Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old May 22nd, 2013, 06:00 AM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
User account problems

Hi. My computer automatically created a new user account on my name. i tried to delete it but it comes back after shutdown or restart. Is it any virus or windows defect. Please help me....

Thanks

Last edited by protector; May 22nd, 2013 at 06:08 AM.
Reply With Quote
  #2  
Old May 22nd, 2013, 06:36 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hello, protector
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


No need to bump your thread in the reminder topic, this one is there to get used after 2 days with no reply.

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Push the Quick Scan button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Reply With Quote
  #3  
Old May 23rd, 2013, 02:01 AM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
sir Tom, thank you for your response.

i used Jetclean several times to clean my computer including the registry.
i also scanned my files using Malwarebytes thinking that it can solve the user account problem. it detected malwares in the registry..

do you consider it modifying the registry?? and deleting files??
Reply With Quote
  #4  
Old May 23rd, 2013, 02:40 AM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
sir here are the results in OTL.txt....

OTL logfile created on: 5/23/2013 9:15:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nicholle\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.08% Memory free
3.88 Gb Paging File | 2.05 Gb Available in Paging File | 52.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 235.84 Gb Total Space | 179.05 Gb Free Space | 75.92% Space Free | Partition Type: NTFS
Drive D: | 228.74 Gb Total Space | 98.93 Gb Free Space | 43.25% Space Free | Partition Type: NTFS

Computer Name: MJ-PC | User Name: nicholle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 08:50:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nicholle\Desktop\OTL.exe
PRC - [2013/05/23 08:42:08 | 000,673,504 | ---- | M] (The OpenVPN Project) -- C:\Users\nicholle\AppData\Local\Temp\MMBPlayer\ope nvpn.exe
PRC - [2013/05/22 08:00:43 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Users\nicholle\AppData\Roaming\uTorrent\uTorren t.exe
PRC - [2013/04/09 16:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/31 18:43:11 | 000,218,624 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2013/03/21 15:19:40 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2013/02/07 18:08:46 | 000,101,376 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe
PRC - [2013/02/07 18:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 10:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/14 16:34:25 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2012/04/17 19:21:52 | 008,969,264 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/04/27 15:45:54 | 005,674,912 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 08:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/05 13:22:50 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/05 13:22:12 | 001,210,640 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2011/01/05 13:09:24 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/12/14 17:14:12 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2010/12/14 17:14:12 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2010/12/05 01:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/11/20 20:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/11/20 20:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/11/16 21:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010/11/16 21:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/10/06 12:08:48 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 12:08:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/15 19:38:46 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera\VM331_STI.EXE
PRC - [2008/07/07 13:00:26 | 003,624,960 | ---- | M] () -- C:\Program Files\SmartBRO\USB Modem.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 08:42:08 | 000,159,344 | ---- | M] () -- C:\Users\nicholle\AppData\Local\Temp\MMBPlayer\lib lzo2-2.dll
MOD - [2013/05/23 08:42:08 | 000,105,072 | ---- | M] () -- C:\Users\nicholle\AppData\Local\Temp\MMBPlayer\lib pkcs11-helper-1.dll
MOD - [2013/05/21 21:43:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\30e3a21202000677d0a9270572251477 \System.Windows.Forms.ni.dll
MOD - [2013/05/21 21:42:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\716959df79685a1eae0fc14275a32b0f\WindowsB ase.ni.dll
MOD - [2013/05/21 21:42:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\764f15e86c82662e977bd418bd6318c1 \System.Configuration.ni.dll
MOD - [2013/04/09 16:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgoo glenaclpluginchrome.dll
MOD - [2013/04/09 16:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\Peppe rFlash\pepflashplayer.dll
MOD - [2013/04/09 16:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.d ll
MOD - [2013/04/09 16:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libgl esv2.dll
MOD - [2013/04/09 16:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libeg l.dll
MOD - [2013/04/09 16:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpe gsumo.dll
MOD - [2013/02/20 07:00:17 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torCommon\8c4058d017d39a61458f635112f4e394\IAStorC ommon.ni.dll
MOD - [2013/02/20 07:00:16 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torUtil\7b0ad24d45e2a3f5f54f5f71748d8545\IAStorUti l.ni.dll
MOD - [2013/02/20 06:18:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83 \System.Runtime.Remoting.ni.dll
MOD - [2013/02/20 06:17:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\eead6629e384a5b69f9ae35284b7eeed\Syste m.Drawing.ni.dll
MOD - [2013/02/20 06:17:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\f687c43e9fdec031988b33ae722c4613\System.Xm l.ni.dll
MOD - [2013/02/20 06:17:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/20 06:16:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni .dll
MOD - [2013/01/10 07:57:23 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni .dll
MOD - [2012/07/14 16:34:25 | 001,410,400 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2012/07/14 16:34:25 | 000,513,376 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2012/07/14 16:34:24 | 000,013,664 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011/07/19 05:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2011/03/30 16:11:30 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/14 17:14:22 | 000,132,384 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
MOD - [2008/07/07 13:00:26 | 003,624,960 | ---- | M] () -- C:\Program Files\SmartBRO\USB Modem.exe


========== Services (SafeList) ==========

SRV - [2013/05/22 07:56:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/22 00:08:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/31 18:43:11 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
SRV - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013/02/07 18:08:46 | 000,101,376 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe -- (Freemake Improver)
SRV - [2013/02/07 18:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 02:02:14 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/10 10:21:23 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/07/15 18:30:01 | 001,343,400 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/05 13:22:50 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/01/05 13:11:14 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/01/05 13:09:24 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/12/14 17:14:12 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/11/16 21:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/10/06 12:08:48 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 12:08:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\NPF.sys -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\nicholle\AppData\Local\Temp\UVT7464.tmp -- (GarenaPEngine)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/31 18:43:14 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2013/03/31 18:43:14 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/03/31 18:43:14 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/03/31 18:43:14 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2013/02/28 05:57:27 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/02/20 11:07:38 | 000,171,680 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/02/20 11:07:38 | 000,047,568 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2013/01/10 15:08:16 | 000,150,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2013/01/10 15:08:14 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/01/10 15:08:14 | 000,046,056 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2012/10/25 17:23:06 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/10/25 17:23:06 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/10/25 17:23:06 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 22:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012/08/07 10:24:46 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSM\0206000.03D\ccSetx 86.sys -- (ccSet_NSM)
DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/07/21 14:53:40 | 000,197,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NSM\0206000.03D\symrdr s.sys -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012/06/08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2011/08/17 19:50:34 | 000,024,672 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2011/03/30 16:11:38 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/03/10 17:02:00 | 001,282,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011/01/25 11:47:44 | 000,068,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/12/05 01:39:44 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/11/24 11:30:40 | 002,128,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/21 18:05:44 | 000,196,352 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2010/10/19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010/10/18 16:20:02 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/10/18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/10/18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/10/18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/30 16:44:32 | 000,218,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2010/08/16 17:28:50 | 000,005,888 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV - [2010/01/15 18:08:42 | 000,032,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LhdX86.sys -- (LHDmgr)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/03/04 16:40:04 | 000,097,408 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmusbser.sys -- (qcusbser)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-results.info/?pi...74&lg=EN&cc=PH
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
IE - HKLM\..\SearchScopes\{959DD957-6EA9-469F-A35E-A1BF9B55BDBA}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/03/18&hid=792316374&lg=EN&cc=PH
IE - HKLM\..\SearchScopes\{E119618A-0F31-48CA-B756-AD745B8F48D4}: "URL" = ${SEARCH_URL}{searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 16 24 EF 33 56 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
IE - HKCU\..\SearchScopes,DefaultScope = {69CD0C8C-9B21-471E-93FF-D64BC17C913A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=4d00c63c-565c-11e2-bf75-dc0ea1f0afaa&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId= 50CF666D57E7ABE5
IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
IE - HKCU\..\SearchScopes\{69CD0C8C-9B21-471E-93FF-D64BC17C913A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=127
IE - HKCU\..\SearchScopes\{73F94418-3FC4-4E59-B816-7A6770EA7F47}: "URL" = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{91B8A9FC-169A-4157-A39C-EEC3C0A48BA7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10269&src=kw&q={searchTerms}&locale=en_PH&a pn_ptnrs=^AH0&apn_dtid=^YYYYYY^YY^PH&apn_uid=31df5 540-b5cb-4ea1-8749-eace739f0b67&apn_sauid=2CBE0D3B-EA8D-42D1-99A6-258133F76658
IE - HKCU\..\SearchScopes\{959DD957-6EA9-469F-A35E-A1BF9B55BDBA}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/03/18&hid=792316374&lg=EN&cc=PH
IE - HKCU\..\SearchScopes\{E119618A-0F31-48CA-B756-AD745B8F48D4}: "URL" = http://searchou.com/?affil=7&uid=4d00c63c-565c-11e2-bf75-dc0ea1f0afaa&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_70 0_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112 .dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmai l.com\ [2013/02/10 15:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\ytfmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gm ail.com\ [2013/02/10 15:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/01/17 01:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.61\coFFFw\ [2013/03/21 20:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/05/22 03:56:00 | 000,000,000 | ---D | M]

[2013/05/22 08:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/22 00:08:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2013/05/22 00:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/22 00:08:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/16 05:02:49 | 000,000,000 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/03/21 06:42:53 | 000,006,468 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:acceptedSuggestion}{google:originalQueryF orSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{goog le:sourceId}{google:instantExtendedEnabledParamete r}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}sugkey={google:suggestAPIKeyParam eter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\Peppe rFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.d ll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_30 0_262.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0\
CHR - Extension: Google Drive = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\
CHR - Extension: YouTube = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\
CHR - Extension: Freemake Video Downloader = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojd mmimdf\1.0.0_0\
CHR - Extension: uTorrentControl_v6 = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggah iomebp\10.15.0.562_0\
CHR - Extension: Google Search = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\
CHR - Extension: Freemake Youtube Download Button = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomdd hccfgh\1.0.0_0\
CHR - Extension: Browsoee2save = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcknfjajbdljlbpnemmaajcac ocjnle\1\
CHR - Extension: Freemake Video Converter = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhin clbigj\1.0.0_0\
CHR - Extension: Adventure Time - Finn, Jake and BMO = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmgldhndejkhjokapdbmclded ofhabl\1_0\
CHR - Extension: Norton Identity Protection = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.3.2.10_0\
CHR - Extension: Gmail = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Users\nicholle\AppData\Roaming\uTorrent\uTorren t.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{0B2A7D6D-9BC2-43E7-9E15-61150A01231C}: NameServer = 10.198.220.124 202.126.40.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{48056DE4-4AB9-4E99-AC13-E0A3D4C8D1C0}: NameServer = 10.198.220.124 202.126.40.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{5F9CD73A-D626-47B9-8947-A4C2AC3A891C}: NameServer = 121.1.3.74 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{6B3ADA04-D08C-4A12-9950-909E8220E55C}: NameServer = 10.198.220.124 202.126.40.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{AC5A7909-C4FB-46F0-8E2A-FF23F7BC1360}: NameServer = 10.198.220.124 202.126.40.5
O18 - Protocol\Handler\wlpg - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/10 10:03:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28c1fe68-9ea9-11e2-9de1-dc0ea1f0afaa}\Shell - "" = AutoRun
O33 - MountPoints2\{28c1fe68-9ea9-11e2-9de1-dc0ea1f0afaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{329dba79-99ee-11e2-9d29-dc0ea1f0afaa}\Shell - "" = AutoRun
O33 - MountPoints2\{329dba79-99ee-11e2-9d29-dc0ea1f0afaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{329dba87-99ee-11e2-9d29-dc0ea1f0afaa}\Shell - "" = AutoRun
O33 - MountPoints2\{329dba87-99ee-11e2-9d29-dc0ea1f0afaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{44f19872-9f9a-11e2-a29e-c01885f0ca64}\Shell - "" = AutoRun
O33 - MountPoints2\{44f19872-9f9a-11e2-a29e-c01885f0ca64}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{45c781a6-a0a9-11e2-bf19-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{45c781a6-a0a9-11e2-bf19-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/22 17:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/22 17:31:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/22 17:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/22 08:15:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Hotspot Shield
[2013/05/22 07:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulisess Seguridad
[2013/05/22 03:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/05/22 03:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/05/22 03:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2013/05/22 00:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/03 16:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/03 16:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/04/26 20:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2013/04/26 20:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/04/25 12:22:11 | 000,000,000 | ---D | C] -- C:\Freemake
[2013/04/25 12:22:11 | 000,000,000 | ---D | C] -- \Freemake

========== Files - Modified Within 30 Days ==========

[2013/05/23 09:01:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 08:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/23 08:40:44 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/23 08:40:44 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/23 08:37:28 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 08:37:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 08:37:13 | 1561,743,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 08:35:03 | 000,031,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 08:35:03 | 000,031,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 21:41:42 | 003,812,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/03/19 04:15:23 | 000,000,256 | ---- | C] () -- \WirelessDiagLog.csv
[2013/03/18 11:15:25 | 000,000,058 | ---- | C] () -- C:\Windows\System32\msadio.dll
[2013/03/03 14:37:15 | 000,000,884 | RHS- | C] () -- C:\Users\nicholle\ntuser.pol
[2013/03/01 21:14:06 | 000,002,504 | ---- | C] () -- \{A0D73995-E70C-4665-9832-F96A7174811D}
[2013/03/01 21:09:36 | 000,002,648 | ---- | C] () -- \{E7AEEAA8-0F87-4072-A978-CD1120991FB8}
[2013/03/01 21:08:19 | 000,002,392 | ---- | C] () -- \{F4E59074-3B3A-47C3-983F-F9E5D71B6233}
[2013/03/01 21:05:07 | 000,002,744 | ---- | C] () -- \{C58E8D48-317F-4619-884E-0A31862AF13B}
[2013/03/01 21:00:03 | 000,002,720 | ---- | C] () -- \{1DDE181D-A6A9-4BE3-8CA7-3CDEF85FEAD9}
[2013/02/15 05:26:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2013/02/15 05:26:00 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2013/02/05 03:09:57 | 000,203,464 | RHS- | C] () -- \grldr
[2013/02/05 03:09:57 | 000,000,014 | RHS- | C] () -- \win7.ld
[2013/02/05 00:36:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/02/05 00:35:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/01/18 13:04:40 | 000,000,000 | ---- | C] () -- C:\Users\nicholle\cscript
[2013/01/10 11:10:33 | 000,916,480 | ---- | C] () -- C:\Windows\expstart.exe
[2012/12/14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012/12/14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012/12/14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/12/14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/12/14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012/11/18 19:48:55 | 000,053,410 | ---- | C] () -- \Grumpy3DRPG-20121118194553353.dmp
[2012/11/10 10:22:15 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc
[2012/08/16 03:34:51 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/15 06:21:56 | 1561,743,360 | -HS- | C] () -- \hiberfil.sys
[2012/07/14 17:15:40 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/14 16:34:37 | 001,410,400 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll
[2012/07/14 16:34:37 | 000,660,832 | ---- | C] () -- C:\Windows\System32\EncIcons.dll
[2012/07/14 16:34:37 | 000,513,376 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll
[2012/07/14 16:34:33 | 002,086,240 | ---- | C] () -- C:\Windows\System32\LenovoVeriface.Interface.dll
[2012/07/14 16:34:33 | 001,500,512 | ---- | C] () -- C:\Windows\System32\Apblend.dll
[2012/07/14 16:34:33 | 001,171,456 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2012/07/14 16:34:33 | 000,466,944 | ---- | C] () -- C:\Windows\System32\Lenovo.VerifaceStub.dll
[2012/07/14 16:34:04 | 001,044,480 | ---- | C] () -- C:\Windows\System32\3DImageRenderer.dll
[2012/07/14 16:17:11 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012/07/14 16:15:21 | 000,001,652 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2012/07/14 16:15:21 | 000,001,652 | ---- | C] () -- C:\Windows\System32\vm331Rmv.ini
[2012/07/14 16:09:53 | 000,000,003 | ---- | C] () -- \7Loader.TAG
[2009/07/14 10:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 10:04:04 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >
Reply With Quote
  #5  
Old May 23rd, 2013, 02:41 AM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
Extras.txt

OTL Extras logfile created on: 5/23/2013 9:15:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nicholle\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.08% Memory free
3.88 Gb Paging File | 2.05 Gb Available in Paging File | 52.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 235.84 Gb Total Space | 179.05 Gb Free Space | 75.92% Space Free | Partition Type: NTFS
Drive D: | 228.74 Gb Total Space | 98.93 Gb Free Space | 43.25% Space Free | Partition Type: NTFS

Computer Name: MJ-PC | User Name: nicholle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{01EE22D4-96F8-4A22-94BD-5AAED71E847A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{022BE9B0-9480-4059-8E6E-D2B2ECB05CB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04C4930B-F8C6-427E-9C68-A3CB4A73605A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06A90E14-BC20-421F-9F3A-87D638142436}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0A79FE75-36B2-4286-961B-310982D2CF1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0B396C9E-C422-48B7-B734-F075865ACA6F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1161D720-58EB-432E-93D1-F617E783834D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1301903B-A05C-4E1E-87A2-4840F2374C4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DBD4D30-0EE2-41F1-AFE5-A0D09B2944DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F6DDFB4-904A-42B9-823B-3F4DA4DA5067}" = rport=138 | protocol=17 | dir=out | app=system |
"{35DF4B34-F025-4702-B3EB-52199D1C79A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{367CF5FA-C363-4DED-8532-238B208C33E3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4031808D-55FE-457E-AA7B-0AC70CFEE78F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{511E7B54-2D3A-494C-8CA7-BB9C73725F22}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53525E36-591B-4033-B40E-D40721F72DD0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5733B38D-5C1B-4B87-9F49-787DF1BA2B91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6131FA94-B8D1-46AC-A9BD-FB04A5AF368B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BA375AA-AAA9-4625-A75E-167D95C2567C}" = rport=139 | protocol=6 | dir=out | app=system |
"{734537B2-9AD0-410D-A438-9784B844036A}" = rport=445 | protocol=6 | dir=out | app=system |
"{7CC32425-0E8D-41CE-A90C-842F9E681F77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82026CB7-727F-47A6-AA82-9C162682A353}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8B1F0FC0-ACD0-421E-9C00-A4E03AB4EE28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BC06F5D-384C-476B-9D72-2D199030223B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{92B6A862-BB48-4647-916D-D00FBF146799}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{94148782-6C9B-4FED-83E0-B70DBCA8F825}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A159C89D-0CB2-468F-BC8E-48860E9F0AA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8AAA7B9-7FA1-4700-998F-7CCAF1AAF39B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B4B50722-83BA-46C5-86AB-330C6E902ECF}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9C56282-B7A7-407E-8E40-F1DAC5D593D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA798041-4757-420D-A8C2-97149E92BF59}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE9AC8E3-794D-49BB-8931-CC440EB3FEDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBE52846-7997-4562-A169-1E0E162306FE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CE1A8DB4-D1C1-49A5-A1C5-8348B1407017}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4C0DAC4-C44E-423D-AD87-875DB26C123D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{031326D6-B024-4F7D-8E17-85092D9A5F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C5AFEA7-C879-4244-96A8-4019B7DBD77F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{14298D60-617B-475D-BA83-BE87D33C5B51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{188A037B-BA34-4D44-8631-D26DD8E2A8AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{288F6EE6-ED18-4F81-80F9-3F43291D446E}" = protocol=6 | dir=in | app=c:\users\nicholle\appdata\roaming\utorrent\uto rrent.exe |
"{2EA08520-286D-4ED5-B884-3176D69F6727}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{616BAB7F-374D-4976-9E91-F9AA36E240EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{792A3A42-D123-4803-88BA-02D35F806E6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83251B03-A3EA-43E9-B158-9B396B92F95E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{850CCB7B-6FED-4A2B-B87B-D4A96800B21F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{88DA78BF-6354-4FF2-A18C-5773E057BF7E}" = dir=in | app=c:\users\nicholle\appdata\local\microsoft\skyd rive\skydrive.exe |
"{8E362BA1-5F7B-4238-9F21-30BD0AA0D68C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{969B3A5A-2A7B-48FC-B368-36EBF93B99D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96E15CB8-70A1-4F04-BA39-EF0DCCE906ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98609B46-9E3F-43C1-A1D6-8EC7EDA1B39D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8E309C2-D512-421C-AF01-B4334D5ABF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B91B7D07-7EED-4E4A-BE72-D30C8ECD1477}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C0D98804-3E1D-43EB-AC24-951129E398ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C19B0B41-35E8-4E8C-9E57-9C5149AAED96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5B56F65-1259-4170-96B4-41B96BFF4476}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C64B0329-7BD8-4700-80D8-359A4A8B722E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA3E8A24-D924-4891-B451-1B6E665D0518}" = protocol=6 | dir=out | app=system |
"{CEE2D15C-EF3A-4F69-A6DE-845D7F136E57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAC7ACF5-DEC8-41E0-9635-575BF720A688}" = protocol=17 | dir=in | app=c:\users\nicholle\appdata\roaming\utorrent\uto rrent.exe |
"{EB598A6D-5BCC-47AB-81BC-9224E763A75E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FC279B72-BFE0-41B3-80D7-187337C16FDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF3C5FB5-3BAA-4D39-9DC2-485D88C230E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0190D5C5-1D14-4583-9C7B-F667B6B7C55B}C:\program files\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\room\garena_room.exe |
"TCP Query User{2EA09C9F-E4A3-4D69-BC17-45031B5309F8}C:\users\nicholle\appdata\local\temp\ mmbplayer\openvpn.exe" = protocol=6 | dir=in | app=c:\users\nicholle\appdata\local\temp\mmbplayer \openvpn.exe |
"TCP Query User{5D34815F-5797-4B4F-84E8-9FD9AB37ADAF}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{969D0FC4-3841-4B26-8088-D056DE9D4EAB}D:\nicho\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\nicho\warcraft iii\war3.exe |
"TCP Query User{B7031AF8-B9A3-4D08-978D-832A16215087}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe |
"TCP Query User{C3E3D06F-3543-40B1-BEDC-07E8FD13968C}C:\program files\red alert 2 yuri's revenge\gamemd.exe" = protocol=6 | dir=in | app=c:\program files\red alert 2 yuri's revenge\gamemd.exe |
"UDP Query User{18CA6B45-B28C-4D58-B7CD-60C8DD885E30}C:\program files\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\room\garena_room.exe |
"UDP Query User{3AE8D3E9-7269-44E8-955F-CED838D8D32D}C:\program files\red alert 2 yuri's revenge\gamemd.exe" = protocol=17 | dir=in | app=c:\program files\red alert 2 yuri's revenge\gamemd.exe |
"UDP Query User{6CD16CDD-B998-45FE-9C9C-B08A06F5D8E2}C:\users\nicholle\appdata\local\temp\ mmbplayer\openvpn.exe" = protocol=17 | dir=in | app=c:\users\nicholle\appdata\local\temp\mmbplayer \openvpn.exe |
"UDP Query User{7765B8EF-572C-473A-9CCC-CAD5FE6DFEAB}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe |
"UDP Query User{7F8CB232-69AE-4BCE-B1FE-AE8C87BB0582}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{D9F45A10-09BF-43A7-B676-DBF6C7E960D7}D:\nicho\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\nicho\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13C4E8F0-B747-4C7C-9090-884832F9F90A}" = Proteus 7 Professional
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 2.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D85392-8DAB-4AEA-85E3-C3242055DF9D}_is1" = Vampires vs Zombies version 1.0.0.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FBFA7DDB-4188-457E-BD16-81B26E2B447C}" = ESET Smart Security
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"BlueSprig_JetClean_is1" = JetClean
"BurnAware Free_is1" = BurnAware Free 6.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DVD-Cloner 2013_is1" = DVD-Cloner V10.20 Build 1204
"ELECTRA_is1" = ELECTRA 2.4
"Freemake Video Converter_is1" = Freemake Video Converter version 3.2.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Globe Tattoo Broadband" = Globe Tattoo Broadband
"Google Chrome" = Google Chrome
"im" = Garena Plus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"MiNODServer" = ESET Virtual Update Server (MiNODServer)
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SmartBRO version_is1" = SmartBRO version 4.810
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TAP-Windows" = TAP-Windows 9.9.2
"Target 3001! V14 discover" = Target 3001! V14 discover
"Texas Holdem Poker 3D Deluxe Edition DeLEGiON_is1" = Texas Holdem Poker 3D Deluxe Edition v1 0 DeLEGiON
"Ulisess Seguridad_is1" = Ulisess Seguridad 10.3.0
"uTorrent" = µTorrent
"uTorrent Turbo Accelerator" = uTorrent Turbo Accelerator
"VeriFace" = VeriFace
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2013 10:54:04 AM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 2/4/2013 11:54:05 AM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 2/4/2013 12:54:05 PM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 488
Description = WinMail (3636) WindowsMail0: An attempt to create the file "C:\Users\nicholle\AppData\Local\Microsoft\Win dows
Mail\WindowsMail.pat" failed with system error 5 (0x00000005): "Access is denied.
". The create file operation will fail with error -1032 (0xfffffbf8).

Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 217
Description = WinMail (3636) WindowsMail0: Error (-1032) during backup of a database
(file C:\Users\nicholle\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
The database will be unable to restore.

Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 215
Description = WinMail (3636) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 2/4/2013 3:37:11 PM | Computer Name = mj-PC | Source = RasClient | ID = 20227
Description =

Error - 2/4/2013 3:37:47 PM | Computer Name = mj-PC | Source = RasClient | ID = 20227
Description =

Error - 2/10/2013 12:36:46 AM | Computer Name = mj-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 2/10/2013 1:06:06 AM | Computer Name = mj-PC | Source = Windows Activation Technologies | ID = 3
Description =

[ Media Center Events ]
Error - 4/28/2013 1:25:25 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:25:02 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 4/28/2013 1:25:55 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:25:27 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 4/28/2013 1:26:16 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:26:06 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 4/28/2013 1:28:08 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:27:56 PM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 4/28/2013 1:28:49 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:28:11 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 4/28/2013 1:28:56 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:28:51 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 4/30/2013 12:36:35 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 12:36:30 PM - Error connecting to the internet. 12:36:30 PM - Unable
to contact server..

Error - 5/21/2013 8:28:45 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 8:28:44 AM - Error connecting to the internet. 8:28:45 AM - Unable
to contact server..

Error - 5/21/2013 8:28:56 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 8:28:50 AM - Error connecting to the internet. 8:28:50 AM - Unable
to contact server..

Error - 5/22/2013 8:18:29 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 8:18:24 AM - Error connecting to the internet. 8:18:24 AM - Unable
to contact server..

[ System Events ]
Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 9:08:02 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5


< End of report >
Reply With Quote
  #6  
Old May 23rd, 2013, 02:43 AM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
Extras.txt

OTL Extras logfile created on: 5/23/2013 9:15:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nicholle\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.08% Memory free
3.88 Gb Paging File | 2.05 Gb Available in Paging File | 52.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 235.84 Gb Total Space | 179.05 Gb Free Space | 75.92% Space Free | Partition Type: NTFS
Drive D: | 228.74 Gb Total Space | 98.93 Gb Free Space | 43.25% Space Free | Partition Type: NTFS

Computer Name: MJ-PC | User Name: nicholle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{01EE22D4-96F8-4A22-94BD-5AAED71E847A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{022BE9B0-9480-4059-8E6E-D2B2ECB05CB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04C4930B-F8C6-427E-9C68-A3CB4A73605A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06A90E14-BC20-421F-9F3A-87D638142436}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0A79FE75-36B2-4286-961B-310982D2CF1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0B396C9E-C422-48B7-B734-F075865ACA6F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1161D720-58EB-432E-93D1-F617E783834D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1301903B-A05C-4E1E-87A2-4840F2374C4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DBD4D30-0EE2-41F1-AFE5-A0D09B2944DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F6DDFB4-904A-42B9-823B-3F4DA4DA5067}" = rport=138 | protocol=17 | dir=out | app=system |
"{35DF4B34-F025-4702-B3EB-52199D1C79A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{367CF5FA-C363-4DED-8532-238B208C33E3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4031808D-55FE-457E-AA7B-0AC70CFEE78F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{511E7B54-2D3A-494C-8CA7-BB9C73725F22}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53525E36-591B-4033-B40E-D40721F72DD0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5733B38D-5C1B-4B87-9F49-787DF1BA2B91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6131FA94-B8D1-46AC-A9BD-FB04A5AF368B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BA375AA-AAA9-4625-A75E-167D95C2567C}" = rport=139 | protocol=6 | dir=out | app=system |
"{734537B2-9AD0-410D-A438-9784B844036A}" = rport=445 | protocol=6 | dir=out | app=system |
"{7CC32425-0E8D-41CE-A90C-842F9E681F77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82026CB7-727F-47A6-AA82-9C162682A353}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8B1F0FC0-ACD0-421E-9C00-A4E03AB4EE28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BC06F5D-384C-476B-9D72-2D199030223B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{92B6A862-BB48-4647-916D-D00FBF146799}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{94148782-6C9B-4FED-83E0-B70DBCA8F825}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A159C89D-0CB2-468F-BC8E-48860E9F0AA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8AAA7B9-7FA1-4700-998F-7CCAF1AAF39B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B4B50722-83BA-46C5-86AB-330C6E902ECF}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9C56282-B7A7-407E-8E40-F1DAC5D593D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA798041-4757-420D-A8C2-97149E92BF59}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE9AC8E3-794D-49BB-8931-CC440EB3FEDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBE52846-7997-4562-A169-1E0E162306FE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CE1A8DB4-D1C1-49A5-A1C5-8348B1407017}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4C0DAC4-C44E-423D-AD87-875DB26C123D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{031326D6-B024-4F7D-8E17-85092D9A5F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C5AFEA7-C879-4244-96A8-4019B7DBD77F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{14298D60-617B-475D-BA83-BE87D33C5B51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{188A037B-BA34-4D44-8631-D26DD8E2A8AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{288F6EE6-ED18-4F81-80F9-3F43291D446E}" = protocol=6 | dir=in | app=c:\users\nicholle\appdata\roaming\utorrent\uto rrent.exe |
"{2EA08520-286D-4ED5-B884-3176D69F6727}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{616BAB7F-374D-4976-9E91-F9AA36E240EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{792A3A42-D123-4803-88BA-02D35F806E6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83251B03-A3EA-43E9-B158-9B396B92F95E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{850CCB7B-6FED-4A2B-B87B-D4A96800B21F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{88DA78BF-6354-4FF2-A18C-5773E057BF7E}" = dir=in | app=c:\users\nicholle\appdata\local\microsoft\skyd rive\skydrive.exe |
"{8E362BA1-5F7B-4238-9F21-30BD0AA0D68C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{969B3A5A-2A7B-48FC-B368-36EBF93B99D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96E15CB8-70A1-4F04-BA39-EF0DCCE906ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98609B46-9E3F-43C1-A1D6-8EC7EDA1B39D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8E309C2-D512-421C-AF01-B4334D5ABF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B91B7D07-7EED-4E4A-BE72-D30C8ECD1477}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C0D98804-3E1D-43EB-AC24-951129E398ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C19B0B41-35E8-4E8C-9E57-9C5149AAED96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5B56F65-1259-4170-96B4-41B96BFF4476}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C64B0329-7BD8-4700-80D8-359A4A8B722E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA3E8A24-D924-4891-B451-1B6E665D0518}" = protocol=6 | dir=out | app=system |
"{CEE2D15C-EF3A-4F69-A6DE-845D7F136E57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAC7ACF5-DEC8-41E0-9635-575BF720A688}" = protocol=17 | dir=in | app=c:\users\nicholle\appdata\roaming\utorrent\uto rrent.exe |
"{EB598A6D-5BCC-47AB-81BC-9224E763A75E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FC279B72-BFE0-41B3-80D7-187337C16FDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF3C5FB5-3BAA-4D39-9DC2-485D88C230E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0190D5C5-1D14-4583-9C7B-F667B6B7C55B}C:\program files\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\room\garena_room.exe |
"TCP Query User{2EA09C9F-E4A3-4D69-BC17-45031B5309F8}C:\users\nicholle\appdata\local\temp\ mmbplayer\openvpn.exe" = protocol=6 | dir=in | app=c:\users\nicholle\appdata\local\temp\mmbplayer \openvpn.exe |
"TCP Query User{5D34815F-5797-4B4F-84E8-9FD9AB37ADAF}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{969D0FC4-3841-4B26-8088-D056DE9D4EAB}D:\nicho\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\nicho\warcraft iii\war3.exe |
"TCP Query User{B7031AF8-B9A3-4D08-978D-832A16215087}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe |
"TCP Query User{C3E3D06F-3543-40B1-BEDC-07E8FD13968C}C:\program files\red alert 2 yuri's revenge\gamemd.exe" = protocol=6 | dir=in | app=c:\program files\red alert 2 yuri's revenge\gamemd.exe |
"UDP Query User{18CA6B45-B28C-4D58-B7CD-60C8DD885E30}C:\program files\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\room\garena_room.exe |
"UDP Query User{3AE8D3E9-7269-44E8-955F-CED838D8D32D}C:\program files\red alert 2 yuri's revenge\gamemd.exe" = protocol=17 | dir=in | app=c:\program files\red alert 2 yuri's revenge\gamemd.exe |
"UDP Query User{6CD16CDD-B998-45FE-9C9C-B08A06F5D8E2}C:\users\nicholle\appdata\local\temp\ mmbplayer\openvpn.exe" = protocol=17 | dir=in | app=c:\users\nicholle\appdata\local\temp\mmbplayer \openvpn.exe |
"UDP Query User{7765B8EF-572C-473A-9CCC-CAD5FE6DFEAB}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe |
"UDP Query User{7F8CB232-69AE-4BCE-B1FE-AE8C87BB0582}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{D9F45A10-09BF-43A7-B676-DBF6C7E960D7}D:\nicho\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\nicho\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13C4E8F0-B747-4C7C-9090-884832F9F90A}" = Proteus 7 Professional
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 2.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D85392-8DAB-4AEA-85E3-C3242055DF9D}_is1" = Vampires vs Zombies version 1.0.0.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FBFA7DDB-4188-457E-BD16-81B26E2B447C}" = ESET Smart Security
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"BlueSprig_JetClean_is1" = JetClean
"BurnAware Free_is1" = BurnAware Free 6.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DVD-Cloner 2013_is1" = DVD-Cloner V10.20 Build 1204
"ELECTRA_is1" = ELECTRA 2.4
"Freemake Video Converter_is1" = Freemake Video Converter version 3.2.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Globe Tattoo Broadband" = Globe Tattoo Broadband
"Google Chrome" = Google Chrome
"im" = Garena Plus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"MiNODServer" = ESET Virtual Update Server (MiNODServer)
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SmartBRO version_is1" = SmartBRO version 4.810
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TAP-Windows" = TAP-Windows 9.9.2
"Target 3001! V14 discover" = Target 3001! V14 discover
"Texas Holdem Poker 3D Deluxe Edition DeLEGiON_is1" = Texas Holdem Poker 3D Deluxe Edition v1 0 DeLEGiON
"Ulisess Seguridad_is1" = Ulisess Seguridad 10.3.0
"uTorrent" = µTorrent
"uTorrent Turbo Accelerator" = uTorrent Turbo Accelerator
"VeriFace" = VeriFace
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2013 10:54:04 AM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 2/4/2013 11:54:05 AM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 2/4/2013 12:54:05 PM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 488
Description = WinMail (3636) WindowsMail0: An attempt to create the file "C:\Users\nicholle\AppData\Local\Microsoft\Win dows
Mail\WindowsMail.pat" failed with system error 5 (0x00000005): "Access is denied.
". The create file operation will fail with error -1032 (0xfffffbf8).

Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 217
Description = WinMail (3636) WindowsMail0: Error (-1032) during backup of a database
(file C:\Users\nicholle\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
The database will be unable to restore.

Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 215
Description = WinMail (3636) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 2/4/2013 3:37:11 PM | Computer Name = mj-PC | Source = RasClient | ID = 20227
Description =

Error - 2/4/2013 3:37:47 PM | Computer Name = mj-PC | Source = RasClient | ID = 20227
Description =

Error - 2/10/2013 12:36:46 AM | Computer Name = mj-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 2/10/2013 1:06:06 AM | Computer Name = mj-PC | Source = Windows Activation Technologies | ID = 3
Description =

[ Media Center Events ]
Error - 4/28/2013 1:25:25 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:25:02 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 4/28/2013 1:25:55 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:25:27 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 4/28/2013 1:26:16 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:26:06 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 4/28/2013 1:28:08 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:27:56 PM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 4/28/2013 1:28:49 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:28:11 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 4/28/2013 1:28:56 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 1:28:51 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 4/30/2013 12:36:35 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 12:36:30 PM - Error connecting to the internet. 12:36:30 PM - Unable
to contact server..

Error - 5/21/2013 8:28:45 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 8:28:44 AM - Error connecting to the internet. 8:28:45 AM - Unable
to contact server..

Error - 5/21/2013 8:28:56 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 8:28:50 AM - Error connecting to the internet. 8:28:50 AM - Unable
to contact server..

Error - 5/22/2013 8:18:29 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0
Description = 8:18:24 AM - Error connecting to the internet. 8:18:24 AM - Unable
to contact server..

[ System Events ]
Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2

Error - 5/22/2013 9:08:02 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5


< End of report >
Reply With Quote
  #7  
Old May 23rd, 2013, 07:23 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Reply With Quote
  #8  
Old May 23rd, 2013, 10:07 AM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
Sir have you seen any problems based on the results I've brought a while ago??
Reply With Quote
  #9  
Old May 23rd, 2013, 12:11 PM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
sir schrauber here it is....

19:04:00.0574 4092 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:04:02.0576 4092 ================================================== ==========
19:04:02.0576 4092 Current date / time: 2013/05/23 19:04:02.0576
19:04:02.0576 4092 SystemInfo:
19:04:02.0576 4092
19:04:02.0576 4092 OS Version: 6.1.7601 ServicePack: 1.0
19:04:02.0576 4092 Product type: Workstation
19:04:02.0576 4092 ComputerName: MJ-PC
19:04:02.0577 4092 UserName: nicholle
19:04:02.0577 4092 Windows directory: C:\Windows
19:04:02.0577 4092 System windows directory: C:\Windows
19:04:02.0577 4092 Processor architecture: Intel x86
19:04:02.0577 4092 Number of processors: 2
19:04:02.0577 4092 Page size: 0x1000
19:04:02.0577 4092 Boot type: Normal boot
19:04:02.0577 4092 ================================================== ==========
19:04:02.0979 4092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:04:02.0982 4092 Drive \Device\Harddisk2\DR2 - Size: 0x784FD000 (1.88 Gb), SectorSize: 0x1000, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:02.0983 4092 ================================================== ==========
19:04:02.0983 4092 \Device\Harddisk0\DR0:
19:04:02.0983 4092 MBR partitions:
19:04:02.0983 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:04:02.0983 4092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D7AE000
19:04:03.0004 4092 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D7E1000, BlocksNum 0x1C97A800
19:04:03.0004 4092 \Device\Harddisk2\DR2:
19:04:03.0005 4092 MBR partitions:
19:04:03.0005 4092 ================================================== ==========
19:04:03.0085 4092 C: <-> \Device\Harddisk0\DR0\Partition2
19:04:03.0129 4092 D: <-> \Device\Harddisk0\DR0\Partition3
19:04:03.0130 4092 ================================================== ==========
19:04:03.0130 4092 Initialize success
19:04:03.0130 4092 ================================================== ==========
19:04:05.0000 1632 ================================================== ==========
19:04:05.0000 1632 Scan started
19:04:05.0000 1632 Mode: Manual;
19:04:05.0000 1632 ================================================== ==========
19:04:05.0079 1632 ================ Scan system memory ========================
19:04:05.0079 1632 System memory - ok
19:04:05.0079 1632 ================ Scan services =============================
19:04:05.0210 1632 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:04:05.0212 1632 1394ohci - ok
19:04:05.0244 1632 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:04:05.0247 1632 ACPI - ok
19:04:05.0270 1632 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:04:05.0271 1632 AcpiPmi - ok
19:04:05.0290 1632 [ F045F62270330C05D15E6E5F544FE73B ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys
19:04:05.0291 1632 ACPIVPC - ok
19:04:05.0377 1632 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:04:05.0380 1632 AdobeARMservice - ok
19:04:05.0439 1632 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
19:04:05.0444 1632 AdobeFlashPlayerUpdateSvc - ok
19:04:05.0490 1632 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:04:05.0494 1632 adp94xx - ok
19:04:05.0512 1632 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:04:05.0516 1632 adpahci - ok
19:04:05.0530 1632 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:04:05.0533 1632 adpu320 - ok
19:04:05.0558 1632 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:04:05.0560 1632 AeLookupSvc - ok
19:04:05.0587 1632 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:04:05.0591 1632 AFD - ok
19:04:05.0631 1632 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:04:05.0632 1632 agp440 - ok
19:04:05.0679 1632 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:04:05.0681 1632 aic78xx - ok
19:04:05.0706 1632 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:04:05.0708 1632 ALG - ok
19:04:05.0726 1632 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:04:05.0727 1632 aliide - ok
19:04:05.0757 1632 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:04:05.0758 1632 amdagp - ok
19:04:05.0793 1632 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:04:05.0794 1632 amdide - ok
19:04:05.0826 1632 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:04:05.0829 1632 AmdK8 - ok
19:04:05.0851 1632 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:04:05.0854 1632 AmdPPM - ok
19:04:05.0881 1632 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:04:05.0884 1632 amdsata - ok
19:04:05.0905 1632 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:04:05.0910 1632 amdsbs - ok
19:04:05.0938 1632 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:04:05.0940 1632 amdxata - ok
19:04:05.0973 1632 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:04:05.0975 1632 AppID - ok
19:04:06.0006 1632 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:04:06.0009 1632 AppIDSvc - ok
19:04:06.0040 1632 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
19:04:06.0042 1632 Appinfo - ok
19:04:06.0068 1632 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:04:06.0071 1632 AppMgmt - ok
19:04:06.0093 1632 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:04:06.0095 1632 arc - ok
19:04:06.0128 1632 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:04:06.0130 1632 arcsas - ok
19:04:06.0251 1632 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe
19:04:06.0255 1632 aspnet_state - ok
19:04:06.0285 1632 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:06.0288 1632 AsyncMac - ok
19:04:06.0315 1632 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:04:06.0317 1632 atapi - ok
19:04:06.0393 1632 [ FD08D220342C0F5556EE1D1A618817DD ] athr C:\Windows\system32\DRIVERS\athr.sys
19:04:06.0409 1632 athr - ok
19:04:06.0449 1632 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:04:06.0454 1632 AudioEndpointBuilder - ok
19:04:06.0462 1632 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:04:06.0467 1632 Audiosrv - ok
19:04:06.0496 1632 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:04:06.0498 1632 AxInstSV - ok
19:04:06.0536 1632 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:04:06.0543 1632 b06bdrv - ok
19:04:06.0562 1632 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:04:06.0566 1632 b57nd60x - ok
19:04:06.0598 1632 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:04:06.0600 1632 BDESVC - ok
19:04:06.0619 1632 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:04:06.0621 1632 Beep - ok
19:04:06.0682 1632 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:04:06.0692 1632 BFE - ok
19:04:06.0728 1632 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:04:06.0735 1632 BITS - ok
19:04:06.0753 1632 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:04:06.0754 1632 blbdrive - ok
19:04:06.0775 1632 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:04:06.0777 1632 bowser - ok
19:04:06.0796 1632 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:04:06.0797 1632 BrFiltLo - ok
19:04:06.0818 1632 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:04:06.0819 1632 BrFiltUp - ok
19:04:06.0857 1632 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:04:06.0858 1632 Browser - ok
19:04:06.0879 1632 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:04:06.0881 1632 Brserid - ok
19:04:06.0904 1632 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:04:06.0906 1632 BrSerWdm - ok
19:04:06.0925 1632 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:04:06.0926 1632 BrUsbMdm - ok
19:04:06.0947 1632 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:04:06.0948 1632 BrUsbSer - ok
19:04:06.0981 1632 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:04:06.0982 1632 BthEnum - ok
19:04:06.0993 1632 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:04:06.0994 1632 BTHMODEM - ok
19:04:07.0025 1632 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:04:07.0026 1632 BthPan - ok
19:04:07.0046 1632 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:04:07.0049 1632 BTHPORT - ok
19:04:07.0069 1632 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:04:07.0071 1632 bthserv - ok
19:04:07.0081 1632 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:04:07.0083 1632 BTHUSB - ok
19:04:07.0104 1632 [ 7C725D3F2955A04D0B491276482D8D6F ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
19:04:07.0107 1632 BTWAMPFL - ok
19:04:07.0112 1632 [ C30935C27EB451586143B79B7DAD590F ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:04:07.0113 1632 btwaudio - ok
19:04:07.0128 1632 [ 9ABEA4DC976E3F47DA2D4B169719CBAA ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
19:04:07.0129 1632 btwavdt - ok
19:04:07.0210 1632 [ 82EBFEB0249FDF850A17F7E3140FB32F ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
19:04:07.0222 1632 btwdins - ok
19:04:07.0244 1632 [ AF2B0D934730F4B8EA8A999BA01EAF62 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:04:07.0245 1632 btwl2cap - ok
19:04:07.0261 1632 [ 1E5468447E4D18FBEA5F01267D6495A5 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:04:07.0262 1632 btwrchid - ok
19:04:07.0322 1632 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NSM C:\Windows\system32\drivers\NSM\0206000.03D\ccSetx 86.sys
19:04:07.0324 1632 ccSet_NSM - ok
19:04:07.0336 1632 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:04:07.0338 1632 cdfs - ok
19:04:07.0372 1632 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:04:07.0374 1632 cdrom - ok
19:04:07.0408 1632 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:04:07.0410 1632 CertPropSvc - ok
19:04:07.0440 1632 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:04:07.0441 1632 circlass - ok
19:04:07.0474 1632 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:04:07.0477 1632 CLFS - ok
19:04:07.0516 1632 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
19:04:07.0518 1632 clr_optimization_v2.0.50727_32 - ok
19:04:07.0552 1632 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
19:04:07.0554 1632 clr_optimization_v4.0.30319_32 - ok
19:04:07.0582 1632 [ 125C828BF3673406DFD642D7BEE8434F ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
19:04:07.0584 1632 clwvd - ok
19:04:07.0590 1632 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:04:07.0591 1632 CmBatt - ok
19:04:07.0614 1632 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:04:07.0615 1632 cmdide - ok
19:04:07.0652 1632 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
19:04:07.0656 1632 CNG - ok
19:04:07.0702 1632 [ 87FE2FDE42249A69C010CCBB6757704C ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
19:04:07.0714 1632 CnxtHdAudService - ok
19:04:07.0726 1632 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:04:07.0728 1632 Compbatt - ok
19:04:07.0754 1632 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:04:07.0755 1632 CompositeBus - ok
19:04:07.0763 1632 COMSysApp - ok
19:04:07.0803 1632 [ 2155D9C6F9EF97E149BB5A75D608524D ] cphs C:\Windows\system32\IntelCpHeciSvc.exe
19:04:07.0811 1632 cphs - ok
19:04:07.0826 1632 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:04:07.0828 1632 crcdisk - ok
19:04:07.0860 1632 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:04:07.0862 1632 CryptSvc - ok
19:04:07.0894 1632 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:04:07.0898 1632 CSC - ok
19:04:07.0934 1632 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:04:07.0939 1632 CscService - ok
19:04:07.0955 1632 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:04:07.0961 1632 DcomLaunch - ok
19:04:07.0984 1632 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:04:07.0987 1632 defragsvc - ok
19:04:08.0027 1632 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:04:08.0029 1632 DfsC - ok
19:04:08.0044 1632 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:04:08.0047 1632 Dhcp - ok
19:04:08.0068 1632 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:04:08.0069 1632 discache - ok
19:04:08.0087 1632 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:04:08.0089 1632 Disk - ok
19:04:08.0116 1632 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:04:08.0119 1632 Dnscache - ok
19:04:08.0155 1632 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:04:08.0158 1632 dot3svc - ok
19:04:08.0183 1632 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:04:08.0186 1632 DPS - ok
19:04:08.0208 1632 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:04:08.0209 1632 drmkaud - ok
19:04:08.0254 1632 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:04:08.0268 1632 DXGKrnl - ok
19:04:08.0316 1632 [ 16FF05BE2BD95824B487B1476862A84B ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
19:04:08.0318 1632 eamonm - ok
19:04:08.0343 1632 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:04:08.0345 1632 EapHost - ok
19:04:08.0447 1632 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:04:08.0474 1632 ebdrv - ok
19:04:08.0501 1632 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:04:08.0503 1632 EFS - ok
19:04:08.0530 1632 [ 366369746D1818FDD8589D1F2C8A6D03 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
19:04:08.0531 1632 ehdrv - ok
19:04:08.0594 1632 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:04:08.0599 1632 ehRecvr - ok
19:04:08.0626 1632 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:04:08.0628 1632 ehSched - ok
19:04:08.0811 1632 [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
19:04:08.0828 1632 ekrn - ok
19:04:08.0867 1632 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:04:08.0871 1632 elxstor - ok
19:04:08.0896 1632 [ 5F08103444A1B5B2A38EAB729DE0A1A3 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
19:04:08.0898 1632 epfw - ok
19:04:08.0934 1632 [ CCA5BF8C921CDCAE262924F406A1D93C ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
19:04:08.0935 1632 EpfwLWF - ok
19:04:08.0957 1632 [ 9DFF2C0E4420A22CA37B655E314CAC69 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
19:04:08.0959 1632 epfwwfp - ok
19:04:08.0985 1632 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:04:08.0985 1632 ErrDev - ok
19:04:09.0022 1632 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:04:09.0025 1632 EventSystem - ok
19:04:09.0115 1632 [ 45A155528BB57183DA2687D3E73443D3 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:04:09.0128 1632 EvtEng - ok
19:04:09.0166 1632 [ 95BCB4321962028799EB2EA53319BB0C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
19:04:09.0169 1632 ewusbnet - ok
19:04:09.0203 1632 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:04:09.0205 1632 ew_hwusbdev - ok
19:04:09.0220 1632 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:04:09.0222 1632 exfat - ok
19:04:09.0237 1632 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:04:09.0239 1632 fastfat - ok
19:04:09.0279 1632 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:04:09.0286 1632 Fax - ok
19:04:09.0311 1632 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:04:09.0312 1632 fdc - ok
19:04:09.0339 1632 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:04:09.0341 1632 fdPHost - ok
19:04:09.0361 1632 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:04:09.0363 1632 FDResPub - ok
19:04:09.0384 1632 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:04:09.0385 1632 FileInfo - ok
19:04:09.0396 1632 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:04:09.0398 1632 Filetrace - ok
19:04:09.0444 1632 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:04:09.0453 1632 FLEXnet Licensing Service - ok
19:04:09.0470 1632 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:04:09.0471 1632 flpydisk - ok
19:04:09.0493 1632 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:04:09.0495 1632 FltMgr - ok
19:04:09.0536 1632 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
19:04:09.0544 1632 FontCache - ok
19:04:09.0595 1632 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
19:04:09.0596 1632 FontCache3.0.0.0 - ok
19:04:09.0667 1632 [ 2399F2C7F173D27D91CDEE63E9D287F5 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe
19:04:09.0670 1632 Freemake Improver - ok
19:04:09.0715 1632 [ 7856550FCB1A99A487805332FE2B6C71 ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
19:04:09.0717 1632 FreemakeVideoCapture - ok
19:04:09.0737 1632 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:04:09.0739 1632 FsDepends - ok
19:04:09.0773 1632 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:04:09.0776 1632 fssfltr - ok
19:04:09.0798 1632 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:04:09.0799 1632 Fs_Rec - ok
19:04:09.0837 1632 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:04:09.0840 1632 fvevol - ok
19:04:09.0866 1632 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:04:09.0867 1632 gagp30kx - ok
19:04:09.0967 1632 GarenaPEngine - ok
19:04:10.0022 1632 GGSAFERDriver - ok
19:04:10.0088 1632 [ 38106C7BD34EAE89D2769AC0BA2E846B ] Globe Tattoo Broadband. RunOuc C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe
19:04:10.0091 1632 Globe Tattoo Broadband. RunOuc - ok
19:04:10.0133 1632 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:04:10.0140 1632 gpsvc - ok
19:04:10.0186 1632 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:04:10.0190 1632 gupdate - ok
19:04:10.0198 1632 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:04:10.0201 1632 gupdatem - ok
19:04:10.0234 1632 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:04:10.0236 1632 hcw85cir - ok
19:04:10.0265 1632 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:04:10.0270 1632 HdAudAddService - ok
19:04:10.0295 1632 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:04:10.0298 1632 HDAudBus - ok
19:04:10.0317 1632 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:04:10.0319 1632 HidBatt - ok
19:04:10.0348 1632 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:04:10.0350 1632 HidBth - ok
19:04:10.0366 1632 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:04:10.0368 1632 HidIr - ok
19:04:10.0399 1632 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:04:10.0401 1632 hidserv - ok
19:04:10.0426 1632 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:04:10.0427 1632 HidUsb - ok
19:04:10.0465 1632 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:04:10.0468 1632 hkmsvc - ok
19:04:10.0517 1632 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:04:10.0524 1632 HomeGroupListener - ok
19:04:10.0569 1632 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:04:10.0577 1632 HomeGroupProvider - ok
19:04:10.0615 1632 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:04:10.0617 1632 HpSAMD - ok
19:04:10.0673 1632 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:04:10.0683 1632 HTTP - ok
19:04:10.0725 1632 [ BED3A9F86A637CC6C2C5296CD82423D8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:04:10.0727 1632 huawei_enumerator - ok
19:04:10.0764 1632 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:04:10.0766 1632 hwdatacard - ok
19:04:10.0792 1632 HWDeviceService.exe - ok
19:04:10.0824 1632 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:04:10.0825 1632 hwpolicy - ok
19:04:10.0860 1632 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:04:10.0862 1632 i8042prt - ok
19:04:10.0901 1632 [ 5D5EDCB987C96E266A3DFCD6B67E48B8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:04:10.0905 1632 iaStor - ok
19:04:10.0939 1632 [ F5C0317AF600F8C0D7E4202EB04232B1 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:04:10.0941 1632 IAStorDataMgrSvc - ok
19:04:10.0981 1632 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:04:10.0986 1632 iaStorV - ok
19:04:11.0031 1632 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:04:11.0041 1632 idsvc - ok
19:04:11.0140 1632 [ 8CC51204BCE551B90B45E97BE446C48B ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:04:11.0168 1632 igfx - ok
19:04:11.0204 1632 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:04:11.0205 1632 iirsp - ok
19:04:11.0243 1632 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:04:11.0250 1632 IKEEXT - ok
19:04:11.0286 1632 [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:04:11.0289 1632 IntcDAud - ok
19:04:11.0317 1632 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:04:11.0318 1632 intelide - ok
19:04:11.0336 1632 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:04:11.0338 1632 intelppm - ok
19:04:11.0355 1632 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:04:11.0357 1632 IPBusEnum - ok
19:04:11.0377 1632 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:04:11.0378 1632 IpFilterDriver - ok
19:04:11.0412 1632 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:04:11.0418 1632 iphlpsvc - ok
19:04:11.0454 1632 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:04:11.0455 1632 IPMIDRV - ok
19:04:11.0473 1632 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:04:11.0474 1632 IPNAT - ok
19:04:11.0490 1632 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:04:11.0491 1632 IRENUM - ok
19:04:11.0515 1632 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:04:11.0516 1632 isapnp - ok
19:04:11.0540 1632 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:04:11.0542 1632 iScsiPrt - ok
19:04:11.0560 1632 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:04:11.0561 1632 kbdclass - ok
19:04:11.0583 1632 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:04:11.0584 1632 kbdhid - ok
19:04:11.0596 1632 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:04:11.0598 1632 KeyIso - ok
19:04:11.0633 1632 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
19:04:11.0635 1632 kl1 - ok
19:04:11.0679 1632 [ 654BDF113971B6DFAEA21D5554EBF5F6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:04:11.0689 1632 KLIF - ok
19:04:11.0707 1632 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:04:11.0709 1632 KLIM6 - ok
19:04:11.0723 1632 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
19:04:11.0724 1632 klkbdflt - ok
19:04:11.0733 1632 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:04:11.0734 1632 klmouflt - ok
19:04:11.0751 1632 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
19:04:11.0752 1632 kltdi - ok
19:04:11.0773 1632 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
19:04:11.0774 1632 kneps - ok
19:04:11.0799 1632 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:04:11.0800 1632 KSecDD - ok
19:04:11.0815 1632 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:04:11.0817 1632 KSecPkg - ok
19:04:11.0850 1632 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:04:11.0855 1632 KtmRm - ok
19:04:11.0882 1632 [ F3E1024A2FD8C62AF7BD4DAB147D3256 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
19:04:11.0883 1632 L1C - ok
19:04:11.0914 1632 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:04:11.0919 1632 LanmanServer - ok
19:04:11.0932 1632 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:04:11.0936 1632 LanmanWorkstation - ok
19:04:11.0966 1632 [ 8FF8B5F04AC4D57F9A965BB4DF07813E ] LHDmgr C:\Windows\system32\DRIVERS\LhdX86.sys
19:04:11.0967 1632 LHDmgr - ok
19:04:11.0997 1632 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:04:11.0998 1632 lltdio - ok
19:04:12.0038 1632 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:04:12.0042 1632 lltdsvc - ok
19:04:12.0063 1632 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:04:12.0067 1632 lmhosts - ok
19:04:12.0101 1632 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:04:12.0104 1632 LMS - ok
19:04:12.0121 1632 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:04:12.0123 1632 LSI_FC - ok
19:04:12.0141 1632 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:04:12.0143 1632 LSI_SAS - ok
19:04:12.0160 1632 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:04:12.0161 1632 LSI_SAS2 - ok
19:04:12.0183 1632 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:04:12.0185 1632 LSI_SCSI - ok
19:04:12.0206 1632 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:04:12.0207 1632 luafv - ok
19:04:12.0231 1632 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys
19:04:12.0233 1632 massfilter - ok
19:04:12.0286 1632 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:04:12.0287 1632 MBAMProtector - ok
19:04:12.0346 1632 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:04:12.0355 1632 MBAMScheduler - ok
19:04:12.0402 1632 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:04:12.0409 1632 MBAMService - ok
19:04:12.0443 1632 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:04:12.0446 1632 Mcx2Svc - ok
19:04:12.0484 1632 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:04:12.0486 1632 megasas - ok
19:04:12.0513 1632 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:04:12.0519 1632 MegaSR - ok
19:04:12.0548 1632 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
19:04:12.0549 1632 MEI - ok
19:04:12.0602 1632 Microsoft SharePoint Workspace Audit Service - ok
19:04:12.0632 1632 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:04:12.0635 1632 MMCSS - ok
19:04:12.0645 1632 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:04:12.0646 1632 Modem - ok
19:04:12.0660 1632 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:04:12.0661 1632 monitor - ok
19:04:12.0670 1632 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:04:12.0672 1632 mouclass - ok
19:04:12.0690 1632 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:04:12.0692 1632 mouhid - ok
19:04:12.0721 1632 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:04:12.0723 1632 mountmgr - ok
19:04:12.0748 1632 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:04:12.0750 1632 MozillaMaintenance - ok
19:04:12.0778 1632 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:04:12.0779 1632 mpio - ok
19:04:12.0813 1632 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:04:12.0814 1632 mpsdrv - ok
19:04:12.0879 1632 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:04:12.0894 1632 MpsSvc - ok
19:04:12.0935 1632 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:04:12.0937 1632 MRxDAV - ok
19:04:12.0961 1632 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:12.0962 1632 mrxsmb - ok
19:04:12.0979 1632 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:12.0981 1632 mrxsmb10 - ok
19:04:13.0000 1632 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:13.0002 1632 mrxsmb20 - ok
19:04:13.0031 1632 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:04:13.0033 1632 msahci - ok
19:04:13.0055 1632 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:04:13.0057 1632 msdsm - ok
19:04:13.0073 1632 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:04:13.0076 1632 MSDTC - ok
19:04:13.0113 1632 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:04:13.0114 1632 Msfs - ok
19:04:13.0128 1632 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:04:13.0129 1632 mshidkmdf - ok
19:04:13.0142 1632 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:04:13.0143 1632 msisadrv - ok
19:04:13.0175 1632 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:04:13.0178 1632 MSiSCSI - ok
19:04:13.0183 1632 msiserver - ok
19:04:13.0201 1632 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:04:13.0202 1632 MSKSSRV - ok
19:04:13.0219 1632 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:13.0220 1632 MSPCLOCK - ok
19:04:13.0231 1632 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:04:13.0232 1632 MSPQM - ok
19:04:13.0253 1632 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:04:13.0255 1632 MsRPC - ok
19:04:13.0297 1632 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:04:13.0299 1632 mssmbios - ok
19:04:13.0314 1632 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:04:13.0315 1632 MSTEE - ok
19:04:13.0331 1632 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:04:13.0332 1632 MTConfig - ok
19:04:13.0352 1632 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:04:13.0353 1632 Mup - ok
19:04:13.0380 1632 [ 068924DC70CD255CB35EC864B9C6E92D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:04:13.0383 1632 MyWiFiDHCPDNS - ok
19:04:13.0435 1632 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:04:13.0440 1632 napagent - ok
19:04:13.0476 1632 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:04:13.0479 1632 NativeWifiP - ok
19:04:13.0519 1632 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:04:13.0526 1632 NDIS - ok
19:04:13.0542 1632 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:04:13.0544 1632 NdisCap - ok
19:04:13.0560 1632 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:13.0562 1632 NdisTapi - ok
19:04:13.0593 1632 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:13.0594 1632 Ndisuio - ok
19:04:13.0620 1632 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:13.0622 1632 NdisWan - ok
19:04:13.0654 1632 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:04:13.0655 1632 NDProxy - ok
19:04:13.0680 1632 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:04:13.0682 1632 NetBIOS - ok
19:04:13.0712 1632 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:04:13.0714 1632 NetBT - ok
19:04:13.0735 1632 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:04:13.0738 1632 Netlogon - ok
19:04:13.0769 1632 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:04:13.0774 1632 Netman - ok
19:04:13.0834 1632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
19:04:13.0838 1632 NetMsmqActivator - ok
19:04:13.0850 1632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
19:04:13.0854 1632 NetPipeActivator - ok
19:04:13.0868 1632 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:04:13.0874 1632 netprofm - ok
19:04:13.0880 1632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
19:04:13.0883 1632 NetTcpActivator - ok
19:04:13.0889 1632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
19:04:13.0892 1632 NetTcpPortSharing - ok
19:04:13.0906 1632 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:04:13.0907 1632 nfrd960 - ok
19:04:13.0939 1632 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:04:13.0943 1632 NlaSvc - ok
19:04:13.0951 1632 NPF - ok
19:04:13.0970 1632 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:04:13.0971 1632 Npfs - ok
19:04:14.0001 1632 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:04:14.0004 1632 nsi - ok
19:04:14.0021 1632 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:04:14.0022 1632 nsiproxy - ok
19:04:14.0075 1632 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:04:14.0085 1632 Ntfs - ok
19:04:14.0103 1632 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:04:14.0104 1632 Null - ok
19:04:14.0142 1632 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:04:14.0144 1632 nvraid - ok

>>>>>>>>>>>see next reply<<<<<<<<<<<<<<<
Reply With Quote
  #10  
Old May 23rd, 2013, 12:12 PM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
19:04:14.0165 1632 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:04:14.0167 1632 nvstor - ok
19:04:14.0207 1632 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:04:14.0208 1632 nv_agp - ok
19:04:14.0227 1632 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:04:14.0229 1632 ohci1394 - ok
19:04:14.0278 1632 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:04:14.0280 1632 ose - ok
19:04:14.0409 1632 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
19:04:14.0457 1632 osppsvc - ok
19:04:14.0488 1632 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:04:14.0493 1632 p2pimsvc - ok
19:04:14.0518 1632 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:04:14.0524 1632 p2psvc - ok
19:04:14.0563 1632 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:04:14.0565 1632 Parport - ok
19:04:14.0596 1632 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:04:14.0598 1632 partmgr - ok
19:04:14.0612 1632 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:04:14.0613 1632 Parvdm - ok
19:04:14.0631 1632 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:04:14.0636 1632 PcaSvc - ok
19:04:14.0650 1632 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:04:14.0653 1632 pci - ok
19:04:14.0680 1632 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:04:14.0681 1632 pciide - ok
19:04:14.0703 1632 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:04:14.0706 1632 pcmcia - ok
19:04:14.0720 1632 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:04:14.0721 1632 pcw - ok
19:04:14.0750 1632 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:04:14.0755 1632 PEAUTH - ok
19:04:14.0797 1632 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:04:14.0807 1632 PeerDistSvc - ok
19:04:14.0879 1632 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:04:14.0893 1632 pla - ok
19:04:14.0938 1632 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:04:14.0944 1632 PlugPlay - ok
19:04:14.0985 1632 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:04:14.0989 1632 PNRPAutoReg - ok
19:04:15.0020 1632 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:04:15.0026 1632 PNRPsvc - ok
19:04:15.0064 1632 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:04:15.0068 1632 PolicyAgent - ok
19:04:15.0104 1632 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:04:15.0108 1632 Power - ok
19:04:15.0131 1632 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:04:15.0132 1632 PptpMiniport - ok
19:04:15.0153 1632 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:04:15.0155 1632 Processor - ok
19:04:15.0176 1632 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:04:15.0180 1632 ProfSvc - ok
19:04:15.0190 1632 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:04:15.0193 1632 ProtectedStorage - ok
19:04:15.0205 1632 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:04:15.0207 1632 Psched - ok
19:04:15.0247 1632 [ 562DCDD45902F1863B4B120F0633258B ] qcusbser C:\Windows\system32\DRIVERS\cmusbser.sys
19:04:15.0248 1632 qcusbser - ok
19:04:15.0290 1632 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:04:15.0302 1632 ql2300 - ok
19:04:15.0331 1632 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:04:15.0333 1632 ql40xx - ok
19:04:15.0362 1632 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:04:15.0366 1632 QWAVE - ok
19:04:15.0384 1632 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:04:15.0385 1632 QWAVEdrv - ok
19:04:15.0400 1632 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:04:15.0401 1632 RasAcd - ok
19:04:15.0428 1632 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:04:15.0429 1632 RasAgileVpn - ok
19:04:15.0444 1632 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:04:15.0447 1632 RasAuto - ok
19:04:15.0468 1632 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:15.0470 1632 Rasl2tp - ok
19:04:15.0503 1632 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:04:15.0508 1632 RasMan - ok
19:04:15.0525 1632 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:15.0527 1632 RasPppoe - ok
19:04:15.0541 1632 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:04:15.0543 1632 RasSstp - ok
19:04:15.0577 1632 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:04:15.0579 1632 rdbss - ok
19:04:15.0599 1632 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:04:15.0600 1632 rdpbus - ok
19:04:15.0625 1632 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:15.0626 1632 RDPCDD - ok
19:04:15.0657 1632 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:04:15.0659 1632 RDPDR - ok
19:04:15.0688 1632 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:04:15.0690 1632 RDPENCDD - ok
19:04:15.0711 1632 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:04:15.0712 1632 RDPREFMP - ok
19:04:15.0748 1632 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:04:15.0749 1632 RdpVideoMiniport - ok
19:04:15.0785 1632 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:04:15.0787 1632 RDPWD - ok
19:04:15.0835 1632 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:04:15.0837 1632 rdyboost - ok
19:04:15.0921 1632 [ 2D0E5ACA7C182FA9106A42627020813C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:04:15.0930 1632 RegSrvc - ok
19:04:15.0955 1632 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:04:15.0961 1632 RemoteAccess - ok
19:04:16.0000 1632 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:04:16.0007 1632 RemoteRegistry - ok
19:04:16.0027 1632 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
19:04:16.0029 1632 Revoflt - ok
19:04:16.0065 1632 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:04:16.0066 1632 RFCOMM - ok
19:04:16.0080 1632 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:04:16.0083 1632 RpcEptMapper - ok
19:04:16.0114 1632 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:04:16.0116 1632 RpcLocator - ok
19:04:16.0153 1632 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:04:16.0159 1632 RpcSs - ok
19:04:16.0191 1632 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:04:16.0193 1632 rspndr - ok
19:04:16.0224 1632 [ 7B67672F2AF95E2208AE883C2702E298 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
19:04:16.0226 1632 RSUSBVSTOR - ok
19:04:16.0251 1632 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:04:16.0252 1632 s3cap - ok
19:04:16.0266 1632 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:04:16.0268 1632 SamSs - ok
19:04:16.0293 1632 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:04:16.0295 1632 sbp2port - ok
19:04:16.0335 1632 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:04:16.0339 1632 SCardSvr - ok
19:04:16.0377 1632 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:04:16.0379 1632 scfilter - ok
19:04:16.0419 1632 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:04:16.0428 1632 Schedule - ok
19:04:16.0460 1632 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:04:16.0462 1632 SCPolicySvc - ok
19:04:16.0484 1632 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:04:16.0488 1632 SDRSVC - ok
19:04:16.0523 1632 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:04:16.0524 1632 secdrv - ok
19:04:16.0545 1632 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:04:16.0548 1632 seclogon - ok
19:04:16.0569 1632 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:04:16.0572 1632 SENS - ok
19:04:16.0600 1632 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:04:16.0604 1632 SensrSvc - ok
19:04:16.0626 1632 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:04:16.0627 1632 Serenum - ok
19:04:16.0646 1632 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:04:16.0647 1632 Serial - ok
19:04:16.0679 1632 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:04:16.0680 1632 sermouse - ok
19:04:16.0734 1632 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:04:16.0738 1632 SessionEnv - ok
19:04:16.0776 1632 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:04:16.0777 1632 sffdisk - ok
19:04:16.0788 1632 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:04:16.0789 1632 sffp_mmc - ok
19:04:16.0818 1632 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:04:16.0819 1632 sffp_sd - ok
19:04:16.0856 1632 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:04:16.0857 1632 sfloppy - ok
19:04:16.0917 1632 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:04:16.0925 1632 SharedAccess - ok
19:04:16.0976 1632 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:04:16.0983 1632 ShellHWDetection - ok
19:04:17.0025 1632 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:04:17.0027 1632 sisagp - ok
19:04:17.0051 1632 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:04:17.0052 1632 SiSRaid2 - ok
19:04:17.0080 1632 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:04:17.0081 1632 SiSRaid4 - ok
19:04:17.0099 1632 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:04:17.0101 1632 Smb - ok
19:04:17.0138 1632 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:04:17.0142 1632 SNMPTRAP - ok
19:04:17.0158 1632 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:04:17.0160 1632 spldr - ok
19:04:17.0189 1632 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:04:17.0195 1632 Spooler - ok
19:04:17.0293 1632 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:04:17.0326 1632 sppsvc - ok
19:04:17.0369 1632 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:04:17.0372 1632 sppuinotify - ok
19:04:17.0404 1632 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:04:17.0408 1632 srv - ok
19:04:17.0423 1632 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:04:17.0427 1632 srv2 - ok
19:04:17.0459 1632 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:04:17.0461 1632 srvnet - ok
19:04:17.0508 1632 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:04:17.0513 1632 SSDPSRV - ok
19:04:17.0532 1632 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:04:17.0536 1632 SstpSvc - ok
19:04:17.0561 1632 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:04:17.0562 1632 stexstor - ok
19:04:17.0606 1632 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:04:17.0613 1632 StiSvc - ok
19:04:17.0640 1632 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:04:17.0641 1632 storflt - ok
19:04:17.0665 1632 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:04:17.0667 1632 storvsc - ok
19:04:17.0693 1632 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:04:17.0695 1632 swenum - ok
19:04:17.0755 1632 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:04:17.0760 1632 SwitchBoard - ok
19:04:17.0788 1632 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:04:17.0794 1632 swprv - ok
19:04:17.0833 1632 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
19:04:17.0836 1632 SymEvent - ok
19:04:17.0922 1632 [ 60528F63A391D787020126522599867C ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\system32\drivers\NSM\0206000.03D\SymRdr S.SYS
19:04:17.0926 1632 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
19:04:17.0943 1632 Synth3dVsc - ok
19:04:18.0001 1632 [ DB5B048844001D04A97CDAB2A2176F4E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:04:18.0013 1632 SynTP - ok
19:04:18.0078 1632 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:04:18.0090 1632 SysMain - ok
19:04:18.0122 1632 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:04:18.0126 1632 TabletInputService - ok
19:04:18.0162 1632 [ 5A5927C254DA9D76D66DE866E21C1058 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:04:18.0163 1632 tap0901 - ok
19:04:18.0193 1632 [ DEB7FA72F982C4881E633507C5265A3C ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
19:04:18.0195 1632 taphss6 - ok
19:04:18.0231 1632 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:04:18.0236 1632 TapiSrv - ok
19:04:18.0272 1632 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:04:18.0280 1632 TBS - ok
19:04:18.0348 1632 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:04:18.0360 1632 Tcpip - ok
19:04:18.0385 1632 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:04:18.0396 1632 TCPIP6 - ok
19:04:18.0436 1632 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:04:18.0438 1632 tcpipreg - ok
19:04:18.0467 1632 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:04:18.0468 1632 TDPIPE - ok
19:04:18.0488 1632 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:04:18.0489 1632 TDTCP - ok
19:04:18.0525 1632 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:04:18.0526 1632 tdx - ok
19:04:18.0537 1632 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:04:18.0539 1632 TermDD - ok
19:04:18.0572 1632 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:04:18.0580 1632 TermService - ok
19:04:18.0616 1632 [ 59CFDA4EACB3788F8B17F87B49B0AC0E ] Themes C:\Windows\system32\themeservice.dll
19:04:18.0620 1632 Themes - ok
19:04:18.0633 1632 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:04:18.0636 1632 THREADORDER - ok
19:04:18.0663 1632 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:04:18.0667 1632 TrkWks - ok
19:04:18.0706 1632 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:04:18.0709 1632 TrustedInstaller - ok
19:04:18.0746 1632 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:04:18.0747 1632 tssecsrv - ok
19:04:18.0781 1632 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:04:18.0783 1632 TsUsbFlt - ok
19:04:18.0795 1632 tsusbhub - ok
19:04:18.0823 1632 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:04:18.0824 1632 tunnel - ok
19:04:18.0851 1632 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\Windows\System32\Drivers\TVicHW32.sys
19:04:18.0852 1632 TVICHW32 - ok
19:04:18.0881 1632 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:04:18.0882 1632 uagp35 - ok
19:04:18.0925 1632 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:04:18.0927 1632 udfs - ok
19:04:18.0973 1632 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:04:18.0977 1632 UI0Detect - ok
19:04:18.0992 1632 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:04:18.0994 1632 uliagpkx - ok
19:04:19.0013 1632 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:04:19.0014 1632 umbus - ok
19:04:19.0023 1632 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:04:19.0024 1632 UmPass - ok
19:04:19.0060 1632 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:04:19.0065 1632 UmRdpService - ok
19:04:19.0179 1632 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:04:19.0201 1632 UNS - ok
19:04:19.0231 1632 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:04:19.0236 1632 upnphost - ok
19:04:19.0272 1632 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:04:19.0274 1632 usbccgp - ok
19:04:19.0305 1632 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:04:19.0307 1632 usbcir - ok
19:04:19.0333 1632 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:04:19.0334 1632 usbehci - ok
19:04:19.0356 1632 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:04:19.0359 1632 usbhub - ok
19:04:19.0374 1632 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:04:19.0375 1632 usbohci - ok
19:04:19.0411 1632 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:04:19.0412 1632 usbprint - ok
19:04:19.0440 1632 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:04:19.0441 1632 usbscan - ok
19:04:19.0467 1632 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:04:19.0469 1632 USBSTOR - ok
19:04:19.0477 1632 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:04:19.0479 1632 usbuhci - ok
19:04:19.0505 1632 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:04:19.0507 1632 usbvideo - ok
19:04:19.0535 1632 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:04:19.0539 1632 UxSms - ok
19:04:19.0560 1632 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:04:19.0563 1632 VaultSvc - ok
19:04:19.0580 1632 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:04:19.0581 1632 vdrvroot - ok
19:04:19.0620 1632 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:04:19.0627 1632 vds - ok
19:04:19.0651 1632 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:04:19.0652 1632 vga - ok
19:04:19.0676 1632 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:04:19.0677 1632 VgaSave - ok
19:04:19.0686 1632 VGPU - ok
19:04:19.0704 1632 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:04:19.0706 1632 vhdmp - ok
19:04:19.0727 1632 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:04:19.0728 1632 viaagp - ok
19:04:19.0755 1632 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:04:19.0756 1632 ViaC7 - ok
19:04:19.0792 1632 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:04:19.0793 1632 viaide - ok
19:04:19.0825 1632 [ EEE8ECE9DFAD269B34CC57316D62E8C6 ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys
19:04:19.0827 1632 vm331avs - ok
19:04:19.0865 1632 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:04:19.0868 1632 vmbus - ok
19:04:19.0890 1632 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:04:19.0891 1632 VMBusHID - ok
19:04:19.0913 1632 [ 7C221C3D18268CEE7016610D9AD7AD8F ] vmuvcflt C:\Windows\system32\Drivers\vmuvcflt.sys
19:04:19.0914 1632 vmuvcflt - ok
19:04:19.0953 1632 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:04:19.0956 1632 volmgr - ok
19:04:19.0987 1632 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:04:19.0990 1632 volmgrx - ok
19:04:20.0009 1632 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:04:20.0012 1632 volsnap - ok
19:04:20.0040 1632 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:04:20.0043 1632 vsmraid - ok
19:04:20.0093 1632 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:04:20.0105 1632 VSS - ok
19:04:20.0127 1632 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:04:20.0128 1632 vwifibus - ok
19:04:20.0146 1632 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:04:20.0148 1632 vwififlt - ok
19:04:20.0162 1632 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:04:20.0163 1632 vwifimp - ok
19:04:20.0199 1632 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:04:20.0205 1632 W32Time - ok
19:04:20.0243 1632 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:04:20.0244 1632 WacomPen - ok
19:04:20.0284 1632 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:04:20.0288 1632 WANARP - ok
19:04:20.0304 1632 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:04:20.0307 1632 Wanarpv6 - ok
19:04:20.0371 1632 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:04:20.0372 1632 Suspicious file (NoAccess): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 353A04C273EC58475D8633E75CCD5604
19:04:20.0378 1632 WatAdminSvc ( LockedFile.Multi.Generic ) - warning
19:04:20.0378 1632 WatAdminSvc - detected LockedFile.Multi.Generic (1)
19:04:20.0427 1632 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:04:20.0440 1632 wbengine - ok
19:04:20.0480 1632 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:04:20.0485 1632 WbioSrvc - ok
19:04:20.0513 1632 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:04:20.0518 1632 wcncsvc - ok
19:04:20.0528 1632 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:04:20.0532 1632 WcsPlugInService - ok
19:04:20.0562 1632 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:04:20.0564 1632 Wd - ok
19:04:20.0604 1632 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:04:20.0608 1632 Wdf01000 - ok
19:04:20.0626 1632 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:04:20.0630 1632 WdiServiceHost - ok
19:04:20.0639 1632 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:04:20.0643 1632 WdiSystemHost - ok
19:04:20.0677 1632 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:04:20.0683 1632 WebClient - ok
19:04:20.0707 1632 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:04:20.0713 1632 Wecsvc - ok
19:04:20.0738 1632 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:04:20.0742 1632 wercplsupport - ok
19:04:20.0756 1632 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:04:20.0760 1632 WerSvc - ok
19:04:20.0776 1632 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:04:20.0777 1632 WfpLwf - ok
19:04:20.0809 1632 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:04:20.0810 1632 WIMMount - ok
19:04:20.0871 1632 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:04:20.0877 1632 WinDefend - ok
19:04:20.0900 1632 WinHttpAutoProxySvc - ok
19:04:20.0947 1632 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:04:20.0949 1632 Winmgmt - ok
19:04:21.0001 1632 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:04:21.0015 1632 WinRM - ok
19:04:21.0073 1632 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:04:21.0084 1632 Wlansvc - ok
19:04:21.0155 1632 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:04:21.0169 1632 wlidsvc - ok
19:04:21.0199 1632 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:04:21.0200 1632 WmiAcpi - ok
19:04:21.0245 1632 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:04:21.0247 1632 wmiApSrv - ok
19:04:21.0320 1632 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:04:21.0335 1632 WMPNetworkSvc - ok
19:04:21.0367 1632 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:04:21.0371 1632 WPCSvc - ok
19:04:21.0413 1632 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:04:21.0417 1632 WPDBusEnum - ok
19:04:21.0450 1632 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:04:21.0451 1632 ws2ifsl - ok
19:04:21.0475 1632 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:04:21.0480 1632 wscsvc - ok
19:04:21.0489 1632 WSearch - ok
19:04:21.0562 1632 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:04:21.0580 1632 wuauserv - ok
19:04:21.0612 1632 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:04:21.0613 1632 WudfPf - ok
19:04:21.0650 1632 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:04:21.0652 1632 WUDFRd - ok
19:04:21.0686 1632 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:04:21.0691 1632 wudfsvc - ok
19:04:21.0732 1632 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:04:21.0737 1632 WwanSvc - ok
19:04:21.0777 1632 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:04:21.0779 1632 ZTEusbmdm6k - ok
19:04:21.0790 1632 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:04:21.0792 1632 ZTEusbnmea - ok
19:04:21.0811 1632 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:04:21.0813 1632 ZTEusbser6k - ok
19:04:21.0897 1632 ================ Scan global ===============================
19:04:21.0936 1632 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:04:21.0955 1632 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:04:21.0964 1632 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:04:21.0991 1632 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:04:22.0031 1632 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:04:22.0036 1632 [Global] - ok
19:04:22.0037 1632 ================ Scan MBR ==================================
19:04:22.0049 1632 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:04:22.0165 1632 \Device\Harddisk0\DR0 - ok
19:04:22.0191 1632 [ C183B4EA4C945B6FDB6E480E204B6091 ] \Device\Harddisk2\DR2
19:04:26.0557 1632 \Device\Harddisk2\DR2 - ok
19:04:26.0558 1632 ================ Scan VBR ==================================
19:04:26.0562 1632 [ C57276C24E1CE85CC3837D0ED8FF1AA3 ] \Device\Harddisk0\DR0\Partition1
19:04:26.0564 1632 \Device\Harddisk0\DR0\Partition1 - ok
19:04:26.0602 1632 [ 89EAD6AB3A2EA7346917B782B807D05D ] \Device\Harddisk0\DR0\Partition2
19:04:26.0604 1632 \Device\Harddisk0\DR0\Partition2 - ok
19:04:26.0623 1632 [ 09FD81F4B5DD33BBB0800254BEDA3906 ] \Device\Harddisk0\DR0\Partition3
19:04:26.0626 1632 \Device\Harddisk0\DR0\Partition3 - ok
19:04:26.0626 1632 ================================================== ==========
19:04:26.0626 1632 Scan finished
19:04:26.0626 1632 ================================================== ==========
19:04:26.0641 4004 Detected object count: 1
19:04:26.0641 4004 Actual detected object count: 1
19:04:57.0540 4004 WatAdminSvc ( LockedFile.Multi.Generic ) - skipped by user
19:04:57.0540 4004 WatAdminSvc ( LockedFile.Multi.Generic ) - User select action: Skip
19:06:35.0062 3512 Deinitialize success

Last edited by protector; May 23rd, 2013 at 12:17 PM.
Reply With Quote
  #11  
Old May 23rd, 2013, 03:22 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
don't see anything related in the OTL logs, that's why we have to do some other scans.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit

Save this to the desktop and run it, click the Scan button and post back with both logfiles.
Reply With Quote
  #12  
Old May 23rd, 2013, 10:20 PM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
here you go sir...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-05-2013
Ran by nicholle (administrator) on 24-05-2013 05:17:57
Running from C:\Users\nicholle\Desktop
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
() C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Vimicro) C:\Program Files\USB Camera\VM331_STI.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(CyberLink) C:\Program Files\Lenovo\YouCam\YCMMirage.exe
() C:\Program Files\SmartBRO\USB Modem.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(The OpenVPN Project) C:\Users\nicholle\AppData\Local\Temp\MMBPlayer\ope nvpn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\nicholle\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8969264 2012-04-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\Utility.exe [5674912 2011-04-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2229544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1210640 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe [329056 2012-07-14] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [477600 2013-01-24] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [5078504 2013-03-21] (ESET)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] "C:\Users\nicholle\AppData\Roaming\uTorrent\uTorre nt.exe" /MINIMIZED [802136 2013-05-22] (BitTorrent Inc.)
HKCU\...\Winlogon: [Shell] expstart.exe
MountPoints2: {28c1fe68-9ea9-11e2-9de1-dc0ea1f0afaa} - F:\AutoRun.exe
MountPoints2: {329dba79-99ee-11e2-9d29-dc0ea1f0afaa} - F:\AutoRun.exe
MountPoints2: {329dba87-99ee-11e2-9d29-dc0ea1f0afaa} - F:\AutoRun.exe
MountPoints2: {44f19872-9f9a-11e2-a29e-c01885f0ca64} - F:\AutoRun.exe
MountPoints2: {45c781a6-a0a9-11e2-bf19-001e101f1838} - F:\AutoRun.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-results.info/?pi...74&lg=EN&cc=PH
HKLM SearchScopes: DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {154d339e-ccaa-49a5-9b38-6878ad4220bc} URL = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/03/18&hid=792316374&lg=EN&cc=PH
SearchScopes: HKLM - {E119618A-0F31-48CA-B756-AD745B8F48D4} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=4d00c63c-565c-11e2-bf75-dc0ea1f0afaa&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId= 50CF666D57E7ABE5
SearchScopes: HKCU - {154d339e-ccaa-49a5-9b38-6878ad4220bc} URL = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true
SearchScopes: HKCU - {73F94418-3FC4-4E59-B816-7A6770EA7F47} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {91B8A9FC-169A-4157-A39C-EEC3C0A48BA7} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10269&src=kw&q={searchTerms}&locale=en_PH&a pn_ptnrs=^AH0&apn_dtid=^YYYYYY^YY^PH&apn_uid=31df5 540-b5cb-4ea1-8749-eace739f0b67&apn_sauid=2CBE0D3B-EA8D-42D1-99A6-258133F76658
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/03/18&hid=792316374&lg=EN&cc=PH
SearchScopes: HKCU - {E119618A-0F31-48CA-B756-AD745B8F48D4} URL = http://searchou.com/?affil=7&uid=4d00c63c-565c-11e2-bf75-dc0ea1f0afaa&q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
Tcpip\..\Interfaces\{0B2A7D6D-9BC2-43E7-9E15-61150A01231C}: [NameServer]10.198.220.124 202.126.40.5
Tcpip\..\Interfaces\{48056DE4-4AB9-4E99-AC13-E0A3D4C8D1C0}: [NameServer]10.198.220.124 202.126.40.5
Tcpip\..\Interfaces\{5F9CD73A-D626-47B9-8947-A4C2AC3A891C}: [NameServer]121.1.3.172 121.1.3.89
Tcpip\..\Interfaces\{6B3ADA04-D08C-4A12-9950-909E8220E55C}: [NameServer]10.198.220.124 202.126.40.5
Tcpip\..\Interfaces\{AC5A7909-C4FB-46F0-8E2A-FF23F7BC1360}: [NameServer]10.198.220.124 202.126.40.5

FireFox:
========
FF ProfilePath: C:\Users\nicholle\AppData\Roaming\Mozilla\Firefox\ Profiles\dkxp0ahe.default
FF Homepage: hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0 FtD0A0F0A0AyDyE0AyDtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBt FtCtFyEtDyB&cr=408994256
FF Homepage: hxxp://smart-homepage.blogspot.com
FF SearchEngine: Yahoo
FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_70 0_202.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112 .dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: No Name - C:\Users\nicholle\AppData\Roaming\Mozilla\Firefox\ Profiles\dkxp0ahe.default\Extensions\staged

Chrome:
=======
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:acceptedSuggestion}{google:originalQueryF orSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{goog le:sourceId}{google:instantExtendedEnabledParamete r}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\Peppe rFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoo gleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.d ll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeExManDetect) - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_30 0_262.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0
CHR Extension: (Freemake Video Downloader) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojd mmimdf\1.0.0_0
CHR Extension: (uTorrentControl_v6) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggah iomebp\10.16.2.509_0
CHR Extension: (Google Search) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomdd hccfgh\1.0.0_0
CHR Extension: (Browsoee2save) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcknfjajbdljlbpnemmaajcac ocjnle\1
CHR Extension: (Freemake Video Converter) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhin clbigj\1.0.0_0
CHR Extension: (Adventure Time - Finn, Jake and BMO) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmgldhndejkhjokapdbmclded ofhabl\1_0
CHR Extension: (Norton Identity Protection) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.3.2.10_0
CHR Extension: (Gmail) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0

========================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [656672 2010-12-14] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-11-10] (Flexera Software, Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe [101376 2013-02-07] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-07] (Ellora Assets Corp.)
S2 Globe Tattoo Broadband. RunOuc; C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe [218624 2013-03-31] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-01-05] ()
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2012-07-15] ()

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [24672 2011-08-17] (Lenovo Corporation)
S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [301608 2010-12-15] (Broadcom Corporation.)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSM\0206000.03D\ccSetx 86.sys [134304 2012-08-07] (Symantec Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-20] (ESET)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-10-25] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-08] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 qcusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [97408 2008-03-04] (Mobile Connector)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2010-09-30] (Realtek Semiconductor Corp.)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-02-28] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\system32\drivers\NSM\0206000.03D\SymRdr S.SYS [197280 2012-07-21] (Symantec Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2012-07-20] (The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
S3 TVICHW32; C:\Windows\System32\Drivers\TVicHW32.sys [23600 2013-02-10] (EnTech Taiwan)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [196352 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [5888 2010-08-16] (Vimicro Corporation)
S3 GarenaPEngine; \??\C:\Users\nicholle\AppData\Local\Temp\UVT7464.t mp [x]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]
S3 NPF; system32\drivers\NPF.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-24 05:17 - 2013-05-24 05:17 - 00000000 ____D C:\FRST
2013-05-24 05:16 - 2013-05-24 05:16 - 01318507 ____A (Farbar) C:\Users\nicholle\Desktop\FRST.exe
2013-05-24 00:08 - 2013-05-24 00:18 - 16351890 ____A C:\Users\nicholle\Downloads\Men's Room Mayhem v1.0 apkarchive.com.rar.crdownload
2013-05-23 23:53 - 2013-05-23 23:58 - 05966550 ____A C:\Users\nicholle\Downloads\Fixie Joe v1.1 apkarchive.com.rar.crdownload
2013-05-23 21:46 - 2013-05-23 21:54 - 00000000 ____D C:\Users\nicholle\Desktop\oath
2013-05-23 19:42 - 2013-05-23 19:47 - 05069602 ____A (Swearware) C:\Users\nicholle\Downloads\ComboFix.exe
2013-05-23 19:06 - 2013-05-23 19:06 - 00074104 ____A C:\Users\nicholle\Desktop\gsgs.txt
2013-05-23 19:00 - 2013-05-23 19:01 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\nicholle\Downloads\tdsskiller (1).exe
2013-05-23 09:31 - 2013-05-23 09:31 - 00065996 ____A C:\Users\nicholle\Desktop\Extras.Txt
2013-05-23 09:29 - 2013-05-23 09:42 - 00098706 ____A C:\Users\nicholle\Desktop\OTL.Txt
2013-05-23 08:49 - 2013-05-23 08:50 - 00602112 ____A (OldTimer Tools) C:\Users\nicholle\Desktop\OTL.exe
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\Malwarebytes
2013-05-22 17:31 - 2013-05-22 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-22 17:31 - 2013-05-22 17:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-22 17:31 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-22 17:13 - 2013-05-22 17:45 - 00000000 ____D C:\Users\nicholle\Downloads\malware
2013-05-22 13:36 - 2013-05-24 05:07 - 00001356 ____A C:\Windows\setupact.log
2013-05-22 13:36 - 2013-05-23 08:27 - 00007638 ____A C:\Windows\PFRO.log
2013-05-22 13:36 - 2013-05-22 13:36 - 00000000 ____A C:\Windows\setuperr.log
2013-05-22 13:33 - 2013-05-24 05:05 - 00438930 ____A C:\Windows\WindowsUpdate.log
2013-05-22 08:15 - 2013-05-22 08:15 - 00000000 ____D C:\Windows\System32\Hotspot Shield
2013-05-22 07:56 - 2013-05-22 07:57 - 00847890 ____A C:\Users\nicholle\Downloads\µTorrent 3.2 (build 27850) With Patch.rar
2013-05-22 03:59 - 2013-05-22 03:59 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\ESET
2013-05-22 03:59 - 2013-05-22 03:59 - 00000000 ____D C:\Users\nicholle\AppData\Local\ESET
2013-05-22 03:55 - 2013-05-22 03:55 - 00000000 ____D C:\ProgramData\ESET
2013-05-22 00:08 - 2013-05-22 00:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 00:01 - 2013-04-05 13:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-22 00:01 - 2013-04-05 13:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-22 00:01 - 2013-04-05 13:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-22 00:01 - 2013-04-05 13:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-22 00:01 - 2013-04-05 13:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-22 00:01 - 2013-04-05 12:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-22 00:01 - 2013-04-05 11:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-21 23:29 - 2013-05-22 16:52 - 00000000 ____D C:\Users\nicholle\Downloads\pambarag
2013-05-21 21:02 - 2013-02-27 13:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-21 21:02 - 2013-02-27 12:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-21 21:02 - 2013-02-27 12:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-21 21:02 - 2013-02-27 12:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-21 21:02 - 2013-02-27 12:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-21 21:01 - 2013-04-10 11:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-21 21:00 - 2013-03-19 12:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-21 21:00 - 2013-03-19 11:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-21 20:57 - 2013-04-10 13:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-21 20:57 - 2013-04-10 13:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-20 14:47 - 2013-05-24 05:02 - 00000000 ____D C:\Users\nicholle\Desktop\r
2013-05-15 13:59 - 2013-05-16 19:01 - 00000000 ____D C:\Users\nicholle\Desktop\PF
2013-05-12 22:08 - 2013-05-14 12:29 - 00000000 ____D C:\Users\nicholle\Desktop\house
2013-05-03 16:52 - 2013-05-22 12:01 - 00000000 ____D C:\Program Files\ESET
2013-05-03 16:07 - 2013-05-03 16:07 - 00000000 ____D C:\ProgramData\StarApp
2013-05-03 06:10 - 2013-05-03 10:04 - 376920000 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (2).rar
2013-05-03 05:55 - 2013-05-22 10:06 - 00000000 ____D C:\Users\nicholle\Downloads\a
2013-05-03 05:03 - 2013-05-03 06:07 - 211289850 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (2).rar.crdownload
2013-05-03 05:03 - 2013-05-03 05:43 - 80693550 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (1).rar
2013-05-02 07:35 - 2013-05-02 11:22 - 265620600 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com.rar
2013-04-26 20:29 - 2013-04-26 20:29 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\Epson
2013-04-26 20:19 - 2013-05-04 05:54 - 00000000 ____D C:\Program Files\epson
2013-04-26 20:18 - 2013-05-04 05:53 - 00000000 ____D C:\ProgramData\EPSON
2013-04-26 20:18 - 2011-04-19 02:03 - 00095232 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_TLBI2E.DLL
2013-04-26 20:18 - 2011-03-14 02:03 - 00081408 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_TD4BI2E.DLL
2013-04-26 20:18 - 2007-04-10 00:06 - 00008192 ____A (SEIKO EPSON CORP.) C:\Windows\System32\E_DCINST.DLL
2013-04-25 12:22 - 2013-04-25 12:22 - 00000000 ____D C:\Freemake
2013-04-24 18:36 - 2013-04-24 18:48 - 02343680 ____A C:\Users\nicholle\Downloads\OM7 Globe + patch + phone settings.zip
2013-04-24 17:15 - 2013-04-12 21:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders ========

2013-05-24 05:17 - 2013-05-24 05:17 - 00000000 ____D C:\FRST
2013-05-24 05:16 - 2013-05-24 05:16 - 01318507 ____A (Farbar) C:\Users\nicholle\Desktop\FRST.exe
2013-05-24 05:16 - 2012-07-14 15:47 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-24 05:14 - 2013-05-22 13:33 - 00438930 ____A C:\Windows\WindowsUpdate.log
2013-05-24 05:13 - 2013-03-21 06:35 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\uTorrent
2013-05-24 05:08 - 2013-03-06 06:50 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-24 05:08 - 2012-07-14 16:39 - 02037637 ____A C:\FaceProv.log
2013-05-24 05:08 - 2012-07-14 16:34 - 00000000 ____D C:\ProgramData\VeriFace
2013-05-24 05:07 - 2013-05-22 13:36 - 00001356 ____A C:\Windows\setupact.log
2013-05-24 05:07 - 2009-07-14 12:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-24 05:05 - 2009-07-14 12:34 - 00031952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-24 05:05 - 2009-07-14 12:34 - 00031952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-24 05:02 - 2013-05-20 14:47 - 00000000 ____D C:\Users\nicholle\Desktop\r
2013-05-24 05:01 - 2013-03-06 06:50 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-24 04:51 - 2012-07-14 17:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-24 02:00 - 2012-07-14 17:09 - 00000000 ___HD C:\Users\nicholle\AppData\Local\Adobe
2013-05-24 00:18 - 2013-05-24 00:08 - 16351890 ____A C:\Users\nicholle\Downloads\Men's Room Mayhem v1.0 apkarchive.com.rar.crdownload
2013-05-23 23:58 - 2013-05-23 23:53 - 05966550 ____A C:\Users\nicholle\Downloads\Fixie Joe v1.1 apkarchive.com.rar.crdownload
2013-05-23 21:54 - 2013-05-23 21:46 - 00000000 ____D C:\Users\nicholle\Desktop\oath
2013-05-23 19:47 - 2013-05-23 19:42 - 05069602 ____A (Swearware) C:\Users\nicholle\Downloads\ComboFix.exe
2013-05-23 19:06 - 2013-05-23 19:06 - 00074104 ____A C:\Users\nicholle\Desktop\gsgs.txt
2013-05-23 19:01 - 2013-05-23 19:00 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\nicholle\Downloads\tdsskiller (1).exe
2013-05-23 09:42 - 2013-05-23 09:29 - 00098706 ____A C:\Users\nicholle\Desktop\OTL.Txt
2013-05-23 09:31 - 2013-05-23 09:31 - 00065996 ____A C:\Users\nicholle\Desktop\Extras.Txt
2013-05-23 08:50 - 2013-05-23 08:49 - 00602112 ____A (OldTimer Tools) C:\Users\nicholle\Desktop\OTL.exe
2013-05-23 08:32 - 2013-02-02 13:26 - 00109976 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-05-23 08:27 - 2013-05-22 13:36 - 00007638 ____A C:\Windows\PFRO.log
2013-05-23 08:27 - 2012-07-14 17:47 - 00000000 ____D C:\Windows\PCHEALTH
2013-05-23 08:10 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Help
2013-05-22 17:45 - 2013-05-22 17:13 - 00000000 ____D C:\Users\nicholle\Downloads\malware
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\Malwarebytes
2013-05-22 17:31 - 2013-05-22 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-22 17:31 - 2013-05-22 17:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-22 17:22 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-22 16:52 - 2013-05-21 23:29 - 00000000 ____D C:\Users\nicholle\Downloads\pambarag
2013-05-22 16:24 - 2009-07-14 12:53 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-22 13:36 - 2013-05-22 13:36 - 00000000 ____A C:\Windows\setuperr.log
2013-05-22 13:35 - 2012-07-14 15:28 - 00000000 ____D C:\users\nicholle
2013-05-22 13:33 - 2013-03-09 04:55 - 57540608 ____A C:\Windows\System32\config\SOFTWARE.blues
2013-05-22 13:33 - 2013-03-09 04:55 - 24657920 ____A C:\Windows\System32\config\SYSTEM.blues
2013-05-22 13:33 - 2013-03-09 04:55 - 00274432 ____A C:\Windows\System32\config\DEFAULT.blues
2013-05-22 13:33 - 2013-03-09 04:55 - 00098304 ____A C:\Windows\System32\config\SAM.blues
2013-05-22 13:33 - 2013-03-09 04:55 - 00032768 ____A C:\Windows\System32\config\SECURITY.blues
2013-05-22 12:01 - 2013-05-03 16:52 - 00000000 ____D C:\Program Files\ESET
2013-05-22 10:06 - 2013-05-03 05:55 - 00000000 ____D C:\Users\nicholle\Downloads\a
2013-05-22 09:26 - 2013-01-04 22:07 - 00000000 ____D C:\Users\nicholle\Documents\Youcam
2013-05-22 08:23 - 2013-01-04 21:27 - 00000000 ____D C:\Users\nicholle\Desktop\Key's
2013-05-22 08:15 - 2013-05-22 08:15 - 00000000 ____D C:\Windows\System32\Hotspot Shield
2013-05-22 08:15 - 2013-03-23 13:09 - 00000000 ____D C:\Windows\pss
2013-05-22 08:03 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-22 07:57 - 2013-05-22 07:56 - 00847890 ____A C:\Users\nicholle\Downloads\µTorrent 3.2 (build 27850) With Patch.rar
2013-05-22 07:56 - 2012-07-14 17:09 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-22 07:56 - 2012-07-14 17:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-22 03:59 - 2013-05-22 03:59 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\ESET
2013-05-22 03:59 - 2013-05-22 03:59 - 00000000 ____D C:\Users\nicholle\AppData\Local\ESET
2013-05-22 03:55 - 2013-05-22 03:55 - 00000000 ____D C:\ProgramData\ESET
2013-05-22 03:18 - 2013-02-17 12:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-22 00:08 - 2013-05-22 00:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 00:01 - 2012-07-14 17:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-21 23:58 - 2012-12-23 22:47 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-21 21:41 - 2009-07-14 12:33 - 03812240 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-20 19:53 - 2013-01-18 16:50 - 00000000 ___HD C:\Users\nicholle\AppData\Roaming\vlc
2013-05-16 19:01 - 2013-05-15 13:59 - 00000000 ____D C:\Users\nicholle\Desktop\PF
2013-05-14 12:29 - 2013-05-12 22:08 - 00000000 ____D C:\Users\nicholle\Desktop\house
2013-05-13 20:57 - 2012-07-15 14:36 - 00000000 ___HD C:\Users\nicholle\AppData\Roaming\dvdcss
2013-05-04 05:54 - 2013-04-26 20:19 - 00000000 ____D C:\Program Files\epson
2013-05-04 05:54 - 2012-07-14 16:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-05-04 05:53 - 2013-04-26 20:18 - 00000000 ____D C:\ProgramData\EPSON
2013-05-03 16:07 - 2013-05-03 16:07 - 00000000 ____D C:\ProgramData\StarApp
2013-05-03 16:07 - 2013-03-12 03:42 - 00000000 ____D C:\ProgramData\InstallMate
2013-05-03 10:04 - 2013-05-03 06:10 - 376920000 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (2).rar
2013-05-03 06:07 - 2013-05-03 05:03 - 211289850 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (2).rar.crdownload
2013-05-03 05:43 - 2013-05-03 05:03 - 80693550 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (1).rar
2013-05-02 11:22 - 2013-05-02 07:35 - 265620600 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com.rar
2013-05-02 02:06 - 2012-07-14 17:06 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-29 13:46 - 2013-03-19 03:37 - 00000000 ____D C:\Windows\System32\%LocalAppData%
2013-04-26 20:29 - 2013-04-26 20:29 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\Epson
2013-04-26 20:19 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\twain_32
2013-04-26 20:13 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-04-26 20:12 - 2013-03-25 08:58 - 00000000 ____D C:\Users\nicholle\Documents\Fax
2013-04-25 12:22 - 2013-04-25 12:22 - 00000000 ____D C:\Freemake
2013-04-24 18:48 - 2013-04-24 18:36 - 02343680 ____A C:\Users\nicholle\Downloads\OM7 Globe + patch + phone settings.zip

Other Malware:
===========
C:\ProgramData\ntuser.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-20 16:28

==================== End Of Log ============================
Reply With Quote
  #13  
Old May 23rd, 2013, 10:21 PM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-05-2013
Ran by nicholle at 2013-05-24 05:19:21 Run:
Running from C:\Users\nicholle\Desktop
Boot Mode: Normal
================================================== ========


==================== Installed Programs =======================

µTorrent (Version: 3.2.0)
Adobe AIR (Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Apple Software Update (Version: 2.1.3.127)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.39)
BurnAware Free 6.1
Conexant HD Audio (Version: 8.54.4.51)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD-Cloner V10.20 Build 1204 (Version: 10.20.0.1204)
ELECTRA 2.4
Energy Management (Version: 6.0.3.0)
ESET Antivirus License Finder (MiNODLogin) (Version: 4.0.1.63)
ESET Smart Security (Version: 6.0.316.0)
ESET Virtual Update Server (MiNODServer) (Version: 1.4.0.1)
Freemake Video Converter version 3.2.1 (Version: 3.2.1)
Freemake Video Downloader (Version: 3.5.0)
Garena Plus (Version: 2011)
Globe Tattoo Broadband (Version: 21.005.11.00.158)
Google Books Downloader version 2.1 (Version: 2.1)
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.145)
Intel(R) Management Engine Components (Version: 7.0.0.1118)
Intel(R) Processor Graphics (Version: 9.17.10.2932)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel(R) Rapid Storage Technology (Version: 10.1.5.1001)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
JetClean (Version: 1.4.0)
Junk Mail filter update (Version: 16.4.3505.0912)
K-Lite Codec Pack 8.9.5 (Full) (Version: 8.9.5)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400)
Lenovo EasyCamera (Version: 13.10.1201.1)
Lenovo YouCam (Version: 3.1.3603)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Notepad++ (Version: 5.9.8)
PDF Settings CS6 (Version: 11.0)
Photo Gallery (Version: 16.4.3505.0912)
Photo to Cartoon (Version: 1.0.0)
Proteus 7 Professional (Version: 7.01.0200)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10003)
Revo Uninstaller Pro 3.0.1 (Version: 3.0.1)
SmartBRO version 4.810
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.0.0)
TAP-Windows 9.9.2 (Version: 9.9.2)
Target 3001! V14 discover (Version: )
Texas Holdem Poker 3D Deluxe Edition v1 0 DeLEGiON
Ulisess Seguridad 10.3.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
uTorrent Turbo Accelerator (Version: 2.7.0.0)
Vampires vs Zombies version 1.0.0.1 (Version: 1.0.0.1)
VeriFace (Version: 4.0.0.1206)
Virtual DJ - Atomix Productions
VLC media player 2.0.5 (Version: 2.0.5)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Yahoo! Messenger

==================== Restore Points =========================

24-04-2013 09:16:53 Windows Update
24-04-2013 20:49:43 Windows Update
26-04-2013 12:20:22 Installed Epson Event Manager
01-05-2013 09:45:43 Windows Update
03-05-2013 08:51:46 Yüklü ESET Smart Security
03-05-2013 08:58:51 Kaldirildi ESET Smart Security
03-05-2013 21:38:33 Revo Uninstaller Pro's restore point - EPSON L210 Series Printer Uninstall
03-05-2013 21:43:50 Revo Uninstaller Pro's restore point - EPSON Scan
03-05-2013 21:53:31 Removed Epson Event Manager
14-05-2013 13:50:09 Scheduled Checkpoint
21-05-2013 13:34:32 Windows Update
21-05-2013 15:34:45 Windows Update
21-05-2013 15:58:11 Windows Update
21-05-2013 19:33:11 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
21-05-2013 19:54:39 Installed ESET Smart Security
22-05-2013 00:02:05 Device Driver Package Install: Anchorfree Inc Network Service
22-05-2013 00:03:00 Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters

==================== Faulty Device Manager Devices =============

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2013 05:17:17 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (05/24/2013 05:17:17 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (05/24/2013 05:12:49 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (05/24/2013 05:12:49 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (05/24/2013 05:08:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (05/24/2013 05:08:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (05/24/2013 05:08:21 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (05/24/2013 05:07:58 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (05/24/2013 05:07:59 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (05/24/2013 05:04:27 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.


System errors:
=============
Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (05/24/2013 05:17:17 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (05/24/2013 05:17:17 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (05/24/2013 05:12:49 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (05/24/2013 05:12:49 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (05/24/2013 05:08:41 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (05/24/2013 05:08:41 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (05/24/2013 05:08:21 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (05/24/2013 05:07:58 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (05/24/2013 05:07:59 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (05/24/2013 05:04:27 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.


CodeIntegrity Errors:
===================================
Date: 2013-05-22 18:32:43.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-05-22 18:32:43.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-05-22 18:32:43.833
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-02-01 22:15:08.158
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-02-01 22:15:08.155
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-02-01 22:15:08.152
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-02-01 22:15:08.142
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-02-01 22:15:08.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-02-01 22:15:08.137
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-02-01 22:15:08.094
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1985.86 MB
Available physical RAM: 786.14 MB
Total Pagefile: 3971.72 MB
Available Pagefile: 2380.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:235.84 GB) (Free:178.26 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:228.74 GB) (Free:98.93 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=236 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=229 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
Reply With Quote
  #14  
Old May 24th, 2013, 11:37 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hi,

I see some adware and other stuff, but nothing that explains your problems. Before we go deeper:

Quote:
My computer automatically created a new user account on my name
How many user accounts do you see at login? which names?

Please press windows-key+E, windows explorer will open. Navigate to c:\users, so you will see the content of that folder and all sub folders on the right side. Please post a screenshot from the explorer.
Reply With Quote
  #15  
Old May 24th, 2013, 03:06 PM
protector protector is offline
New Member
 
Join Date: May 2013
O/S: Windows 7 32-bit
Posts: 16
there are two user accounts - MJ and mjoe.. "mjoe" is my original account. MJ is the account automatically created by the computer.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
User account problems frankrod79 Windows 7 1 October 5th, 2010 06:21 AM
user account problems boyinshirt Windows XP 2 December 9th, 2007 08:18 PM
Desktop and User Account problems JohnFr Malware Removal 11 June 12th, 2006 01:16 AM
User Account setup problems eeyore1138 Windows XP 10 April 21st, 2006 11:35 PM
XP user account problems jdublu Windows XP 1 December 22nd, 2003 01:37 AM


All times are GMT +1. The time now is 10:19 AM.