:25.0239 4856 HomeGroupListener - ok
00:11:25.0270 4856 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:11:25.0286 4856 HomeGroupProvider - ok
00:11:25.0442 4856 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:11:25.0442 4856 hpqcxs08 - ok
00:11:25.0473 4856 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:11:25.0473 4856 hpqddsvc - ok
00:11:25.0520 4856 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
00:11:25.0520 4856 HpSAMD - ok
00:11:25.0598 4856 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:11:25.0614 4856 HPSLPSVC - ok
00:11:25.0692 4856 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
00:11:25.0707 4856 HTTP - ok
00:11:25.0738 4856 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
00:11:25.0754 4856 hwpolicy - ok
00:11:25.0785 4856 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
00:11:25.0785 4856 i8042prt - ok
00:11:25.0832 4856 [ BF5442DC14608D18949DC83DE37E667A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
00:11:25.0848 4856 iaStor - ok
00:11:25.0879 4856 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
00:11:25.0894 4856 iaStorV - ok
00:11:25.0941 4856 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:11:25.0972 4856 idsvc - ok
00:11:26.0175 4856 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
00:11:26.0347 4856 igfx - ok
00:11:26.0378 4856 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
00:11:26.0378 4856 iirsp - ok
00:11:26.0425 4856 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
00:11:26.0440 4856 IKEEXT - ok
00:11:26.0503 4856 [ 450BEC18B45BCCFDC923E11F856DBDA7 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
00:11:26.0550 4856 IntcAzAudAddService - ok
00:11:26.0581 4856 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
00:11:26.0581 4856 intelide - ok
00:11:26.0596 4856 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
00:11:26.0596 4856 intelppm - ok
00:11:26.0628 4856 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
00:11:26.0628 4856 IPBusEnum - ok
00:11:26.0659 4856 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
00:11:26.0659 4856 IpFilterDriver - ok
00:11:26.0706 4856 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
00:11:26.0721 4856 iphlpsvc - ok
00:11:26.0752 4856 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
00:11:26.0752 4856 IPMIDRV - ok
00:11:26.0768 4856 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
00:11:26.0784 4856 IPNAT - ok
00:11:26.0846 4856 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:11:26.0862 4856 iPod Service - ok
00:11:26.0893 4856 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
00:11:26.0893 4856 IRENUM - ok
00:11:26.0908 4856 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
00:11:26.0908 4856 isapnp - ok
00:11:26.0955 4856 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
00:11:26.0955 4856 iScsiPrt - ok
00:11:26.0986 4856 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
00:11:26.0986 4856 kbdclass - ok
00:11:27.0033 4856 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
00:11:27.0033 4856 kbdhid - ok
00:11:27.0049 4856 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
00:11:27.0049 4856 KeyIso - ok
00:11:27.0080 4856 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
00:11:27.0080 4856 KSecDD - ok
00:11:27.0111 4856 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
00:11:27.0111 4856 KSecPkg - ok
00:11:27.0142 4856 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
00:11:27.0142 4856 ksthunk - ok
00:11:27.0158 4856 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
00:11:27.0174 4856 KtmRm - ok
00:11:27.0220 4856 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
00:11:27.0220 4856 LanmanServer - ok
00:11:27.0252 4856 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:11:27.0252 4856 LanmanWorkstation - ok
00:11:27.0283 4856 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
00:11:27.0283 4856 lltdio - ok
00:11:27.0314 4856 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
00:11:27.0314 4856 lltdsvc - ok
00:11:27.0330 4856 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
00:11:27.0330 4856 lmhosts - ok
00:11:27.0345 4856 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
00:11:27.0361 4856 LSI_FC - ok
00:11:27.0361 4856 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
00:11:27.0376 4856 LSI_SAS - ok
00:11:27.0376 4856 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
00:11:27.0376 4856 LSI_SAS2 - ok
00:11:27.0392 4856 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
00:11:27.0392 4856 LSI_SCSI - ok
00:11:27.0408 4856 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
00:11:27.0408 4856 luafv - ok
00:11:27.0501 4856 [ C53C86727678B4CDF974C880D27EE7BB ] MaxBackServiceInt C:\Program Files (x86)\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
00:11:27.0501 4856 MaxBackServiceInt - ok
00:11:27.0532 4856 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
00:11:27.0532 4856 Mcx2Svc - ok
00:11:27.0564 4856 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
00:11:27.0564 4856 megasas - ok
00:11:27.0595 4856 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
00:11:27.0610 4856 MegaSR - ok
00:11:27.0626 4856 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
00:11:27.0626 4856 MMCSS - ok
00:11:27.0642 4856 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
00:11:27.0642 4856 Modem - ok
00:11:27.0657 4856 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
00:11:27.0673 4856 monitor - ok
00:11:27.0720 4856 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
00:11:27.0720 4856 mouclass - ok
00:11:27.0735 4856 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
00:11:27.0735 4856 mouhid - ok
00:11:27.0782 4856 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
00:11:27.0782 4856 mountmgr - ok
00:11:27.0860 4856 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:11:27.0860 4856 MozillaMaintenance - ok
00:11:27.0891 4856 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
00:11:27.0907 4856 mpio - ok
00:11:27.0922 4856 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
00:11:27.0922 4856 mpsdrv - ok
00:11:27.0985 4856 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
00:11:28.0016 4856 MpsSvc - ok
00:11:28.0063 4856 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
00:11:28.0063 4856 MRxDAV - ok
00:11:28.0078 4856 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
00:11:28.0094 4856 mrxsmb - ok
00:11:28.0110 4856 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
00:11:28.0125 4856 mrxsmb10 - ok
00:11:28.0156 4856 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
00:11:28.0156 4856 mrxsmb20 - ok
00:11:28.0172 4856 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
00:11:28.0172 4856 msahci - ok
00:11:28.0188 4856 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
00:11:28.0188 4856 msdsm - ok
00:11:28.0219 4856 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
00:11:28.0219 4856 MSDTC - ok
00:11:28.0266 4856 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
00:11:28.0266 4856 Msfs - ok
00:11:28.0297 4856 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
00:11:28.0297 4856 mshidkmdf - ok
00:11:28.0328 4856 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
00:11:28.0344 4856 msisadrv - ok
00:11:28.0359 4856 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
00:11:28.0359 4856 MSiSCSI - ok
00:11:28.0375 4856 msiserver - ok
00:11:28.0406 4856 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV

TKnappMI1 · #9 December 16th, 2012, 06:14 AM

C:\windows\system32\drivers\MSKSSRV.sys
00:11:28.0406 4856 MSKSSRV - ok
00:11:28.0422 4856 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
00:11:28.0422 4856 MSPCLOCK - ok
00:11:28.0437 4856 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
00:11:28.0437 4856 MSPQM - ok
00:11:28.0484 4856 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
00:11:28.0500 4856 MsRPC - ok
00:11:28.0531 4856 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
00:11:28.0546 4856 mssmbios - ok
00:11:28.0562 4856 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
00:11:28.0562 4856 MSTEE - ok
00:11:28.0578 4856 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
00:11:28.0578 4856 MTConfig - ok
00:11:28.0593 4856 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
00:11:28.0609 4856 Mup - ok
00:11:28.0656 4856 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
00:11:28.0671 4856 napagent - ok
00:11:28.0702 4856 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
00:11:28.0702 4856 NativeWifiP - ok
00:11:28.0749 4856 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
00:11:28.0780 4856 NDIS - ok
00:11:28.0796 4856 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
00:11:28.0796 4856 NdisCap - ok
00:11:28.0812 4856 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
00:11:28.0827 4856 NdisTapi - ok
00:11:28.0858 4856 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
00:11:28.0858 4856 Ndisuio - ok
00:11:28.0905 4856 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
00:11:28.0905 4856 NdisWan - ok
00:11:28.0936 4856 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
00:11:28.0936 4856 NDProxy - ok
00:11:29.0014 4856 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
00:11:29.0046 4856 Nero BackItUp Scheduler 4.0 - ok
00:11:29.0077 4856 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:11:29.0092 4856 Net Driver HPZ12 - ok
00:11:29.0108 4856 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
00:11:29.0108 4856 NetBIOS - ok
00:11:29.0155 4856 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
00:11:29.0155 4856 NetBT - ok
00:11:29.0170 4856 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
00:11:29.0170 4856 Netlogon - ok
00:11:29.0202 4856 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
00:11:29.0202 4856 Netman - ok
00:11:29.0217 4856 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
00:11:29.0233 4856 netprofm - ok
00:11:29.0264 4856 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:11:29.0264 4856 NetTcpPortSharing - ok
00:11:29.0280 4856 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
00:11:29.0295 4856 nfrd960 - ok
00:11:29.0326 4856 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
00:11:29.0342 4856 NlaSvc - ok
00:11:29.0358 4856 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
00:11:29.0358 4856 Npfs - ok
00:11:29.0373 4856 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
00:11:29.0373 4856 nsi - ok
00:11:29.0389 4856 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
00:11:29.0389 4856 nsiproxy - ok
00:11:29.0451 4856 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
00:11:29.0498 4856 Ntfs - ok
00:11:29.0545 4856 [ F778606B1E8C0567B1FFF5879AB38D8C ] NTService1 C:\Program Files (x86)\Maxtor\Utils\SyncServices.exe
00:11:29.0545 4856 NTService1 - ok
00:11:29.0560 4856 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
00:11:29.0560 4856 Null - ok
00:11:29.0607 4856 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
00:11:29.0607 4856 nvraid - ok
00:11:29.0623 4856 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
00:11:29.0638 4856 nvstor - ok
00:11:29.0670 4856 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
00:11:29.0670 4856 nv_agp - ok
00:11:29.0748 4856 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:11:29.0763 4856 odserv - ok
00:11:29.0794 4856 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
00:11:29.0810 4856 ohci1394 - ok
00:11:29.0826 4856 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:11:29.0841 4856 ose - ok
00:11:29.0872 4856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
00:11:29.0888 4856 p2pimsvc - ok
00:11:29.0904 4856 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
00:11:29.0919 4856 p2psvc - ok
00:11:29.0950 4856 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
00:11:29.0950 4856 Parport - ok
00:11:29.0982 4856 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
00:11:29.0982 4856 partmgr - ok
00:11:29.0997 4856 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
00:11:30.0013 4856 PcaSvc - ok
00:11:30.0060 4856 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
00:11:30.0060 4856 pci - ok
00:11:30.0091 4856 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
00:11:30.0091 4856 pciide - ok
00:11:30.0122 4856 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
00:11:30.0122 4856 pcmcia - ok
00:11:30.0138 4856 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
00:11:30.0138 4856 pcw - ok
00:11:30.0169 4856 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
00:11:30.0184 4856 PEAUTH - ok
00:11:30.0262 4856 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
00:11:30.0262 4856 PerfHost - ok
00:11:30.0325 4856 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
00:11:30.0372 4856 pla - ok
00:11:30.0403 4856 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
00:11:30.0434 4856 PlugPlay - ok
00:11:30.0496 4856 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:11:30.0496 4856 Pml Driver HPZ12 - ok
00:11:30.0528 4856 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
00:11:30.0528 4856 PNRPAutoReg - ok
00:11:30.0543 4856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
00:11:30.0559 4856 PNRPsvc - ok
00:11:30.0590 4856 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
00:11:30.0621 4856 PolicyAgent - ok
00:11:30.0637 4856 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
00:11:30.0652 4856 Power - ok
00:11:30.0684 4856 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
00:11:30.0684 4856 PptpMiniport - ok
00:11:30.0699 4856 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
00:11:30.0699 4856 Processor - ok
00:11:30.0746 4856 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
00:11:30.0762 4856 ProfSvc - ok
00:11:30.0777 4856 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
00:11:30.0777 4856 ProtectedStorage - ok
00:11:30.0840 4856 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
00:11:30.0840 4856 Psched - ok
00:11:30.0871 4856 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
00:11:30.0918 4856 ql2300 - ok
00:11:30.0918 4856 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
00:11:30.0933 4856 ql40xx - ok
00:11:30.0949 4856 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
00:11:30.0964 4856 QWAVE - ok
00:11:30.0980 4856 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
00:11:30.0980 4856 QWAVEdrv - ok
00:11:30.0996 4856 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
00:11:30.0996 4856 RasAcd - ok
00:11:31.0027 4856 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
00:11:31.0027 4856 RasAgileVpn - ok
00:11:31.0058 4856 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
00:11:31.0058 4856 RasAuto - ok
00:11:31.0089 4856 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
00:11:31.0105 4856 Rasl2tp - ok
00:11:31.0136 4856 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
00:11:31.0152 4856 RasMan - ok
00:11:31.0167 4856 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
00:11:31.0183 4856 RasPppoe - ok
00:11:31.0183 4856 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
00:11:31.0198 4856 RasSstp - ok
00:11:31.0230 4856 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
00:11:31.0245 4856 rdbss - ok
00:11:31.0261 4856 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
00:11:31.0261 4856 rdpbus - ok
00:11:31.0261 4856 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
00:11:31.0276 4856 RDPCDD - ok
00:11:31.0292 4856 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
00:11:31.0292 4856 RDPENCDD - ok
00:11:31.0308 4856 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
00:11:31.0308 4856 RDPREFMP - ok
00:11:31.0339 4856 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
00:11:31.0354 4856 RDPWD - ok
00:11:31.0401 4856 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
00:11:31.0417 4856 rdyboost - ok
00:11:31.0432 4856 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
00:11:31.0448 4856 RemoteAccess - ok
00:11:31.0479 4856 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
00:11:31.0479 4856 RemoteRegistry - ok
00:11:31.0495 4856 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
00:11:31.0510 4856 RpcEptMapper - ok
00:11:31.0526 4856 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
00:11:31.0526 4856 RpcLocator - ok
00:11:31.0573 4856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
00:11:31.0588 4856 RpcSs - ok
00:11:31.0604 4856 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
00:11:31.0620 4856 rspndr - ok
00:11:31.0651 4856 [ 365ED58B47B46DE8B1C5FA759B6FCD6E ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
00:11:31.0651 4856 RTL8167 - ok
00:11:31.0666 4856 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
00:11:31.0666 4856 SamSs - ok
00:11:31.0698 4856 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
00:11:31.0698 4856 sbp2port - ok
00:11:31.0744 4856 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
00:11:31.0744 4856 SCardSvr - ok
00:11:31.0776 4856 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
00:11:31.0776 4856 scfilter - ok
00:11:31.0822 4856 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
00:11:31.0854 4856 Schedule - ok
00:11:31.0885 4856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
00:11:31.0900 4856 SCPolicySvc - ok
00:11:31.0932 4856 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
00:11:31.0932 4856 SDRSVC - ok
00:11:31.0963 4856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
00:11:31.0963 4856 secdrv - ok
00:11:31.0994 4856 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
00:11:32.0010 4856 seclogon - ok
00:11:32.0025 4856 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
00:11:32.0025 4856 SENS - ok
00:11:32.0056 4856 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
00:11:32.0056 4856 SensrSvc - ok
00:11:32.0072 4856 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
00:11:32.0072 4856 Serenum - ok
00:11:32.0103 4856 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
00:11:32.0103 4856 Serial - ok
00:11:32.0119 4856 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
00:11:32.0119 4856 sermouse - ok
00:11:32.0166 4856 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
00:11:32.0166 4856 SessionEnv - ok
00:11:32.0197 4856 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
00:11:32.0197 4856 sffdisk - ok
00:11:32.0212 4856 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
00:11:32.0212 4856 sffp_mmc - ok
00:11:32.0228 4856 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
00:11:32.0228 4856 sffp_sd - ok
00:11:32.0244 4856 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
00:11:32.0244 4856 sfloppy - ok
00:11:32.0275 4856 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
00:11:32.0275 4856 SharedAccess - ok
00:11:32.0322 4856 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:11:32.0322 4856 ShellHWDetection - ok
00:11:32.0337 4856 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
00:11:32.0337 4856 SiSRaid2 - ok
00:11:32.0353 4856 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
00:11:32.0353 4856 SiSRaid4 - ok
00:11:32.0368 4856 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
00:11:32.0368 4856 Smb - ok
00:11:32.0415 4856 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
00:11:32.0415 4856 SNMPTRAP - ok
00:11:32.0431 4856 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
00:11:32.0431 4856 spldr - ok
00:11:32.0478 4856 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
00:11:32.0493 4856 Spooler - ok
00:11:32.0587 4856 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
00:11:32.0649 4856 sppsvc - ok
00:11:32.0665 4856 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
00:11:32.0665 4856 sppuinotify - ok
00:11:32.0696 4856 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
00:11:32.0712 4856 srv - ok
00:11:32.0727 4856 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
00:11:32.0727 4856 srv2 - ok
00:11:32.0758 4856 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
00:11:32.0758 4856 srvnet - ok
00:11:32.0774 4856 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
00:11:32.0774 4856 SSDPSRV - ok
00:11:32.0790 4856 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
00:11:32.0805 4856 SstpSvc - ok
00:11:32.0821 4856 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
00:11:32.0821 4856 stexstor - ok
00:11:32.0868 4856 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
00:11:32.0868 4856 StillCam - ok
00:11:32.0930 4856 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
00:11:32.0946 4856 stisvc - ok
00:11:32.0961 4856 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
00:11:32.0961 4856 swenum - ok
00:11:32.0992 4856 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
00:11:33.0008 4856 swprv - ok
00:11:33.0102 4856 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
00:11:33.0133 4856 SysMain - ok
00:11:33.0180 4856 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
00:11:33.0180 4856 TabletInputService - ok
00:11:33.0226 4856 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
00:11:33.0226 4856 TapiSrv - ok
00:11:33.0242 4856 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
00:11:33.0242 4856 TBS - ok
00:11:33.0320 4856 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
00:11:33.0367 4856 Tcpip - ok
00:11:33.0414 4856 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
00:11:33.0429 4856 TCPIP6 - ok
00:11:33.0476 4856 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
00:11:33.0476 4856 tcpipreg - ok
00:11:33.0507 4856 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
00:11:33.0507 4856 TDPIPE - ok
00:11:33.0554 4856 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
00:11:33.0554 4856 TDTCP - ok
00:11:33.0601 4856 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
00:11:33.0601 4856 tdx - ok
00:11:33.0616 4856 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
00:11:33.0632 4856 TermDD - ok
00:11:33.0663 4856 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
00:11:33.0694 4856 TermService - ok
00:11:33.0710 4856 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
00:11:33.0726 4856 Themes - ok
00:11:33.0741 4856 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
00:11:33.0741 4856 THREADORDER - ok
00:11:33.0757 4856 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
00:11:33.0772 4856 TrkWks - ok
00:11:33.0835 4856 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:11:33.0835 4856 TrustedInstaller - ok
00:11:33.0866 4856 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
00:11:33.0866 4856 tssecsrv - ok
00:11:33.0928 4856 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
00:11:33.0944 4856 TsUsbFlt - ok
00:11:33.0975 4856 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
00:11:33.0975 4856 tunnel - ok
00:11:34.0006 4856 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
00:11:34.0006 4856 uagp35 - ok
00:11:34.0053 4856 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
00:11:34.0069 4856 udfs - ok
00:11:34.0100 4856 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
00:11:34.0100 4856 UI0Detect - ok
00:11:34.0116 4856 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
00:11:34.0116 4856 uliagpkx - ok
00:11:34.0162 4856 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
00:11:34.0162 4856 umbus - ok
00:11:34.0178 4856 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
00:11:34.0178 4856 UmPass - ok
00:11:34.0225 4856 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
00:11:34.0240 4856 Updater Service - ok
00:11:34.0256 4856 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
00:11:34.0272 4856 upnphost - ok
00:11:34.0318 4856 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
00:11:34.0318 4856 USBAAPL64 - ok
00:11:34.0350 4856 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\drivers\usbccgp.sys
00:11:34.0350 4856 usbccgp - ok
00:11:34.0396 4856 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
00:11:34.0396 4856 usbcir - ok
00:11:34.0412 4856 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
00:11:34.0412 4856 usbehci - ok
00:11:34.0443 4856 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
00:11:34.0443 4856 usbhub - ok
00:11:34.0490 4856 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
00:11:34.0490 4856 usbohci - ok
00:11:34.0521 4856 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
00:11:34.0521 4856 usbprint - ok
00:11:34.0537 4856 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
00:11:34.0537 4856 USBSTOR - ok
00:11:34.0552 4856 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
00:11:34.0552 4856 usbuhci - ok
00:11:34.0568 4856 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
00:11:34.0584 4856 UxSms - ok
00:11:34.0599 4856 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
00:11:34.0599 4856 VaultSvc - ok
00:11:34.0646 4856 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
00:11:34.0646 4856 vdrvroot - ok
00:11:34.0693 4856 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
00:11:34.0708 4856 vds - ok
00:11:34.0740 4856 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
00:11:34.0740 4856 vga - ok
00:11:34.0755 4856 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
00:11:34.0755 4856 VgaSave - ok
00:11:34.0802 4856 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
00:11:34.0802 4856 vhdmp - ok
00:11:34.0818 4856 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
00:11:34.0818 4856 viaide - ok
00:11:34.0849 4856 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
00:11:34.0849 4856 volmgr - ok
00:11:34.0896 4856 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
00:11:34.0896 4856 volmgrx - ok
00:11:34.0927 4856 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
00:11:34.0927 4856 volsnap - ok
00:11:34.0958 4856 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
00:11:34.0958 4856 vsmraid - ok
00:11:35.0036 4856 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
00:11:35.0083 4856 VSS - ok
00:11:35.0098 4856 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
00:11:35.0098 4856 vwifibus - ok
00:11:35.0130 4856 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
00:11:35.0130 4856 W32Time - ok
00:11:35.0145 4856 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
00:11:35.0145 4856 WacomPen - ok
00:11:35.0192 4856 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
00:11:35.0192 4856 WANARP - ok
00:11:35.0208 4856 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
00:11:35.0223 4856 Wanarpv6 - ok
00:11:35.0286 4856 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
00:11:35.0317 4856 WatAdminSvc - ok
00:11:35.0364 4856 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
00:11:35.0395 4856 wbengine - ok
00:11:35.0442 4856 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
00:11:35.0442 4856 WbioSrvc - ok
00:11:35.0473 4856 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
00:11:35.0488 4856 wcncsvc - ok
00:11:35.0504 4856 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:11:35.0504 4856 WcsPlugInService - ok
00:11:35.0535 4856 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
00:11:35.0535 4856 Wd - ok
00:11:35.0582 4856 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
00:11:35.0598 4856 Wdf01000 - ok
00:11:35.0613 4856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
00:11:35.0613 4856 WdiServiceHost - ok
00:11:35.0613 4856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
00:11:35.0613 4856 WdiSystemHost - ok
00:11:35.0660 4856 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
00:11:35.0660 4856 WebClient - ok
00:11:35.0676 4856 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
00:11:35.0691 4856 Wecsvc - ok
00:11:35.0707 4856 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
00:11:35.0707 4856 wercplsupport - ok
00:11:35.0722 4856 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
00:11:35.0722 4856 WerSvc - ok
00:11:35.0754 4856 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
00:11:35.0754 4856 WfpLwf - ok
00:11:35.0769 4856 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
00:11:35.0769 4856 WIMMount - ok
00:11:35.0769 4856 WinDefend - ok
00:11:35.0785 4856 WinHttpAutoProxySvc - ok
00:11:35.0832 4856 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
00:11:35.0832 4856 Winmgmt - ok
00:11:35.0894 4856 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
00:11:35.0925 4856 WinRM - ok
00:11:35.0988 4856 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
00:11:35.0988 4856 WinUsb - ok
00:11:36.0034 4856 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
00:11:36.0066 4856 Wlansvc - ok
00:11:36.0097 4856 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
00:11:36.0097 4856 WmiAcpi - ok
00:11:36.0128 4856 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
00:11:36.0128 4856 wmiApSrv - ok
00:11:36.0175 4856 WMPNetworkSvc - ok
00:11:36.0190 4856 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
00:11:36.0190 4856 WPCSvc - ok
00:11:36.0237 4856 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
00:11:36.0237 4856 WPDBusEnum - ok
00:11:36.0253 4856 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
00:11:36.0253 4856 ws2ifsl - ok
00:11:36.0268 4856 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
00:11:36.0268 4856 wscsvc - ok
00:11:36.0268 4856 WSearch - ok
00:11:36.0362 4856 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
00:11:36.0409 4856 wuauserv - ok
00:11:36.0456 4856 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
00:11:36.0456 4856 WudfPf - ok
00:11:36.0471 4856 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
00:11:36.0471 4856 WUDFRd - ok
00:11:36.0502 4856 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
00:11:36.0518 4856 wudfsvc - ok
00:11:36.0534 4856 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
00:11:36.0549 4856 WwanSvc - ok
00:11:36.0565 4856 ================ Scan global ===============================
00:11:36.0580 4856 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
00:11:36.0627 4856 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
00:11:36.0643 4856 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
00:11:36.0658 4856 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
00:11:36.0690 4856 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
00:11:36.0705 4856 [Global] - ok
00:11:36.0705 4856 ================ Scan MBR ==================================
00:11:36.0721 4856 [ 352FDBFFD7ECC33ABA74027B1C4839C6 ] \Device\Harddisk0\DR0
00:11:38.0827 4856 \Device\Harddisk0\DR0 - ok
00:11:38.0827 4856 ================ Scan VBR ==================================
00:11:38.0827 4856 [ 4E3956CCE4B2712463046F907EA80FAF ] \Device\Harddisk0\DR0\Partition1
00:11:38.0827 4856 \Device\Harddisk0\DR0\Partition1 - ok
00:11:38.0842 4856 [ E86F3B75492384E9DFAB39A8441B2027 ] \Device\Harddisk0\DR0\Partition2
00:11:38.0842 4856 \Device\Harddisk0\DR0\Partition2 - ok
00:11:38.0842 4856 ================================================== ==========
00:11:38.0842 4856 Scan finished
00:11:38.0842 4856 ================================================== ==========
00:11:38.0858 3400 Detected object count: 0
00:11:38.0858 3400 Actual detected object count: 0

TKnappMI1 · #10 December 16th, 2012, 06:27 AM

Jinton,

I couldn't get any thing to come out of the GMER log after hitting copy and trying to paste onto text doc. Let me know if I should give it another go.
Thanks as always -

ComboFix 12-12-14.01 - Home 12/16/2012 0:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.760 [GMT -5:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-14 14:56 . 2012-11-08 17:24 9125352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B4FA3547-2ECF-4556-8871-D894FB1A23E7}\mpengine.dll ERROR(0x00000005)
2012-12-14 01:56 . 2012-12-14 01:56 -------- d-----w- c:\users\Home\AppData\Roaming\OpenCandy
2012-12-13 05:32 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 05:32 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-05 05:41 . 2012-12-05 05:41 -------- d-----w- c:\users\Home\AppData\Local\eMusic
2012-12-05 05:41 . 2012-12-05 05:41 -------- d-----w- c:\program files (x86)\eMusic Download Manager 6
2012-12-02 16:54 . 2012-12-02 16:54 -------- d-----w- c:\users\Guest
2012-12-01 06:41 . 2012-12-01 06:41 -------- d-----w- c:\program files\iTunes
2012-12-01 06:41 . 2012-12-01 06:41 -------- d-----w- c:\program files (x86)\iTunes
2012-12-01 06:41 . 2012-12-01 06:41 -------- d-----w- c:\program files\iPod
2012-11-29 00:26 . 2012-11-29 00:27 -------- d-----w- c:\users\Home\AppData\Local\Amazon
2012-11-16 19:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 19:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 19:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 19:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 19:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 19:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 19:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 19:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 19:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 19:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 19:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 16:45 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 16:45 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 16:45 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-16 16:45 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-12-13 06:51 . 2011-10-13 05:30 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 02:03 . 2012-03-30 15:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 02:03 . 2011-10-13 06:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-08 17:24 . 2011-10-16 22:51 9125352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 01:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 01:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 01:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-13 05:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-24 19:32 . 2012-07-11 23:17 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2012-02-15 19:14 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"OOTag"="c:\program files (x86)\eMachines\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"mxomssmenu"="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-03-25 81920]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-08 296056]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 92733025
*Deregistered* - 92733025
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-03-30 02:03]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 04:00]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 04:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8312352]
"OOTag"="c:\program files (x86)\eMachines\OOBEOffer\ootag.exe" [2010-02-23 13856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1850&r=17360710q206p044 5v1j5r4562s38p
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1850&r=17360710q206p044 5v1j5r4562s38p
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.bing.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.233.217.5 64.233.217.2
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Prof iles\hw41jr21.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - ExtSQL: 2012-10-22 12:16; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2012-01-18 01:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUt il10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-16 00:24:51
ComboFix-quarantined-files.txt 2012-12-16 05:24
.
Pre-Run: 198,964,690,944 bytes free
Post-Run: 199,094,362,112 bytes free
.
- - End Of File - - C1C9FAD11CD546AD5D527008E33B99B1

**Jintan** · #11 December 16th, 2012, 11:56 PM

Gmer likely found no system modifications, which is a good thing. No rootkit picked up just then.

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de téléchargement:).

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
When prompted, type 1, and press Enter.
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

TKnappMI1 · #12 December 17th, 2012, 06:53 AM

RogueKiller V8.4.0 _x64_ [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home [Admin rights]
Mode : Scan -- Date : 12/17/2012 00:51:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-22L7A0 ATA Device +++++
--- User ---
[MBR] 28831c0292d045b8c68f64bd2f4ff037
[BSP] 3f4fdf54d74ef75f8fe224fffb662c90 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 288759 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12172012_02d0051.txt >>
RKreport[1]_S_12172012_02d0051.txt

TKnappMI1 · #13 December 17th, 2012, 06:54 AM

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 00:54:00
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Home\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DVDVideoSoftTB
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Home\AppData\Local\Conduit
Folder Found : C:\Users\Home\AppData\LocalLow\Conduit
Folder Found : C:\Users\Home\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Home\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Home\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F8D58D4-A816-4061-BBAA-F5D61408C24E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B25D776B-AF28-4702-BD4C-AC90B6D58E85}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKU\S-1-5-21-2038435613-138853392-2710362757-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKU\S-1-5-21-2038435613-138853392-2710362757-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Prof iles\hw41jr21.default\prefs.js

Found : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...]

Profile name : default
File : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profi les\w65nd43c.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profi les\e35r90w3.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5654 octets] - [17/12/2012 00:54:00]

########## EOF - C:\AdwCleaner[R1].txt - [5714 octets] ##########

**Jintan** · #14 December 18th, 2012, 12:50 AM

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan

•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

---------

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Then in AdwCleaner click the Uninstall button, to have it uninstall itself.

Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log, the RogueKiller log, the AdwCleaner log and the Malwarebytes log please.

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
Snap.do removal	lcyber	Malware Removal	9	February 16th, 2014 02:26 AM
Snap.Do problem	Simon Sudbury	Malware Removal	5	September 18th, 2012 12:48 AM
MW Snap	tamsinstead	Applications	1	November 19th, 2010 12:26 PM