|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
User account problems
Hi. My computer automatically created a new user account on my name. i tried to delete it but it comes back after shutdown or restart. Is it any virus or windows defect. Please help me....
Thanks Last edited by protector; May 22nd, 2013 at 06:08 AM. |
#2
|
||||
|
||||
Hello, protector
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
No need to bump your thread in the reminder topic, this one is there to get used after 2 days with no reply.
|
#3
|
|||
|
|||
sir Tom, thank you for your response.
i used Jetclean several times to clean my computer including the registry. i also scanned my files using Malwarebytes thinking that it can solve the user account problem. it detected malwares in the registry.. do you consider it modifying the registry?? and deleting files?? |
#4
|
|||
|
|||
sir here are the results in OTL.txt....
OTL logfile created on: 5/23/2013 9:15:40 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nicholle\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.08% Memory free 3.88 Gb Paging File | 2.05 Gb Available in Paging File | 52.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 235.84 Gb Total Space | 179.05 Gb Free Space | 75.92% Space Free | Partition Type: NTFS Drive D: | 228.74 Gb Total Space | 98.93 Gb Free Space | 43.25% Space Free | Partition Type: NTFS Computer Name: MJ-PC | User Name: nicholle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/23 08:50:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nicholle\Desktop\OTL.exe PRC - [2013/05/23 08:42:08 | 000,673,504 | ---- | M] (The OpenVPN Project) -- C:\Users\nicholle\AppData\Local\Temp\MMBPlayer\ope nvpn.exe PRC - [2013/05/22 08:00:43 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Users\nicholle\AppData\Roaming\uTorrent\uTorren t.exe PRC - [2013/04/09 16:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/03/31 18:43:11 | 000,218,624 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2013/03/21 15:19:40 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2013/02/07 18:08:46 | 000,101,376 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe PRC - [2013/02/07 18:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe PRC - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/30 10:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/07/14 16:34:25 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe PRC - [2012/04/17 19:21:52 | 008,969,264 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2011/04/27 15:45:54 | 005,674,912 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe PRC - [2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/02/18 08:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011/01/05 13:22:50 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2011/01/05 13:22:12 | 001,210,640 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe PRC - [2011/01/05 13:09:24 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010/12/14 17:14:12 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe PRC - [2010/12/14 17:14:12 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe PRC - [2010/12/05 01:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\Lenovo\YouCam\YCMMirage.exe PRC - [2010/11/20 20:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2010/11/20 20:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2010/11/16 21:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe PRC - [2010/11/16 21:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010/10/06 12:08:48 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/10/06 12:08:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/01/15 19:38:46 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera\VM331_STI.EXE PRC - [2008/07/07 13:00:26 | 003,624,960 | ---- | M] () -- C:\Program Files\SmartBRO\USB Modem.exe ========== Modules (No Company Name) ========== MOD - [2013/05/23 08:42:08 | 000,159,344 | ---- | M] () -- C:\Users\nicholle\AppData\Local\Temp\MMBPlayer\lib lzo2-2.dll MOD - [2013/05/23 08:42:08 | 000,105,072 | ---- | M] () -- C:\Users\nicholle\AppData\Local\Temp\MMBPlayer\lib pkcs11-helper-1.dll MOD - [2013/05/21 21:43:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\30e3a21202000677d0a9270572251477 \System.Windows.Forms.ni.dll MOD - [2013/05/21 21:42:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\716959df79685a1eae0fc14275a32b0f\WindowsB ase.ni.dll MOD - [2013/05/21 21:42:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\764f15e86c82662e977bd418bd6318c1 \System.Configuration.ni.dll MOD - [2013/04/09 16:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgoo glenaclpluginchrome.dll MOD - [2013/04/09 16:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\Peppe rFlash\pepflashplayer.dll MOD - [2013/04/09 16:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.d ll MOD - [2013/04/09 16:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libgl esv2.dll MOD - [2013/04/09 16:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libeg l.dll MOD - [2013/04/09 16:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpe gsumo.dll MOD - [2013/02/20 07:00:17 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torCommon\8c4058d017d39a61458f635112f4e394\IAStorC ommon.ni.dll MOD - [2013/02/20 07:00:16 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torUtil\7b0ad24d45e2a3f5f54f5f71748d8545\IAStorUti l.ni.dll MOD - [2013/02/20 06:18:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83 \System.Runtime.Remoting.ni.dll MOD - [2013/02/20 06:17:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\eead6629e384a5b69f9ae35284b7eeed\Syste m.Drawing.ni.dll MOD - [2013/02/20 06:17:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\f687c43e9fdec031988b33ae722c4613\System.Xm l.ni.dll MOD - [2013/02/20 06:17:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/02/20 06:16:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni .dll MOD - [2013/01/10 07:57:23 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni .dll MOD - [2012/07/14 16:34:25 | 001,410,400 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll MOD - [2012/07/14 16:34:25 | 000,513,376 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll MOD - [2012/07/14 16:34:24 | 000,013,664 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\ChooseLang.dll MOD - [2011/07/19 05:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll MOD - [2011/03/30 16:11:30 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/12/14 17:14:22 | 000,132,384 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009/07/14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll MOD - [2008/07/07 13:00:26 | 003,624,960 | ---- | M] () -- C:\Program Files\SmartBRO\USB Modem.exe ========== Services (SafeList) ========== SRV - [2013/05/22 07:56:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/22 00:08:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/03/31 18:43:11 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc) SRV - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2013/02/07 18:08:46 | 000,101,376 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe -- (Freemake Improver) SRV - [2013/02/07 18:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 02:02:14 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/11/10 10:21:23 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/07/15 18:30:01 | 001,343,400 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/01/05 13:22:50 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011/01/05 13:11:14 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011/01/05 13:09:24 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010/12/14 17:14:12 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010/11/16 21:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2010/10/06 12:08:48 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/10/06 12:08:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\NPF.sys -- (NPF) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\nicholle\AppData\Local\Temp\UVT7464.tmp -- (GarenaPEngine) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/03/31 18:43:14 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2013/03/31 18:43:14 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2013/03/31 18:43:14 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2013/03/31 18:43:14 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2013/02/28 05:57:27 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6) DRV - [2013/02/20 11:07:38 | 000,171,680 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2013/02/20 11:07:38 | 000,047,568 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2013/01/10 15:08:16 | 000,150,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2013/01/10 15:08:14 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2013/01/10 15:08:14 | 000,046,056 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF) DRV - [2012/10/25 17:23:06 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/10/25 17:23:06 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012/10/25 17:23:06 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 22:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012/08/07 10:24:46 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSM\0206000.03D\ccSetx 86.sys -- (ccSet_NSM) DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012/07/21 14:53:40 | 000,197,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NSM\0206000.03D\symrdr s.sys -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2012/06/08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2011/08/17 19:50:34 | 000,024,672 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2011/03/30 16:11:38 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2011/03/10 17:02:00 | 001,282,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2011/01/25 11:47:44 | 000,068,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/12/05 01:39:44 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd) DRV - [2010/11/24 11:30:40 | 002,128,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/10/21 18:05:44 | 000,196,352 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs) DRV - [2010/10/19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2010/10/18 16:20:02 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010/10/18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010/10/18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010/10/18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010/09/30 16:44:32 | 000,218,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV - [2010/08/16 17:28:50 | 000,005,888 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmuvcflt.sys -- (vmuvcflt) DRV - [2010/01/15 18:08:42 | 000,032,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LhdX86.sys -- (LHDmgr) DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008/03/04 16:40:04 | 000,097,408 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmusbser.sys -- (qcusbser) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-results.info/?pi...74&lg=EN&cc=PH IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true IE - HKLM\..\SearchScopes\{959DD957-6EA9-469F-A35E-A1BF9B55BDBA}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/03/18&hid=792316374&lg=EN&cc=PH IE - HKLM\..\SearchScopes\{E119618A-0F31-48CA-B756-AD745B8F48D4}: "URL" = ${SEARCH_URL}{searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 16 24 EF 33 56 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true IE - HKCU\..\SearchScopes,DefaultScope = {69CD0C8C-9B21-471E-93FF-D64BC17C913A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=4d00c63c-565c-11e2-bf75-dc0ea1f0afaa&q={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId= 50CF666D57E7ABE5 IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true IE - HKCU\..\SearchScopes\{69CD0C8C-9B21-471E-93FF-D64BC17C913A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=127 IE - HKCU\..\SearchScopes\{73F94418-3FC4-4E59-B816-7A6770EA7F47}: "URL" = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{91B8A9FC-169A-4157-A39C-EEC3C0A48BA7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10269&src=kw&q={searchTerms}&locale=en_PH&a pn_ptnrs=^AH0&apn_dtid=^YYYYYY^YY^PH&apn_uid=31df5 540-b5cb-4ea1-8749-eace739f0b67&apn_sauid=2CBE0D3B-EA8D-42D1-99A6-258133F76658 IE - HKCU\..\SearchScopes\{959DD957-6EA9-469F-A35E-A1BF9B55BDBA}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/03/18&hid=792316374&lg=EN&cc=PH IE - HKCU\..\SearchScopes\{E119618A-0F31-48CA-B756-AD745B8F48D4}: "URL" = http://searchou.com/?affil=7&uid=4d00c63c-565c-11e2-bf75-dc0ea1f0afaa&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_70 0_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112 .dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmai l.com\ [2013/02/10 15:07:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\ytfmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gm ail.com\ [2013/02/10 15:07:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/01/17 01:14:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.61\coFFFw\ [2013/03/21 20:33:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/05/22 03:56:00 | 000,000,000 | ---D | M] [2013/05/22 08:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/05/22 00:08:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013/05/22 00:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/05/22 00:08:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/03/16 05:02:49 | 000,000,000 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2013/03/21 06:42:53 | 000,006,468 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:acceptedSuggestion}{google:originalQueryF orSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{goog le:sourceId}{google:instantExtendedEnabledParamete r}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}sugkey={google:suggestAPIKeyParam eter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\Peppe rFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoo gleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.d ll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_30 0_262.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Docs = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0\ CHR - Extension: Google Drive = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\ CHR - Extension: YouTube = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\ CHR - Extension: Freemake Video Downloader = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojd mmimdf\1.0.0_0\ CHR - Extension: uTorrentControl_v6 = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggah iomebp\10.15.0.562_0\ CHR - Extension: Google Search = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\ CHR - Extension: Freemake Youtube Download Button = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomdd hccfgh\1.0.0_0\ CHR - Extension: Browsoee2save = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcknfjajbdljlbpnemmaajcac ocjnle\1\ CHR - Extension: Freemake Video Converter = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhin clbigj\1.0.0_0\ CHR - Extension: Adventure Time - Finn, Jake and BMO = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmgldhndejkhjokapdbmclded ofhabl\1_0\ CHR - Extension: Norton Identity Protection = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.3.2.10_0\ CHR - Extension: Gmail = \Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\ O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e (Adobe Systems Incorporated) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [uTorrent] C:\Users\nicholle\AppData\Roaming\uTorrent\uTorren t.exe (BitTorrent Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{0B2A7D6D-9BC2-43E7-9E15-61150A01231C}: NameServer = 10.198.220.124 202.126.40.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{48056DE4-4AB9-4E99-AC13-E0A3D4C8D1C0}: NameServer = 10.198.220.124 202.126.40.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{5F9CD73A-D626-47B9-8947-A4C2AC3A891C}: NameServer = 121.1.3.74 121.1.3.89 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{6B3ADA04-D08C-4A12-9950-909E8220E55C}: NameServer = 10.198.220.124 202.126.40.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{AC5A7909-C4FB-46F0-8E2A-FF23F7BC1360}: NameServer = 10.198.220.124 202.126.40.5 O18 - Protocol\Handler\wlpg - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/11/10 10:03:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{28c1fe68-9ea9-11e2-9de1-dc0ea1f0afaa}\Shell - "" = AutoRun O33 - MountPoints2\{28c1fe68-9ea9-11e2-9de1-dc0ea1f0afaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{329dba79-99ee-11e2-9d29-dc0ea1f0afaa}\Shell - "" = AutoRun O33 - MountPoints2\{329dba79-99ee-11e2-9d29-dc0ea1f0afaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{329dba87-99ee-11e2-9d29-dc0ea1f0afaa}\Shell - "" = AutoRun O33 - MountPoints2\{329dba87-99ee-11e2-9d29-dc0ea1f0afaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{44f19872-9f9a-11e2-a29e-c01885f0ca64}\Shell - "" = AutoRun O33 - MountPoints2\{44f19872-9f9a-11e2-a29e-c01885f0ca64}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{45c781a6-a0a9-11e2-bf19-001e101f1838}\Shell - "" = AutoRun O33 - MountPoints2\{45c781a6-a0a9-11e2-bf19-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/22 17:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/22 17:31:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/05/22 17:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/05/22 08:15:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Hotspot Shield [2013/05/22 07:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulisess Seguridad [2013/05/22 03:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2013/05/22 03:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2013/05/22 03:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows [2013/05/22 00:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/05/03 16:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/05/03 16:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013/04/26 20:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\epson [2013/04/26 20:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2013/04/25 12:22:11 | 000,000,000 | ---D | C] -- C:\Freemake [2013/04/25 12:22:11 | 000,000,000 | ---D | C] -- \Freemake ========== Files - Modified Within 30 Days ========== [2013/05/23 09:01:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/23 08:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/23 08:40:44 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/23 08:40:44 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/23 08:37:28 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/23 08:37:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/23 08:37:13 | 1561,743,360 | -HS- | M] () -- C:\hiberfil.sys [2013/05/23 08:35:03 | 000,031,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/23 08:35:03 | 000,031,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/21 21:41:42 | 003,812,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/03/19 04:15:23 | 000,000,256 | ---- | C] () -- \WirelessDiagLog.csv [2013/03/18 11:15:25 | 000,000,058 | ---- | C] () -- C:\Windows\System32\msadio.dll [2013/03/03 14:37:15 | 000,000,884 | RHS- | C] () -- C:\Users\nicholle\ntuser.pol [2013/03/01 21:14:06 | 000,002,504 | ---- | C] () -- \{A0D73995-E70C-4665-9832-F96A7174811D} [2013/03/01 21:09:36 | 000,002,648 | ---- | C] () -- \{E7AEEAA8-0F87-4072-A978-CD1120991FB8} [2013/03/01 21:08:19 | 000,002,392 | ---- | C] () -- \{F4E59074-3B3A-47C3-983F-F9E5D71B6233} [2013/03/01 21:05:07 | 000,002,744 | ---- | C] () -- \{C58E8D48-317F-4619-884E-0A31862AF13B} [2013/03/01 21:00:03 | 000,002,720 | ---- | C] () -- \{1DDE181D-A6A9-4BE3-8CA7-3CDEF85FEAD9} [2013/02/15 05:26:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2013/02/15 05:26:00 | 000,000,000 | RHS- | C] () -- \IO.SYS [2013/02/05 03:09:57 | 000,203,464 | RHS- | C] () -- \grldr [2013/02/05 03:09:57 | 000,000,014 | RHS- | C] () -- \win7.ld [2013/02/05 00:36:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2013/02/05 00:35:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2013/01/18 13:04:40 | 000,000,000 | ---- | C] () -- C:\Users\nicholle\cscript [2013/01/10 11:10:33 | 000,916,480 | ---- | C] () -- C:\Windows\expstart.exe [2012/12/14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin [2012/12/14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012/12/14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012/12/14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012/12/14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin [2012/11/18 19:48:55 | 000,053,410 | ---- | C] () -- \Grumpy3DRPG-20121118194553353.dmp [2012/11/10 10:22:15 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc [2012/08/16 03:34:51 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini [2012/07/15 06:21:56 | 1561,743,360 | -HS- | C] () -- \hiberfil.sys [2012/07/14 17:15:40 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012/07/14 16:34:37 | 001,410,400 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll [2012/07/14 16:34:37 | 000,660,832 | ---- | C] () -- C:\Windows\System32\EncIcons.dll [2012/07/14 16:34:37 | 000,513,376 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll [2012/07/14 16:34:33 | 002,086,240 | ---- | C] () -- C:\Windows\System32\LenovoVeriface.Interface.dll [2012/07/14 16:34:33 | 001,500,512 | ---- | C] () -- C:\Windows\System32\Apblend.dll [2012/07/14 16:34:33 | 001,171,456 | ---- | C] () -- C:\Windows\System32\PicNotify.dll [2012/07/14 16:34:33 | 000,466,944 | ---- | C] () -- C:\Windows\System32\Lenovo.VerifaceStub.dll [2012/07/14 16:34:04 | 001,044,480 | ---- | C] () -- C:\Windows\System32\3DImageRenderer.dll [2012/07/14 16:17:11 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2012/07/14 16:15:21 | 000,001,652 | ---- | C] () -- C:\Windows\vm331Rmv.ini [2012/07/14 16:15:21 | 000,001,652 | ---- | C] () -- C:\Windows\System32\vm331Rmv.ini [2012/07/14 16:09:53 | 000,000,003 | ---- | C] () -- \7Loader.TAG [2009/07/14 10:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009/07/14 10:04:04 | 000,000,010 | ---- | C] () -- \config.sys ========== ZeroAccess Check ========== [2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== < End of report > |
#5
|
|||
|
|||
Extras.txt
OTL Extras logfile created on: 5/23/2013 9:15:40 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nicholle\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.08% Memory free 3.88 Gb Paging File | 2.05 Gb Available in Paging File | 52.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 235.84 Gb Total Space | 179.05 Gb Free Space | 75.92% Space Free | Partition Type: NTFS Drive D: | 228.74 Gb Total Space | 98.93 Gb Free Space | 43.25% Space Free | Partition Type: NTFS Computer Name: MJ-PC | User Name: nicholle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{01EE22D4-96F8-4A22-94BD-5AAED71E847A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{022BE9B0-9480-4059-8E6E-D2B2ECB05CB1}" = lport=2869 | protocol=6 | dir=in | app=system | "{04C4930B-F8C6-427E-9C68-A3CB4A73605A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{06A90E14-BC20-421F-9F3A-87D638142436}" = rport=10243 | protocol=6 | dir=out | app=system | "{0A79FE75-36B2-4286-961B-310982D2CF1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{0B396C9E-C422-48B7-B734-F075865ACA6F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1161D720-58EB-432E-93D1-F617E783834D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1301903B-A05C-4E1E-87A2-4840F2374C4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2DBD4D30-0EE2-41F1-AFE5-A0D09B2944DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F6DDFB4-904A-42B9-823B-3F4DA4DA5067}" = rport=138 | protocol=17 | dir=out | app=system | "{35DF4B34-F025-4702-B3EB-52199D1C79A8}" = lport=445 | protocol=6 | dir=in | app=system | "{367CF5FA-C363-4DED-8532-238B208C33E3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{4031808D-55FE-457E-AA7B-0AC70CFEE78F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{511E7B54-2D3A-494C-8CA7-BB9C73725F22}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{53525E36-591B-4033-B40E-D40721F72DD0}" = lport=10243 | protocol=6 | dir=in | app=system | "{5733B38D-5C1B-4B87-9F49-787DF1BA2B91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6131FA94-B8D1-46AC-A9BD-FB04A5AF368B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6BA375AA-AAA9-4625-A75E-167D95C2567C}" = rport=139 | protocol=6 | dir=out | app=system | "{734537B2-9AD0-410D-A438-9784B844036A}" = rport=445 | protocol=6 | dir=out | app=system | "{7CC32425-0E8D-41CE-A90C-842F9E681F77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{82026CB7-727F-47A6-AA82-9C162682A353}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8B1F0FC0-ACD0-421E-9C00-A4E03AB4EE28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8BC06F5D-384C-476B-9D72-2D199030223B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{92B6A862-BB48-4647-916D-D00FBF146799}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{94148782-6C9B-4FED-83E0-B70DBCA8F825}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A159C89D-0CB2-468F-BC8E-48860E9F0AA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8AAA7B9-7FA1-4700-998F-7CCAF1AAF39B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B4B50722-83BA-46C5-86AB-330C6E902ECF}" = lport=139 | protocol=6 | dir=in | app=system | "{B9C56282-B7A7-407E-8E40-F1DAC5D593D5}" = lport=137 | protocol=17 | dir=in | app=system | "{BA798041-4757-420D-A8C2-97149E92BF59}" = rport=137 | protocol=17 | dir=out | app=system | "{BE9AC8E3-794D-49BB-8931-CC440EB3FEDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CBE52846-7997-4562-A169-1E0E162306FE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{CE1A8DB4-D1C1-49A5-A1C5-8348B1407017}" = lport=138 | protocol=17 | dir=in | app=system | "{F4C0DAC4-C44E-423D-AD87-875DB26C123D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{031326D6-B024-4F7D-8E17-85092D9A5F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0C5AFEA7-C879-4244-96A8-4019B7DBD77F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{14298D60-617B-475D-BA83-BE87D33C5B51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{188A037B-BA34-4D44-8631-D26DD8E2A8AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{288F6EE6-ED18-4F81-80F9-3F43291D446E}" = protocol=6 | dir=in | app=c:\users\nicholle\appdata\roaming\utorrent\uto rrent.exe | "{2EA08520-286D-4ED5-B884-3176D69F6727}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{616BAB7F-374D-4976-9E91-F9AA36E240EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{792A3A42-D123-4803-88BA-02D35F806E6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{83251B03-A3EA-43E9-B158-9B396B92F95E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{850CCB7B-6FED-4A2B-B87B-D4A96800B21F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{88DA78BF-6354-4FF2-A18C-5773E057BF7E}" = dir=in | app=c:\users\nicholle\appdata\local\microsoft\skyd rive\skydrive.exe | "{8E362BA1-5F7B-4238-9F21-30BD0AA0D68C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{969B3A5A-2A7B-48FC-B368-36EBF93B99D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{96E15CB8-70A1-4F04-BA39-EF0DCCE906ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{98609B46-9E3F-43C1-A1D6-8EC7EDA1B39D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A8E309C2-D512-421C-AF01-B4334D5ABF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B91B7D07-7EED-4E4A-BE72-D30C8ECD1477}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{C0D98804-3E1D-43EB-AC24-951129E398ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C19B0B41-35E8-4E8C-9E57-9C5149AAED96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C5B56F65-1259-4170-96B4-41B96BFF4476}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{C64B0329-7BD8-4700-80D8-359A4A8B722E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CA3E8A24-D924-4891-B451-1B6E665D0518}" = protocol=6 | dir=out | app=system | "{CEE2D15C-EF3A-4F69-A6DE-845D7F136E57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EAC7ACF5-DEC8-41E0-9635-575BF720A688}" = protocol=17 | dir=in | app=c:\users\nicholle\appdata\roaming\utorrent\uto rrent.exe | "{EB598A6D-5BCC-47AB-81BC-9224E763A75E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FC279B72-BFE0-41B3-80D7-187337C16FDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF3C5FB5-3BAA-4D39-9DC2-485D88C230E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{0190D5C5-1D14-4583-9C7B-F667B6B7C55B}C:\program files\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\room\garena_room.exe | "TCP Query User{2EA09C9F-E4A3-4D69-BC17-45031B5309F8}C:\users\nicholle\appdata\local\temp\ mmbplayer\openvpn.exe" = protocol=6 | dir=in | app=c:\users\nicholle\appdata\local\temp\mmbplayer \openvpn.exe | "TCP Query User{5D34815F-5797-4B4F-84E8-9FD9AB37ADAF}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | "TCP Query User{969D0FC4-3841-4B26-8088-D056DE9D4EAB}D:\nicho\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\nicho\warcraft iii\war3.exe | "TCP Query User{B7031AF8-B9A3-4D08-978D-832A16215087}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe | "TCP Query User{C3E3D06F-3543-40B1-BEDC-07E8FD13968C}C:\program files\red alert 2 yuri's revenge\gamemd.exe" = protocol=6 | dir=in | app=c:\program files\red alert 2 yuri's revenge\gamemd.exe | "UDP Query User{18CA6B45-B28C-4D58-B7CD-60C8DD885E30}C:\program files\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\room\garena_room.exe | "UDP Query User{3AE8D3E9-7269-44E8-955F-CED838D8D32D}C:\program files\red alert 2 yuri's revenge\gamemd.exe" = protocol=17 | dir=in | app=c:\program files\red alert 2 yuri's revenge\gamemd.exe | "UDP Query User{6CD16CDD-B998-45FE-9C9C-B08A06F5D8E2}C:\users\nicholle\appdata\local\temp\ mmbplayer\openvpn.exe" = protocol=17 | dir=in | app=c:\users\nicholle\appdata\local\temp\mmbplayer \openvpn.exe | "UDP Query User{7765B8EF-572C-473A-9CCC-CAD5FE6DFEAB}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe | "UDP Query User{7F8CB232-69AE-4BCE-B1FE-AE8C87BB0582}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | "UDP Query User{D9F45A10-09BF-43A7-B676-DBF6C7E960D7}D:\nicho\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\nicho\warcraft iii\war3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{13C4E8F0-B747-4C7C-9090-884832F9F90A}" = Proteus 7 Professional "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software "{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 2.1 "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software "{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1 "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D85392-8DAB-4AEA-85E3-C3242055DF9D}_is1" = Vampires vs Zombies version 1.0.0.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{FBFA7DDB-4188-457E-BD16-81B26E2B447C}" = ESET Smart Security "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "BlueSprig_JetClean_is1" = JetClean "BurnAware Free_is1" = BurnAware Free 6.1 "CNXT_AUDIO_HDA" = Conexant HD Audio "DVD-Cloner 2013_is1" = DVD-Cloner V10.20 Build 1204 "ELECTRA_is1" = ELECTRA 2.4 "Freemake Video Converter_is1" = Freemake Video Converter version 3.2.1 "Freemake Video Downloader_is1" = Freemake Video Downloader "Globe Tattoo Broadband" = Globe Tattoo Broadband "Google Chrome" = Google Chrome "im" = Garena Plus "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "MiNODLogin" = ESET Antivirus License Finder (MiNODLogin) "MiNODServer" = ESET Virtual Update Server (MiNODServer) "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "SmartBRO version_is1" = SmartBRO version 4.810 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TAP-Windows" = TAP-Windows 9.9.2 "Target 3001! V14 discover" = Target 3001! V14 discover "Texas Holdem Poker 3D Deluxe Edition DeLEGiON_is1" = Texas Holdem Poker 3D Deluxe Edition v1 0 DeLEGiON "Ulisess Seguridad_is1" = Ulisess Seguridad 10.3.0 "uTorrent" = µTorrent "uTorrent Turbo Accelerator" = uTorrent Turbo Accelerator "VeriFace" = VeriFace "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 2.0.5 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-bit) "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2/4/2013 10:54:04 AM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 2/4/2013 11:54:05 AM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 2/4/2013 12:54:05 PM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 488 Description = WinMail (3636) WindowsMail0: An attempt to create the file "C:\Users\nicholle\AppData\Local\Microsoft\Win dows Mail\WindowsMail.pat" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8). Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 217 Description = WinMail (3636) WindowsMail0: Error (-1032) during backup of a database (file C:\Users\nicholle\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore). The database will be unable to restore. Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 215 Description = WinMail (3636) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error - 2/4/2013 3:37:11 PM | Computer Name = mj-PC | Source = RasClient | ID = 20227 Description = Error - 2/4/2013 3:37:47 PM | Computer Name = mj-PC | Source = RasClient | ID = 20227 Description = Error - 2/10/2013 12:36:46 AM | Computer Name = mj-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 2/10/2013 1:06:06 AM | Computer Name = mj-PC | Source = Windows Activation Technologies | ID = 3 Description = [ Media Center Events ] Error - 4/28/2013 1:25:25 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:25:02 PM - Failed to retrieve NetTV (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/28/2013 1:25:55 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:25:27 PM - Failed to retrieve MCESpotlight (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/28/2013 1:26:16 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:26:06 PM - Failed to retrieve MCEClientUX (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/28/2013 1:28:08 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:27:56 PM - Failed to retrieve SportsSchedule (Error: The operation has timed out) Error - 4/28/2013 1:28:49 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:28:11 PM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/28/2013 1:28:56 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:28:51 PM - Failed to retrieve Broadband (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/30/2013 12:36:35 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 12:36:30 PM - Error connecting to the internet. 12:36:30 PM - Unable to contact server.. Error - 5/21/2013 8:28:45 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 8:28:44 AM - Error connecting to the internet. 8:28:45 AM - Unable to contact server.. Error - 5/21/2013 8:28:56 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 8:28:50 AM - Error connecting to the internet. 8:28:50 AM - Unable to contact server.. Error - 5/22/2013 8:18:29 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 8:18:24 AM - Error connecting to the internet. 8:18:24 AM - Unable to contact server.. [ System Events ] Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 9:08:02 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7023 Description = The SPP Notification Service service terminated with the following error: %%5 < End of report > |
#6
|
|||
|
|||
Extras.txt
OTL Extras logfile created on: 5/23/2013 9:15:40 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nicholle\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.08% Memory free 3.88 Gb Paging File | 2.05 Gb Available in Paging File | 52.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 235.84 Gb Total Space | 179.05 Gb Free Space | 75.92% Space Free | Partition Type: NTFS Drive D: | 228.74 Gb Total Space | 98.93 Gb Free Space | 43.25% Space Free | Partition Type: NTFS Computer Name: MJ-PC | User Name: nicholle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{01EE22D4-96F8-4A22-94BD-5AAED71E847A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{022BE9B0-9480-4059-8E6E-D2B2ECB05CB1}" = lport=2869 | protocol=6 | dir=in | app=system | "{04C4930B-F8C6-427E-9C68-A3CB4A73605A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{06A90E14-BC20-421F-9F3A-87D638142436}" = rport=10243 | protocol=6 | dir=out | app=system | "{0A79FE75-36B2-4286-961B-310982D2CF1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{0B396C9E-C422-48B7-B734-F075865ACA6F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1161D720-58EB-432E-93D1-F617E783834D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1301903B-A05C-4E1E-87A2-4840F2374C4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2DBD4D30-0EE2-41F1-AFE5-A0D09B2944DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F6DDFB4-904A-42B9-823B-3F4DA4DA5067}" = rport=138 | protocol=17 | dir=out | app=system | "{35DF4B34-F025-4702-B3EB-52199D1C79A8}" = lport=445 | protocol=6 | dir=in | app=system | "{367CF5FA-C363-4DED-8532-238B208C33E3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{4031808D-55FE-457E-AA7B-0AC70CFEE78F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{511E7B54-2D3A-494C-8CA7-BB9C73725F22}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{53525E36-591B-4033-B40E-D40721F72DD0}" = lport=10243 | protocol=6 | dir=in | app=system | "{5733B38D-5C1B-4B87-9F49-787DF1BA2B91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6131FA94-B8D1-46AC-A9BD-FB04A5AF368B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6BA375AA-AAA9-4625-A75E-167D95C2567C}" = rport=139 | protocol=6 | dir=out | app=system | "{734537B2-9AD0-410D-A438-9784B844036A}" = rport=445 | protocol=6 | dir=out | app=system | "{7CC32425-0E8D-41CE-A90C-842F9E681F77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{82026CB7-727F-47A6-AA82-9C162682A353}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8B1F0FC0-ACD0-421E-9C00-A4E03AB4EE28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8BC06F5D-384C-476B-9D72-2D199030223B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{92B6A862-BB48-4647-916D-D00FBF146799}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{94148782-6C9B-4FED-83E0-B70DBCA8F825}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A159C89D-0CB2-468F-BC8E-48860E9F0AA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8AAA7B9-7FA1-4700-998F-7CCAF1AAF39B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B4B50722-83BA-46C5-86AB-330C6E902ECF}" = lport=139 | protocol=6 | dir=in | app=system | "{B9C56282-B7A7-407E-8E40-F1DAC5D593D5}" = lport=137 | protocol=17 | dir=in | app=system | "{BA798041-4757-420D-A8C2-97149E92BF59}" = rport=137 | protocol=17 | dir=out | app=system | "{BE9AC8E3-794D-49BB-8931-CC440EB3FEDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CBE52846-7997-4562-A169-1E0E162306FE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{CE1A8DB4-D1C1-49A5-A1C5-8348B1407017}" = lport=138 | protocol=17 | dir=in | app=system | "{F4C0DAC4-C44E-423D-AD87-875DB26C123D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{031326D6-B024-4F7D-8E17-85092D9A5F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0C5AFEA7-C879-4244-96A8-4019B7DBD77F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{14298D60-617B-475D-BA83-BE87D33C5B51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{188A037B-BA34-4D44-8631-D26DD8E2A8AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{288F6EE6-ED18-4F81-80F9-3F43291D446E}" = protocol=6 | dir=in | app=c:\users\nicholle\appdata\roaming\utorrent\uto rrent.exe | "{2EA08520-286D-4ED5-B884-3176D69F6727}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{616BAB7F-374D-4976-9E91-F9AA36E240EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{792A3A42-D123-4803-88BA-02D35F806E6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{83251B03-A3EA-43E9-B158-9B396B92F95E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{850CCB7B-6FED-4A2B-B87B-D4A96800B21F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{88DA78BF-6354-4FF2-A18C-5773E057BF7E}" = dir=in | app=c:\users\nicholle\appdata\local\microsoft\skyd rive\skydrive.exe | "{8E362BA1-5F7B-4238-9F21-30BD0AA0D68C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{969B3A5A-2A7B-48FC-B368-36EBF93B99D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{96E15CB8-70A1-4F04-BA39-EF0DCCE906ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{98609B46-9E3F-43C1-A1D6-8EC7EDA1B39D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A8E309C2-D512-421C-AF01-B4334D5ABF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B91B7D07-7EED-4E4A-BE72-D30C8ECD1477}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{C0D98804-3E1D-43EB-AC24-951129E398ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C19B0B41-35E8-4E8C-9E57-9C5149AAED96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C5B56F65-1259-4170-96B4-41B96BFF4476}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{C64B0329-7BD8-4700-80D8-359A4A8B722E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CA3E8A24-D924-4891-B451-1B6E665D0518}" = protocol=6 | dir=out | app=system | "{CEE2D15C-EF3A-4F69-A6DE-845D7F136E57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EAC7ACF5-DEC8-41E0-9635-575BF720A688}" = protocol=17 | dir=in | app=c:\users\nicholle\appdata\roaming\utorrent\uto rrent.exe | "{EB598A6D-5BCC-47AB-81BC-9224E763A75E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FC279B72-BFE0-41B3-80D7-187337C16FDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF3C5FB5-3BAA-4D39-9DC2-485D88C230E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{0190D5C5-1D14-4583-9C7B-F667B6B7C55B}C:\program files\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\room\garena_room.exe | "TCP Query User{2EA09C9F-E4A3-4D69-BC17-45031B5309F8}C:\users\nicholle\appdata\local\temp\ mmbplayer\openvpn.exe" = protocol=6 | dir=in | app=c:\users\nicholle\appdata\local\temp\mmbplayer \openvpn.exe | "TCP Query User{5D34815F-5797-4B4F-84E8-9FD9AB37ADAF}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | "TCP Query User{969D0FC4-3841-4B26-8088-D056DE9D4EAB}D:\nicho\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\nicho\warcraft iii\war3.exe | "TCP Query User{B7031AF8-B9A3-4D08-978D-832A16215087}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe | "TCP Query User{C3E3D06F-3543-40B1-BEDC-07E8FD13968C}C:\program files\red alert 2 yuri's revenge\gamemd.exe" = protocol=6 | dir=in | app=c:\program files\red alert 2 yuri's revenge\gamemd.exe | "UDP Query User{18CA6B45-B28C-4D58-B7CD-60C8DD885E30}C:\program files\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\room\garena_room.exe | "UDP Query User{3AE8D3E9-7269-44E8-955F-CED838D8D32D}C:\program files\red alert 2 yuri's revenge\gamemd.exe" = protocol=17 | dir=in | app=c:\program files\red alert 2 yuri's revenge\gamemd.exe | "UDP Query User{6CD16CDD-B998-45FE-9C9C-B08A06F5D8E2}C:\users\nicholle\appdata\local\temp\ mmbplayer\openvpn.exe" = protocol=17 | dir=in | app=c:\users\nicholle\appdata\local\temp\mmbplayer \openvpn.exe | "UDP Query User{7765B8EF-572C-473A-9CCC-CAD5FE6DFEAB}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe | "UDP Query User{7F8CB232-69AE-4BCE-B1FE-AE8C87BB0582}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | "UDP Query User{D9F45A10-09BF-43A7-B676-DBF6C7E960D7}D:\nicho\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\nicho\warcraft iii\war3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{13C4E8F0-B747-4C7C-9090-884832F9F90A}" = Proteus 7 Professional "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software "{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 2.1 "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software "{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1 "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D85392-8DAB-4AEA-85E3-C3242055DF9D}_is1" = Vampires vs Zombies version 1.0.0.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{FBFA7DDB-4188-457E-BD16-81B26E2B447C}" = ESET Smart Security "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "BlueSprig_JetClean_is1" = JetClean "BurnAware Free_is1" = BurnAware Free 6.1 "CNXT_AUDIO_HDA" = Conexant HD Audio "DVD-Cloner 2013_is1" = DVD-Cloner V10.20 Build 1204 "ELECTRA_is1" = ELECTRA 2.4 "Freemake Video Converter_is1" = Freemake Video Converter version 3.2.1 "Freemake Video Downloader_is1" = Freemake Video Downloader "Globe Tattoo Broadband" = Globe Tattoo Broadband "Google Chrome" = Google Chrome "im" = Garena Plus "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "MiNODLogin" = ESET Antivirus License Finder (MiNODLogin) "MiNODServer" = ESET Virtual Update Server (MiNODServer) "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "SmartBRO version_is1" = SmartBRO version 4.810 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TAP-Windows" = TAP-Windows 9.9.2 "Target 3001! V14 discover" = Target 3001! V14 discover "Texas Holdem Poker 3D Deluxe Edition DeLEGiON_is1" = Texas Holdem Poker 3D Deluxe Edition v1 0 DeLEGiON "Ulisess Seguridad_is1" = Ulisess Seguridad 10.3.0 "uTorrent" = µTorrent "uTorrent Turbo Accelerator" = uTorrent Turbo Accelerator "VeriFace" = VeriFace "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 2.0.5 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-bit) "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2/4/2013 10:54:04 AM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 2/4/2013 11:54:05 AM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 2/4/2013 12:54:05 PM | Computer Name = mj-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 488 Description = WinMail (3636) WindowsMail0: An attempt to create the file "C:\Users\nicholle\AppData\Local\Microsoft\Win dows Mail\WindowsMail.pat" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8). Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 217 Description = WinMail (3636) WindowsMail0: Error (-1032) during backup of a database (file C:\Users\nicholle\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore). The database will be unable to restore. Error - 2/4/2013 2:00:33 PM | Computer Name = mj-PC | Source = ESENT | ID = 215 Description = WinMail (3636) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error - 2/4/2013 3:37:11 PM | Computer Name = mj-PC | Source = RasClient | ID = 20227 Description = Error - 2/4/2013 3:37:47 PM | Computer Name = mj-PC | Source = RasClient | ID = 20227 Description = Error - 2/10/2013 12:36:46 AM | Computer Name = mj-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 2/10/2013 1:06:06 AM | Computer Name = mj-PC | Source = Windows Activation Technologies | ID = 3 Description = [ Media Center Events ] Error - 4/28/2013 1:25:25 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:25:02 PM - Failed to retrieve NetTV (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/28/2013 1:25:55 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:25:27 PM - Failed to retrieve MCESpotlight (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/28/2013 1:26:16 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:26:06 PM - Failed to retrieve MCEClientUX (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/28/2013 1:28:08 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:27:56 PM - Failed to retrieve SportsSchedule (Error: The operation has timed out) Error - 4/28/2013 1:28:49 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:28:11 PM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/28/2013 1:28:56 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 1:28:51 PM - Failed to retrieve Broadband (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 4/30/2013 12:36:35 AM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 12:36:30 PM - Error connecting to the internet. 12:36:30 PM - Unable to contact server.. Error - 5/21/2013 8:28:45 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 8:28:44 AM - Error connecting to the internet. 8:28:45 AM - Unable to contact server.. Error - 5/21/2013 8:28:56 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 8:28:50 AM - Error connecting to the internet. 8:28:50 AM - Unable to contact server.. Error - 5/22/2013 8:18:29 PM | Computer Name = mj-PC | Source = MCUpdate | ID = 0 Description = 8:18:24 AM - Error connecting to the internet. 8:18:24 AM - Unable to contact server.. [ System Events ] Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 8:37:57 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7000 Description = The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error - 5/22/2013 9:08:02 PM | Computer Name = mj-PC | Source = Service Control Manager | ID = 7023 Description = The SPP Notification Service service terminated with the following error: %%5 < End of report > |
#7
|
||||
|
||||
Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.
Download TDSSKiller.exe and save it to your desktop
|
#8
|
|||
|
|||
Sir have you seen any problems based on the results I've brought a while ago??
|
#9
|
|||
|
|||
sir schrauber here it is....
19:04:00.0574 4092 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:04:02.0576 4092 ================================================== ========== 19:04:02.0576 4092 Current date / time: 2013/05/23 19:04:02.0576 19:04:02.0576 4092 SystemInfo: 19:04:02.0576 4092 19:04:02.0576 4092 OS Version: 6.1.7601 ServicePack: 1.0 19:04:02.0576 4092 Product type: Workstation 19:04:02.0576 4092 ComputerName: MJ-PC 19:04:02.0577 4092 UserName: nicholle 19:04:02.0577 4092 Windows directory: C:\Windows 19:04:02.0577 4092 System windows directory: C:\Windows 19:04:02.0577 4092 Processor architecture: Intel x86 19:04:02.0577 4092 Number of processors: 2 19:04:02.0577 4092 Page size: 0x1000 19:04:02.0577 4092 Boot type: Normal boot 19:04:02.0577 4092 ================================================== ========== 19:04:02.0979 4092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:04:02.0982 4092 Drive \Device\Harddisk2\DR2 - Size: 0x784FD000 (1.88 Gb), SectorSize: 0x1000, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:04:02.0983 4092 ================================================== ========== 19:04:02.0983 4092 \Device\Harddisk0\DR0: 19:04:02.0983 4092 MBR partitions: 19:04:02.0983 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:04:02.0983 4092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D7AE000 19:04:03.0004 4092 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D7E1000, BlocksNum 0x1C97A800 19:04:03.0004 4092 \Device\Harddisk2\DR2: 19:04:03.0005 4092 MBR partitions: 19:04:03.0005 4092 ================================================== ========== 19:04:03.0085 4092 C: <-> \Device\Harddisk0\DR0\Partition2 19:04:03.0129 4092 D: <-> \Device\Harddisk0\DR0\Partition3 19:04:03.0130 4092 ================================================== ========== 19:04:03.0130 4092 Initialize success 19:04:03.0130 4092 ================================================== ========== 19:04:05.0000 1632 ================================================== ========== 19:04:05.0000 1632 Scan started 19:04:05.0000 1632 Mode: Manual; 19:04:05.0000 1632 ================================================== ========== 19:04:05.0079 1632 ================ Scan system memory ======================== 19:04:05.0079 1632 System memory - ok 19:04:05.0079 1632 ================ Scan services ============================= 19:04:05.0210 1632 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:04:05.0212 1632 1394ohci - ok 19:04:05.0244 1632 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:04:05.0247 1632 ACPI - ok 19:04:05.0270 1632 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:04:05.0271 1632 AcpiPmi - ok 19:04:05.0290 1632 [ F045F62270330C05D15E6E5F544FE73B ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys 19:04:05.0291 1632 ACPIVPC - ok 19:04:05.0377 1632 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 19:04:05.0380 1632 AdobeARMservice - ok 19:04:05.0439 1632 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe 19:04:05.0444 1632 AdobeFlashPlayerUpdateSvc - ok 19:04:05.0490 1632 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:04:05.0494 1632 adp94xx - ok 19:04:05.0512 1632 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:04:05.0516 1632 adpahci - ok 19:04:05.0530 1632 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:04:05.0533 1632 adpu320 - ok 19:04:05.0558 1632 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:04:05.0560 1632 AeLookupSvc - ok 19:04:05.0587 1632 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 19:04:05.0591 1632 AFD - ok 19:04:05.0631 1632 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 19:04:05.0632 1632 agp440 - ok 19:04:05.0679 1632 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 19:04:05.0681 1632 aic78xx - ok 19:04:05.0706 1632 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 19:04:05.0708 1632 ALG - ok 19:04:05.0726 1632 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 19:04:05.0727 1632 aliide - ok 19:04:05.0757 1632 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 19:04:05.0758 1632 amdagp - ok 19:04:05.0793 1632 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 19:04:05.0794 1632 amdide - ok 19:04:05.0826 1632 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:04:05.0829 1632 AmdK8 - ok 19:04:05.0851 1632 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:04:05.0854 1632 AmdPPM - ok 19:04:05.0881 1632 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:04:05.0884 1632 amdsata - ok 19:04:05.0905 1632 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:04:05.0910 1632 amdsbs - ok 19:04:05.0938 1632 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:04:05.0940 1632 amdxata - ok 19:04:05.0973 1632 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 19:04:05.0975 1632 AppID - ok 19:04:06.0006 1632 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:04:06.0009 1632 AppIDSvc - ok 19:04:06.0040 1632 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 19:04:06.0042 1632 Appinfo - ok 19:04:06.0068 1632 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 19:04:06.0071 1632 AppMgmt - ok 19:04:06.0093 1632 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 19:04:06.0095 1632 arc - ok 19:04:06.0128 1632 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:04:06.0130 1632 arcsas - ok 19:04:06.0251 1632 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe 19:04:06.0255 1632 aspnet_state - ok 19:04:06.0285 1632 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:04:06.0288 1632 AsyncMac - ok 19:04:06.0315 1632 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 19:04:06.0317 1632 atapi - ok 19:04:06.0393 1632 [ FD08D220342C0F5556EE1D1A618817DD ] athr C:\Windows\system32\DRIVERS\athr.sys 19:04:06.0409 1632 athr - ok 19:04:06.0449 1632 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:04:06.0454 1632 AudioEndpointBuilder - ok 19:04:06.0462 1632 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 19:04:06.0467 1632 Audiosrv - ok 19:04:06.0496 1632 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:04:06.0498 1632 AxInstSV - ok 19:04:06.0536 1632 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 19:04:06.0543 1632 b06bdrv - ok 19:04:06.0562 1632 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 19:04:06.0566 1632 b57nd60x - ok 19:04:06.0598 1632 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 19:04:06.0600 1632 BDESVC - ok 19:04:06.0619 1632 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 19:04:06.0621 1632 Beep - ok 19:04:06.0682 1632 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 19:04:06.0692 1632 BFE - ok 19:04:06.0728 1632 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 19:04:06.0735 1632 BITS - ok 19:04:06.0753 1632 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:04:06.0754 1632 blbdrive - ok 19:04:06.0775 1632 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:04:06.0777 1632 bowser - ok 19:04:06.0796 1632 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:04:06.0797 1632 BrFiltLo - ok 19:04:06.0818 1632 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:04:06.0819 1632 BrFiltUp - ok 19:04:06.0857 1632 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 19:04:06.0858 1632 Browser - ok 19:04:06.0879 1632 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:04:06.0881 1632 Brserid - ok 19:04:06.0904 1632 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:04:06.0906 1632 BrSerWdm - ok 19:04:06.0925 1632 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:04:06.0926 1632 BrUsbMdm - ok 19:04:06.0947 1632 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:04:06.0948 1632 BrUsbSer - ok 19:04:06.0981 1632 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 19:04:06.0982 1632 BthEnum - ok 19:04:06.0993 1632 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:04:06.0994 1632 BTHMODEM - ok 19:04:07.0025 1632 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 19:04:07.0026 1632 BthPan - ok 19:04:07.0046 1632 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 19:04:07.0049 1632 BTHPORT - ok 19:04:07.0069 1632 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 19:04:07.0071 1632 bthserv - ok 19:04:07.0081 1632 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 19:04:07.0083 1632 BTHUSB - ok 19:04:07.0104 1632 [ 7C725D3F2955A04D0B491276482D8D6F ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys 19:04:07.0107 1632 BTWAMPFL - ok 19:04:07.0112 1632 [ C30935C27EB451586143B79B7DAD590F ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 19:04:07.0113 1632 btwaudio - ok 19:04:07.0128 1632 [ 9ABEA4DC976E3F47DA2D4B169719CBAA ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 19:04:07.0129 1632 btwavdt - ok 19:04:07.0210 1632 [ 82EBFEB0249FDF850A17F7E3140FB32F ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe 19:04:07.0222 1632 btwdins - ok 19:04:07.0244 1632 [ AF2B0D934730F4B8EA8A999BA01EAF62 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 19:04:07.0245 1632 btwl2cap - ok 19:04:07.0261 1632 [ 1E5468447E4D18FBEA5F01267D6495A5 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 19:04:07.0262 1632 btwrchid - ok 19:04:07.0322 1632 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NSM C:\Windows\system32\drivers\NSM\0206000.03D\ccSetx 86.sys 19:04:07.0324 1632 ccSet_NSM - ok 19:04:07.0336 1632 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:04:07.0338 1632 cdfs - ok 19:04:07.0372 1632 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:04:07.0374 1632 cdrom - ok 19:04:07.0408 1632 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 19:04:07.0410 1632 CertPropSvc - ok 19:04:07.0440 1632 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:04:07.0441 1632 circlass - ok 19:04:07.0474 1632 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 19:04:07.0477 1632 CLFS - ok 19:04:07.0516 1632 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe 19:04:07.0518 1632 clr_optimization_v2.0.50727_32 - ok 19:04:07.0552 1632 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe 19:04:07.0554 1632 clr_optimization_v4.0.30319_32 - ok 19:04:07.0582 1632 [ 125C828BF3673406DFD642D7BEE8434F ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys 19:04:07.0584 1632 clwvd - ok 19:04:07.0590 1632 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:04:07.0591 1632 CmBatt - ok 19:04:07.0614 1632 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:04:07.0615 1632 cmdide - ok 19:04:07.0652 1632 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys 19:04:07.0656 1632 CNG - ok 19:04:07.0702 1632 [ 87FE2FDE42249A69C010CCBB6757704C ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys 19:04:07.0714 1632 CnxtHdAudService - ok 19:04:07.0726 1632 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:04:07.0728 1632 Compbatt - ok 19:04:07.0754 1632 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:04:07.0755 1632 CompositeBus - ok 19:04:07.0763 1632 COMSysApp - ok 19:04:07.0803 1632 [ 2155D9C6F9EF97E149BB5A75D608524D ] cphs C:\Windows\system32\IntelCpHeciSvc.exe 19:04:07.0811 1632 cphs - ok 19:04:07.0826 1632 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:04:07.0828 1632 crcdisk - ok 19:04:07.0860 1632 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:04:07.0862 1632 CryptSvc - ok 19:04:07.0894 1632 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 19:04:07.0898 1632 CSC - ok 19:04:07.0934 1632 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 19:04:07.0939 1632 CscService - ok 19:04:07.0955 1632 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 19:04:07.0961 1632 DcomLaunch - ok 19:04:07.0984 1632 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 19:04:07.0987 1632 defragsvc - ok 19:04:08.0027 1632 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:04:08.0029 1632 DfsC - ok 19:04:08.0044 1632 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 19:04:08.0047 1632 Dhcp - ok 19:04:08.0068 1632 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 19:04:08.0069 1632 discache - ok 19:04:08.0087 1632 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:04:08.0089 1632 Disk - ok 19:04:08.0116 1632 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:04:08.0119 1632 Dnscache - ok 19:04:08.0155 1632 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 19:04:08.0158 1632 dot3svc - ok 19:04:08.0183 1632 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 19:04:08.0186 1632 DPS - ok 19:04:08.0208 1632 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:04:08.0209 1632 drmkaud - ok 19:04:08.0254 1632 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:04:08.0268 1632 DXGKrnl - ok 19:04:08.0316 1632 [ 16FF05BE2BD95824B487B1476862A84B ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys 19:04:08.0318 1632 eamonm - ok 19:04:08.0343 1632 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 19:04:08.0345 1632 EapHost - ok 19:04:08.0447 1632 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 19:04:08.0474 1632 ebdrv - ok 19:04:08.0501 1632 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 19:04:08.0503 1632 EFS - ok 19:04:08.0530 1632 [ 366369746D1818FDD8589D1F2C8A6D03 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys 19:04:08.0531 1632 ehdrv - ok 19:04:08.0594 1632 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:04:08.0599 1632 ehRecvr - ok 19:04:08.0626 1632 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 19:04:08.0628 1632 ehSched - ok 19:04:08.0811 1632 [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe 19:04:08.0828 1632 ekrn - ok 19:04:08.0867 1632 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:04:08.0871 1632 elxstor - ok 19:04:08.0896 1632 [ 5F08103444A1B5B2A38EAB729DE0A1A3 ] epfw C:\Windows\system32\DRIVERS\epfw.sys 19:04:08.0898 1632 epfw - ok 19:04:08.0934 1632 [ CCA5BF8C921CDCAE262924F406A1D93C ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys 19:04:08.0935 1632 EpfwLWF - ok 19:04:08.0957 1632 [ 9DFF2C0E4420A22CA37B655E314CAC69 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys 19:04:08.0959 1632 epfwwfp - ok 19:04:08.0985 1632 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:04:08.0985 1632 ErrDev - ok 19:04:09.0022 1632 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 19:04:09.0025 1632 EventSystem - ok 19:04:09.0115 1632 [ 45A155528BB57183DA2687D3E73443D3 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 19:04:09.0128 1632 EvtEng - ok 19:04:09.0166 1632 [ 95BCB4321962028799EB2EA53319BB0C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 19:04:09.0169 1632 ewusbnet - ok 19:04:09.0203 1632 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 19:04:09.0205 1632 ew_hwusbdev - ok 19:04:09.0220 1632 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 19:04:09.0222 1632 exfat - ok 19:04:09.0237 1632 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:04:09.0239 1632 fastfat - ok 19:04:09.0279 1632 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 19:04:09.0286 1632 Fax - ok 19:04:09.0311 1632 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:04:09.0312 1632 fdc - ok 19:04:09.0339 1632 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 19:04:09.0341 1632 fdPHost - ok 19:04:09.0361 1632 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 19:04:09.0363 1632 FDResPub - ok 19:04:09.0384 1632 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:04:09.0385 1632 FileInfo - ok 19:04:09.0396 1632 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:04:09.0398 1632 Filetrace - ok 19:04:09.0444 1632 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 19:04:09.0453 1632 FLEXnet Licensing Service - ok 19:04:09.0470 1632 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:04:09.0471 1632 flpydisk - ok 19:04:09.0493 1632 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:04:09.0495 1632 FltMgr - ok 19:04:09.0536 1632 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 19:04:09.0544 1632 FontCache - ok 19:04:09.0595 1632 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe 19:04:09.0596 1632 FontCache3.0.0.0 - ok 19:04:09.0667 1632 [ 2399F2C7F173D27D91CDEE63E9D287F5 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe 19:04:09.0670 1632 Freemake Improver - ok 19:04:09.0715 1632 [ 7856550FCB1A99A487805332FE2B6C71 ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe 19:04:09.0717 1632 FreemakeVideoCapture - ok 19:04:09.0737 1632 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:04:09.0739 1632 FsDepends - ok 19:04:09.0773 1632 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 19:04:09.0776 1632 fssfltr - ok 19:04:09.0798 1632 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:04:09.0799 1632 Fs_Rec - ok 19:04:09.0837 1632 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:04:09.0840 1632 fvevol - ok 19:04:09.0866 1632 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:04:09.0867 1632 gagp30kx - ok 19:04:09.0967 1632 GarenaPEngine - ok 19:04:10.0022 1632 GGSAFERDriver - ok 19:04:10.0088 1632 [ 38106C7BD34EAE89D2769AC0BA2E846B ] Globe Tattoo Broadband. RunOuc C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe 19:04:10.0091 1632 Globe Tattoo Broadband. RunOuc - ok 19:04:10.0133 1632 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 19:04:10.0140 1632 gpsvc - ok 19:04:10.0186 1632 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 19:04:10.0190 1632 gupdate - ok 19:04:10.0198 1632 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 19:04:10.0201 1632 gupdatem - ok 19:04:10.0234 1632 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:04:10.0236 1632 hcw85cir - ok 19:04:10.0265 1632 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:04:10.0270 1632 HdAudAddService - ok 19:04:10.0295 1632 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:04:10.0298 1632 HDAudBus - ok 19:04:10.0317 1632 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:04:10.0319 1632 HidBatt - ok 19:04:10.0348 1632 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:04:10.0350 1632 HidBth - ok 19:04:10.0366 1632 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:04:10.0368 1632 HidIr - ok 19:04:10.0399 1632 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 19:04:10.0401 1632 hidserv - ok 19:04:10.0426 1632 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys 19:04:10.0427 1632 HidUsb - ok 19:04:10.0465 1632 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:04:10.0468 1632 hkmsvc - ok 19:04:10.0517 1632 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:04:10.0524 1632 HomeGroupListener - ok 19:04:10.0569 1632 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:04:10.0577 1632 HomeGroupProvider - ok 19:04:10.0615 1632 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:04:10.0617 1632 HpSAMD - ok 19:04:10.0673 1632 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:04:10.0683 1632 HTTP - ok 19:04:10.0725 1632 [ BED3A9F86A637CC6C2C5296CD82423D8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys 19:04:10.0727 1632 huawei_enumerator - ok 19:04:10.0764 1632 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 19:04:10.0766 1632 hwdatacard - ok 19:04:10.0792 1632 HWDeviceService.exe - ok 19:04:10.0824 1632 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:04:10.0825 1632 hwpolicy - ok 19:04:10.0860 1632 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:04:10.0862 1632 i8042prt - ok 19:04:10.0901 1632 [ 5D5EDCB987C96E266A3DFCD6B67E48B8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 19:04:10.0905 1632 iaStor - ok 19:04:10.0939 1632 [ F5C0317AF600F8C0D7E4202EB04232B1 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 19:04:10.0941 1632 IAStorDataMgrSvc - ok 19:04:10.0981 1632 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:04:10.0986 1632 iaStorV - ok 19:04:11.0031 1632 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:04:11.0041 1632 idsvc - ok 19:04:11.0140 1632 [ 8CC51204BCE551B90B45E97BE446C48B ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 19:04:11.0168 1632 igfx - ok 19:04:11.0204 1632 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:04:11.0205 1632 iirsp - ok 19:04:11.0243 1632 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 19:04:11.0250 1632 IKEEXT - ok 19:04:11.0286 1632 [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 19:04:11.0289 1632 IntcDAud - ok 19:04:11.0317 1632 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 19:04:11.0318 1632 intelide - ok 19:04:11.0336 1632 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:04:11.0338 1632 intelppm - ok 19:04:11.0355 1632 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:04:11.0357 1632 IPBusEnum - ok 19:04:11.0377 1632 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:04:11.0378 1632 IpFilterDriver - ok 19:04:11.0412 1632 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:04:11.0418 1632 iphlpsvc - ok 19:04:11.0454 1632 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:04:11.0455 1632 IPMIDRV - ok 19:04:11.0473 1632 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:04:11.0474 1632 IPNAT - ok 19:04:11.0490 1632 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:04:11.0491 1632 IRENUM - ok 19:04:11.0515 1632 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:04:11.0516 1632 isapnp - ok 19:04:11.0540 1632 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:04:11.0542 1632 iScsiPrt - ok 19:04:11.0560 1632 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 19:04:11.0561 1632 kbdclass - ok 19:04:11.0583 1632 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 19:04:11.0584 1632 kbdhid - ok 19:04:11.0596 1632 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 19:04:11.0598 1632 KeyIso - ok 19:04:11.0633 1632 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys 19:04:11.0635 1632 kl1 - ok 19:04:11.0679 1632 [ 654BDF113971B6DFAEA21D5554EBF5F6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys 19:04:11.0689 1632 KLIF - ok 19:04:11.0707 1632 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 19:04:11.0709 1632 KLIM6 - ok 19:04:11.0723 1632 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 19:04:11.0724 1632 klkbdflt - ok 19:04:11.0733 1632 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 19:04:11.0734 1632 klmouflt - ok 19:04:11.0751 1632 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys 19:04:11.0752 1632 kltdi - ok 19:04:11.0773 1632 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys 19:04:11.0774 1632 kneps - ok 19:04:11.0799 1632 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:04:11.0800 1632 KSecDD - ok 19:04:11.0815 1632 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:04:11.0817 1632 KSecPkg - ok 19:04:11.0850 1632 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 19:04:11.0855 1632 KtmRm - ok 19:04:11.0882 1632 [ F3E1024A2FD8C62AF7BD4DAB147D3256 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys 19:04:11.0883 1632 L1C - ok 19:04:11.0914 1632 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 19:04:11.0919 1632 LanmanServer - ok 19:04:11.0932 1632 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:04:11.0936 1632 LanmanWorkstation - ok 19:04:11.0966 1632 [ 8FF8B5F04AC4D57F9A965BB4DF07813E ] LHDmgr C:\Windows\system32\DRIVERS\LhdX86.sys 19:04:11.0967 1632 LHDmgr - ok 19:04:11.0997 1632 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:04:11.0998 1632 lltdio - ok 19:04:12.0038 1632 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:04:12.0042 1632 lltdsvc - ok 19:04:12.0063 1632 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 19:04:12.0067 1632 lmhosts - ok 19:04:12.0101 1632 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 19:04:12.0104 1632 LMS - ok 19:04:12.0121 1632 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:04:12.0123 1632 LSI_FC - ok 19:04:12.0141 1632 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:04:12.0143 1632 LSI_SAS - ok 19:04:12.0160 1632 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:04:12.0161 1632 LSI_SAS2 - ok 19:04:12.0183 1632 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:04:12.0185 1632 LSI_SCSI - ok 19:04:12.0206 1632 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 19:04:12.0207 1632 luafv - ok 19:04:12.0231 1632 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys 19:04:12.0233 1632 massfilter - ok 19:04:12.0286 1632 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 19:04:12.0287 1632 MBAMProtector - ok 19:04:12.0346 1632 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 19:04:12.0355 1632 MBAMScheduler - ok 19:04:12.0402 1632 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 19:04:12.0409 1632 MBAMService - ok 19:04:12.0443 1632 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:04:12.0446 1632 Mcx2Svc - ok 19:04:12.0484 1632 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:04:12.0486 1632 megasas - ok 19:04:12.0513 1632 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:04:12.0519 1632 MegaSR - ok 19:04:12.0548 1632 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys 19:04:12.0549 1632 MEI - ok 19:04:12.0602 1632 Microsoft SharePoint Workspace Audit Service - ok 19:04:12.0632 1632 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 19:04:12.0635 1632 MMCSS - ok 19:04:12.0645 1632 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 19:04:12.0646 1632 Modem - ok 19:04:12.0660 1632 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:04:12.0661 1632 monitor - ok 19:04:12.0670 1632 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 19:04:12.0672 1632 mouclass - ok 19:04:12.0690 1632 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:04:12.0692 1632 mouhid - ok 19:04:12.0721 1632 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:04:12.0723 1632 mountmgr - ok 19:04:12.0748 1632 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 19:04:12.0750 1632 MozillaMaintenance - ok 19:04:12.0778 1632 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 19:04:12.0779 1632 mpio - ok 19:04:12.0813 1632 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:04:12.0814 1632 mpsdrv - ok 19:04:12.0879 1632 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:04:12.0894 1632 MpsSvc - ok 19:04:12.0935 1632 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:04:12.0937 1632 MRxDAV - ok 19:04:12.0961 1632 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:04:12.0962 1632 mrxsmb - ok 19:04:12.0979 1632 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:04:12.0981 1632 mrxsmb10 - ok 19:04:13.0000 1632 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:04:13.0002 1632 mrxsmb20 - ok 19:04:13.0031 1632 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 19:04:13.0033 1632 msahci - ok 19:04:13.0055 1632 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:04:13.0057 1632 msdsm - ok 19:04:13.0073 1632 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 19:04:13.0076 1632 MSDTC - ok 19:04:13.0113 1632 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:04:13.0114 1632 Msfs - ok 19:04:13.0128 1632 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:04:13.0129 1632 mshidkmdf - ok 19:04:13.0142 1632 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:04:13.0143 1632 msisadrv - ok 19:04:13.0175 1632 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:04:13.0178 1632 MSiSCSI - ok 19:04:13.0183 1632 msiserver - ok 19:04:13.0201 1632 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:04:13.0202 1632 MSKSSRV - ok 19:04:13.0219 1632 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:04:13.0220 1632 MSPCLOCK - ok 19:04:13.0231 1632 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:04:13.0232 1632 MSPQM - ok 19:04:13.0253 1632 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:04:13.0255 1632 MsRPC - ok 19:04:13.0297 1632 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:04:13.0299 1632 mssmbios - ok 19:04:13.0314 1632 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:04:13.0315 1632 MSTEE - ok 19:04:13.0331 1632 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:04:13.0332 1632 MTConfig - ok 19:04:13.0352 1632 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 19:04:13.0353 1632 Mup - ok 19:04:13.0380 1632 [ 068924DC70CD255CB35EC864B9C6E92D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 19:04:13.0383 1632 MyWiFiDHCPDNS - ok 19:04:13.0435 1632 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 19:04:13.0440 1632 napagent - ok 19:04:13.0476 1632 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:04:13.0479 1632 NativeWifiP - ok 19:04:13.0519 1632 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:04:13.0526 1632 NDIS - ok 19:04:13.0542 1632 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:04:13.0544 1632 NdisCap - ok 19:04:13.0560 1632 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:04:13.0562 1632 NdisTapi - ok 19:04:13.0593 1632 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:04:13.0594 1632 Ndisuio - ok 19:04:13.0620 1632 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:04:13.0622 1632 NdisWan - ok 19:04:13.0654 1632 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:04:13.0655 1632 NDProxy - ok 19:04:13.0680 1632 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:04:13.0682 1632 NetBIOS - ok 19:04:13.0712 1632 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:04:13.0714 1632 NetBT - ok 19:04:13.0735 1632 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 19:04:13.0738 1632 Netlogon - ok 19:04:13.0769 1632 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 19:04:13.0774 1632 Netman - ok 19:04:13.0834 1632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe 19:04:13.0838 1632 NetMsmqActivator - ok 19:04:13.0850 1632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe 19:04:13.0854 1632 NetPipeActivator - ok 19:04:13.0868 1632 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 19:04:13.0874 1632 netprofm - ok 19:04:13.0880 1632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe 19:04:13.0883 1632 NetTcpActivator - ok 19:04:13.0889 1632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe 19:04:13.0892 1632 NetTcpPortSharing - ok 19:04:13.0906 1632 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:04:13.0907 1632 nfrd960 - ok 19:04:13.0939 1632 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 19:04:13.0943 1632 NlaSvc - ok 19:04:13.0951 1632 NPF - ok 19:04:13.0970 1632 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:04:13.0971 1632 Npfs - ok 19:04:14.0001 1632 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 19:04:14.0004 1632 nsi - ok 19:04:14.0021 1632 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:04:14.0022 1632 nsiproxy - ok 19:04:14.0075 1632 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:04:14.0085 1632 Ntfs - ok 19:04:14.0103 1632 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 19:04:14.0104 1632 Null - ok 19:04:14.0142 1632 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:04:14.0144 1632 nvraid - ok >>>>>>>>>>>see next reply<<<<<<<<<<<<<<< |
#10
|
|||
|
|||
19:04:14.0165 1632 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:04:14.0167 1632 nvstor - ok 19:04:14.0207 1632 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:04:14.0208 1632 nv_agp - ok 19:04:14.0227 1632 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:04:14.0229 1632 ohci1394 - ok 19:04:14.0278 1632 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:04:14.0280 1632 ose - ok 19:04:14.0409 1632 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E 19:04:14.0457 1632 osppsvc - ok 19:04:14.0488 1632 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:04:14.0493 1632 p2pimsvc - ok 19:04:14.0518 1632 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 19:04:14.0524 1632 p2psvc - ok 19:04:14.0563 1632 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:04:14.0565 1632 Parport - ok 19:04:14.0596 1632 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:04:14.0598 1632 partmgr - ok 19:04:14.0612 1632 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 19:04:14.0613 1632 Parvdm - ok 19:04:14.0631 1632 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:04:14.0636 1632 PcaSvc - ok 19:04:14.0650 1632 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 19:04:14.0653 1632 pci - ok 19:04:14.0680 1632 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 19:04:14.0681 1632 pciide - ok 19:04:14.0703 1632 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:04:14.0706 1632 pcmcia - ok 19:04:14.0720 1632 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 19:04:14.0721 1632 pcw - ok 19:04:14.0750 1632 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:04:14.0755 1632 PEAUTH - ok 19:04:14.0797 1632 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 19:04:14.0807 1632 PeerDistSvc - ok 19:04:14.0879 1632 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 19:04:14.0893 1632 pla - ok 19:04:14.0938 1632 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:04:14.0944 1632 PlugPlay - ok 19:04:14.0985 1632 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:04:14.0989 1632 PNRPAutoReg - ok 19:04:15.0020 1632 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:04:15.0026 1632 PNRPsvc - ok 19:04:15.0064 1632 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:04:15.0068 1632 PolicyAgent - ok 19:04:15.0104 1632 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 19:04:15.0108 1632 Power - ok 19:04:15.0131 1632 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:04:15.0132 1632 PptpMiniport - ok 19:04:15.0153 1632 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:04:15.0155 1632 Processor - ok 19:04:15.0176 1632 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 19:04:15.0180 1632 ProfSvc - ok 19:04:15.0190 1632 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:04:15.0193 1632 ProtectedStorage - ok 19:04:15.0205 1632 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:04:15.0207 1632 Psched - ok 19:04:15.0247 1632 [ 562DCDD45902F1863B4B120F0633258B ] qcusbser C:\Windows\system32\DRIVERS\cmusbser.sys 19:04:15.0248 1632 qcusbser - ok 19:04:15.0290 1632 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:04:15.0302 1632 ql2300 - ok 19:04:15.0331 1632 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:04:15.0333 1632 ql40xx - ok 19:04:15.0362 1632 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 19:04:15.0366 1632 QWAVE - ok 19:04:15.0384 1632 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:04:15.0385 1632 QWAVEdrv - ok 19:04:15.0400 1632 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:04:15.0401 1632 RasAcd - ok 19:04:15.0428 1632 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:04:15.0429 1632 RasAgileVpn - ok 19:04:15.0444 1632 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 19:04:15.0447 1632 RasAuto - ok 19:04:15.0468 1632 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:04:15.0470 1632 Rasl2tp - ok 19:04:15.0503 1632 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 19:04:15.0508 1632 RasMan - ok 19:04:15.0525 1632 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:04:15.0527 1632 RasPppoe - ok 19:04:15.0541 1632 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:04:15.0543 1632 RasSstp - ok 19:04:15.0577 1632 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:04:15.0579 1632 rdbss - ok 19:04:15.0599 1632 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:04:15.0600 1632 rdpbus - ok 19:04:15.0625 1632 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:04:15.0626 1632 RDPCDD - ok 19:04:15.0657 1632 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 19:04:15.0659 1632 RDPDR - ok 19:04:15.0688 1632 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:04:15.0690 1632 RDPENCDD - ok 19:04:15.0711 1632 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:04:15.0712 1632 RDPREFMP - ok 19:04:15.0748 1632 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:04:15.0749 1632 RdpVideoMiniport - ok 19:04:15.0785 1632 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:04:15.0787 1632 RDPWD - ok 19:04:15.0835 1632 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:04:15.0837 1632 rdyboost - ok 19:04:15.0921 1632 [ 2D0E5ACA7C182FA9106A42627020813C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 19:04:15.0930 1632 RegSrvc - ok 19:04:15.0955 1632 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 19:04:15.0961 1632 RemoteAccess - ok 19:04:16.0000 1632 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:04:16.0007 1632 RemoteRegistry - ok 19:04:16.0027 1632 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys 19:04:16.0029 1632 Revoflt - ok 19:04:16.0065 1632 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 19:04:16.0066 1632 RFCOMM - ok 19:04:16.0080 1632 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:04:16.0083 1632 RpcEptMapper - ok 19:04:16.0114 1632 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 19:04:16.0116 1632 RpcLocator - ok 19:04:16.0153 1632 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 19:04:16.0159 1632 RpcSs - ok 19:04:16.0191 1632 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:04:16.0193 1632 rspndr - ok 19:04:16.0224 1632 [ 7B67672F2AF95E2208AE883C2702E298 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys 19:04:16.0226 1632 RSUSBVSTOR - ok 19:04:16.0251 1632 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 19:04:16.0252 1632 s3cap - ok 19:04:16.0266 1632 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 19:04:16.0268 1632 SamSs - ok 19:04:16.0293 1632 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:04:16.0295 1632 sbp2port - ok 19:04:16.0335 1632 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:04:16.0339 1632 SCardSvr - ok 19:04:16.0377 1632 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:04:16.0379 1632 scfilter - ok 19:04:16.0419 1632 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 19:04:16.0428 1632 Schedule - ok 19:04:16.0460 1632 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:04:16.0462 1632 SCPolicySvc - ok 19:04:16.0484 1632 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:04:16.0488 1632 SDRSVC - ok 19:04:16.0523 1632 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:04:16.0524 1632 secdrv - ok 19:04:16.0545 1632 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 19:04:16.0548 1632 seclogon - ok 19:04:16.0569 1632 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 19:04:16.0572 1632 SENS - ok 19:04:16.0600 1632 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:04:16.0604 1632 SensrSvc - ok 19:04:16.0626 1632 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:04:16.0627 1632 Serenum - ok 19:04:16.0646 1632 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:04:16.0647 1632 Serial - ok 19:04:16.0679 1632 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:04:16.0680 1632 sermouse - ok 19:04:16.0734 1632 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 19:04:16.0738 1632 SessionEnv - ok 19:04:16.0776 1632 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:04:16.0777 1632 sffdisk - ok 19:04:16.0788 1632 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:04:16.0789 1632 sffp_mmc - ok 19:04:16.0818 1632 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:04:16.0819 1632 sffp_sd - ok 19:04:16.0856 1632 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:04:16.0857 1632 sfloppy - ok 19:04:16.0917 1632 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:04:16.0925 1632 SharedAccess - ok 19:04:16.0976 1632 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:04:16.0983 1632 ShellHWDetection - ok 19:04:17.0025 1632 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 19:04:17.0027 1632 sisagp - ok 19:04:17.0051 1632 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:04:17.0052 1632 SiSRaid2 - ok 19:04:17.0080 1632 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:04:17.0081 1632 SiSRaid4 - ok 19:04:17.0099 1632 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:04:17.0101 1632 Smb - ok 19:04:17.0138 1632 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:04:17.0142 1632 SNMPTRAP - ok 19:04:17.0158 1632 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 19:04:17.0160 1632 spldr - ok 19:04:17.0189 1632 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 19:04:17.0195 1632 Spooler - ok 19:04:17.0293 1632 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 19:04:17.0326 1632 sppsvc - ok 19:04:17.0369 1632 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:04:17.0372 1632 sppuinotify - ok 19:04:17.0404 1632 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 19:04:17.0408 1632 srv - ok 19:04:17.0423 1632 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:04:17.0427 1632 srv2 - ok 19:04:17.0459 1632 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:04:17.0461 1632 srvnet - ok 19:04:17.0508 1632 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:04:17.0513 1632 SSDPSRV - ok 19:04:17.0532 1632 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:04:17.0536 1632 SstpSvc - ok 19:04:17.0561 1632 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:04:17.0562 1632 stexstor - ok 19:04:17.0606 1632 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 19:04:17.0613 1632 StiSvc - ok 19:04:17.0640 1632 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 19:04:17.0641 1632 storflt - ok 19:04:17.0665 1632 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 19:04:17.0667 1632 storvsc - ok 19:04:17.0693 1632 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 19:04:17.0695 1632 swenum - ok 19:04:17.0755 1632 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:04:17.0760 1632 SwitchBoard - ok 19:04:17.0788 1632 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 19:04:17.0794 1632 swprv - ok 19:04:17.0833 1632 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS 19:04:17.0836 1632 SymEvent - ok 19:04:17.0922 1632 [ 60528F63A391D787020126522599867C ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\system32\drivers\NSM\0206000.03D\SymRdr S.SYS 19:04:17.0926 1632 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok 19:04:17.0943 1632 Synth3dVsc - ok 19:04:18.0001 1632 [ DB5B048844001D04A97CDAB2A2176F4E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:04:18.0013 1632 SynTP - ok 19:04:18.0078 1632 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 19:04:18.0090 1632 SysMain - ok 19:04:18.0122 1632 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:04:18.0126 1632 TabletInputService - ok 19:04:18.0162 1632 [ 5A5927C254DA9D76D66DE866E21C1058 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 19:04:18.0163 1632 tap0901 - ok 19:04:18.0193 1632 [ DEB7FA72F982C4881E633507C5265A3C ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys 19:04:18.0195 1632 taphss6 - ok 19:04:18.0231 1632 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 19:04:18.0236 1632 TapiSrv - ok 19:04:18.0272 1632 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 19:04:18.0280 1632 TBS - ok 19:04:18.0348 1632 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:04:18.0360 1632 Tcpip - ok 19:04:18.0385 1632 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:04:18.0396 1632 TCPIP6 - ok 19:04:18.0436 1632 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:04:18.0438 1632 tcpipreg - ok 19:04:18.0467 1632 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:04:18.0468 1632 TDPIPE - ok 19:04:18.0488 1632 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:04:18.0489 1632 TDTCP - ok 19:04:18.0525 1632 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:04:18.0526 1632 tdx - ok 19:04:18.0537 1632 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:04:18.0539 1632 TermDD - ok 19:04:18.0572 1632 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 19:04:18.0580 1632 TermService - ok 19:04:18.0616 1632 [ 59CFDA4EACB3788F8B17F87B49B0AC0E ] Themes C:\Windows\system32\themeservice.dll 19:04:18.0620 1632 Themes - ok 19:04:18.0633 1632 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 19:04:18.0636 1632 THREADORDER - ok 19:04:18.0663 1632 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 19:04:18.0667 1632 TrkWks - ok 19:04:18.0706 1632 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:04:18.0709 1632 TrustedInstaller - ok 19:04:18.0746 1632 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:04:18.0747 1632 tssecsrv - ok 19:04:18.0781 1632 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:04:18.0783 1632 TsUsbFlt - ok 19:04:18.0795 1632 tsusbhub - ok 19:04:18.0823 1632 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:04:18.0824 1632 tunnel - ok 19:04:18.0851 1632 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\Windows\System32\Drivers\TVicHW32.sys 19:04:18.0852 1632 TVICHW32 - ok 19:04:18.0881 1632 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:04:18.0882 1632 uagp35 - ok 19:04:18.0925 1632 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:04:18.0927 1632 udfs - ok 19:04:18.0973 1632 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:04:18.0977 1632 UI0Detect - ok 19:04:18.0992 1632 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:04:18.0994 1632 uliagpkx - ok 19:04:19.0013 1632 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 19:04:19.0014 1632 umbus - ok 19:04:19.0023 1632 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:04:19.0024 1632 UmPass - ok 19:04:19.0060 1632 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 19:04:19.0065 1632 UmRdpService - ok 19:04:19.0179 1632 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 19:04:19.0201 1632 UNS - ok 19:04:19.0231 1632 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 19:04:19.0236 1632 upnphost - ok 19:04:19.0272 1632 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:04:19.0274 1632 usbccgp - ok 19:04:19.0305 1632 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:04:19.0307 1632 usbcir - ok 19:04:19.0333 1632 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys 19:04:19.0334 1632 usbehci - ok 19:04:19.0356 1632 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:04:19.0359 1632 usbhub - ok 19:04:19.0374 1632 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:04:19.0375 1632 usbohci - ok 19:04:19.0411 1632 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:04:19.0412 1632 usbprint - ok 19:04:19.0440 1632 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:04:19.0441 1632 usbscan - ok 19:04:19.0467 1632 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:04:19.0469 1632 USBSTOR - ok 19:04:19.0477 1632 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 19:04:19.0479 1632 usbuhci - ok 19:04:19.0505 1632 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 19:04:19.0507 1632 usbvideo - ok 19:04:19.0535 1632 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 19:04:19.0539 1632 UxSms - ok 19:04:19.0560 1632 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 19:04:19.0563 1632 VaultSvc - ok 19:04:19.0580 1632 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:04:19.0581 1632 vdrvroot - ok 19:04:19.0620 1632 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 19:04:19.0627 1632 vds - ok 19:04:19.0651 1632 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:04:19.0652 1632 vga - ok 19:04:19.0676 1632 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 19:04:19.0677 1632 VgaSave - ok 19:04:19.0686 1632 VGPU - ok 19:04:19.0704 1632 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:04:19.0706 1632 vhdmp - ok 19:04:19.0727 1632 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 19:04:19.0728 1632 viaagp - ok 19:04:19.0755 1632 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 19:04:19.0756 1632 ViaC7 - ok 19:04:19.0792 1632 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 19:04:19.0793 1632 viaide - ok 19:04:19.0825 1632 [ EEE8ECE9DFAD269B34CC57316D62E8C6 ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys 19:04:19.0827 1632 vm331avs - ok 19:04:19.0865 1632 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 19:04:19.0868 1632 vmbus - ok 19:04:19.0890 1632 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 19:04:19.0891 1632 VMBusHID - ok 19:04:19.0913 1632 [ 7C221C3D18268CEE7016610D9AD7AD8F ] vmuvcflt C:\Windows\system32\Drivers\vmuvcflt.sys 19:04:19.0914 1632 vmuvcflt - ok 19:04:19.0953 1632 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:04:19.0956 1632 volmgr - ok 19:04:19.0987 1632 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:04:19.0990 1632 volmgrx - ok 19:04:20.0009 1632 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:04:20.0012 1632 volsnap - ok 19:04:20.0040 1632 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:04:20.0043 1632 vsmraid - ok 19:04:20.0093 1632 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 19:04:20.0105 1632 VSS - ok 19:04:20.0127 1632 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:04:20.0128 1632 vwifibus - ok 19:04:20.0146 1632 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:04:20.0148 1632 vwififlt - ok 19:04:20.0162 1632 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 19:04:20.0163 1632 vwifimp - ok 19:04:20.0199 1632 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 19:04:20.0205 1632 W32Time - ok 19:04:20.0243 1632 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:04:20.0244 1632 WacomPen - ok 19:04:20.0284 1632 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:04:20.0288 1632 WANARP - ok 19:04:20.0304 1632 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:04:20.0307 1632 Wanarpv6 - ok 19:04:20.0371 1632 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 19:04:20.0372 1632 Suspicious file (NoAccess): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 353A04C273EC58475D8633E75CCD5604 19:04:20.0378 1632 WatAdminSvc ( LockedFile.Multi.Generic ) - warning 19:04:20.0378 1632 WatAdminSvc - detected LockedFile.Multi.Generic (1) 19:04:20.0427 1632 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 19:04:20.0440 1632 wbengine - ok 19:04:20.0480 1632 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:04:20.0485 1632 WbioSrvc - ok 19:04:20.0513 1632 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:04:20.0518 1632 wcncsvc - ok 19:04:20.0528 1632 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:04:20.0532 1632 WcsPlugInService - ok 19:04:20.0562 1632 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:04:20.0564 1632 Wd - ok 19:04:20.0604 1632 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:04:20.0608 1632 Wdf01000 - ok 19:04:20.0626 1632 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:04:20.0630 1632 WdiServiceHost - ok 19:04:20.0639 1632 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:04:20.0643 1632 WdiSystemHost - ok 19:04:20.0677 1632 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 19:04:20.0683 1632 WebClient - ok 19:04:20.0707 1632 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:04:20.0713 1632 Wecsvc - ok 19:04:20.0738 1632 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:04:20.0742 1632 wercplsupport - ok 19:04:20.0756 1632 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 19:04:20.0760 1632 WerSvc - ok 19:04:20.0776 1632 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:04:20.0777 1632 WfpLwf - ok 19:04:20.0809 1632 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:04:20.0810 1632 WIMMount - ok 19:04:20.0871 1632 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 19:04:20.0877 1632 WinDefend - ok 19:04:20.0900 1632 WinHttpAutoProxySvc - ok 19:04:20.0947 1632 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:04:20.0949 1632 Winmgmt - ok 19:04:21.0001 1632 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 19:04:21.0015 1632 WinRM - ok 19:04:21.0073 1632 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 19:04:21.0084 1632 Wlansvc - ok 19:04:21.0155 1632 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:04:21.0169 1632 wlidsvc - ok 19:04:21.0199 1632 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:04:21.0200 1632 WmiAcpi - ok 19:04:21.0245 1632 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:04:21.0247 1632 wmiApSrv - ok 19:04:21.0320 1632 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 19:04:21.0335 1632 WMPNetworkSvc - ok 19:04:21.0367 1632 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:04:21.0371 1632 WPCSvc - ok 19:04:21.0413 1632 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:04:21.0417 1632 WPDBusEnum - ok 19:04:21.0450 1632 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:04:21.0451 1632 ws2ifsl - ok 19:04:21.0475 1632 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 19:04:21.0480 1632 wscsvc - ok 19:04:21.0489 1632 WSearch - ok 19:04:21.0562 1632 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 19:04:21.0580 1632 wuauserv - ok 19:04:21.0612 1632 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:04:21.0613 1632 WudfPf - ok 19:04:21.0650 1632 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:04:21.0652 1632 WUDFRd - ok 19:04:21.0686 1632 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:04:21.0691 1632 wudfsvc - ok 19:04:21.0732 1632 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 19:04:21.0737 1632 WwanSvc - ok 19:04:21.0777 1632 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 19:04:21.0779 1632 ZTEusbmdm6k - ok 19:04:21.0790 1632 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 19:04:21.0792 1632 ZTEusbnmea - ok 19:04:21.0811 1632 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 19:04:21.0813 1632 ZTEusbser6k - ok 19:04:21.0897 1632 ================ Scan global =============================== 19:04:21.0936 1632 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 19:04:21.0955 1632 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 19:04:21.0964 1632 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 19:04:21.0991 1632 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 19:04:22.0031 1632 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 19:04:22.0036 1632 [Global] - ok 19:04:22.0037 1632 ================ Scan MBR ================================== 19:04:22.0049 1632 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:04:22.0165 1632 \Device\Harddisk0\DR0 - ok 19:04:22.0191 1632 [ C183B4EA4C945B6FDB6E480E204B6091 ] \Device\Harddisk2\DR2 19:04:26.0557 1632 \Device\Harddisk2\DR2 - ok 19:04:26.0558 1632 ================ Scan VBR ================================== 19:04:26.0562 1632 [ C57276C24E1CE85CC3837D0ED8FF1AA3 ] \Device\Harddisk0\DR0\Partition1 19:04:26.0564 1632 \Device\Harddisk0\DR0\Partition1 - ok 19:04:26.0602 1632 [ 89EAD6AB3A2EA7346917B782B807D05D ] \Device\Harddisk0\DR0\Partition2 19:04:26.0604 1632 \Device\Harddisk0\DR0\Partition2 - ok 19:04:26.0623 1632 [ 09FD81F4B5DD33BBB0800254BEDA3906 ] \Device\Harddisk0\DR0\Partition3 19:04:26.0626 1632 \Device\Harddisk0\DR0\Partition3 - ok 19:04:26.0626 1632 ================================================== ========== 19:04:26.0626 1632 Scan finished 19:04:26.0626 1632 ================================================== ========== 19:04:26.0641 4004 Detected object count: 1 19:04:26.0641 4004 Actual detected object count: 1 19:04:57.0540 4004 WatAdminSvc ( LockedFile.Multi.Generic ) - skipped by user 19:04:57.0540 4004 WatAdminSvc ( LockedFile.Multi.Generic ) - User select action: Skip 19:06:35.0062 3512 Deinitialize success Last edited by protector; May 23rd, 2013 at 12:17 PM. |
#11
|
||||
|
||||
don't see anything related in the OTL logs, that's why we have to do some other scans.
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit For x64 bit systems download Farbar Recovery Scan Tool 64-Bit Save this to the desktop and run it, click the Scan button and post back with both logfiles. |
#12
|
|||
|
|||
here you go sir...
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-05-2013 Ran by nicholle (administrator) on 24-05-2013 05:17:57 Running from C:\Users\nicholle\Desktop Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Vimicro) C:\Program Files\USB Camera\VM331_STI.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (CyberLink) C:\Program Files\Lenovo\YouCam\YCMMirage.exe () C:\Program Files\SmartBRO\USB Modem.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe (The OpenVPN Project) C:\Users\nicholle\AppData\Local\Temp\MMBPlayer\ope nvpn.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\nicholle\Desktop\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8969264 2012-04-17] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\Utility.exe [5674912 2011-04-27] (Lenovo(beijing) Limited) HKLM\...\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2229544 2011-04-08] (Synaptics Incorporated) HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation) HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1210640 2011-01-05] (Intel(R) Corporation) HKLM\...\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe [329056 2012-07-14] (Lenovo) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [477600 2013-01-24] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated) HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [5078504 2013-03-21] (ESET) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation) HKCU\...\Run: [uTorrent] "C:\Users\nicholle\AppData\Roaming\uTorrent\uTorre nt.exe" /MINIMIZED [802136 2013-05-22] (BitTorrent Inc.) HKCU\...\Winlogon: [Shell] expstart.exe MountPoints2: {28c1fe68-9ea9-11e2-9de1-dc0ea1f0afaa} - F:\AutoRun.exe MountPoints2: {329dba79-99ee-11e2-9d29-dc0ea1f0afaa} - F:\AutoRun.exe MountPoints2: {329dba87-99ee-11e2-9d29-dc0ea1f0afaa} - F:\AutoRun.exe MountPoints2: {44f19872-9f9a-11e2-a29e-c01885f0ca64} - F:\AutoRun.exe MountPoints2: {45c781a6-a0a9-11e2-bf19-001e101f1838} - F:\AutoRun.exe Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-results.info/?pi...74&lg=EN&cc=PH HKLM SearchScopes: DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {154d339e-ccaa-49a5-9b38-6878ad4220bc} URL = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/03/18&hid=792316374&lg=EN&cc=PH SearchScopes: HKLM - {E119618A-0F31-48CA-B756-AD745B8F48D4} URL = ${SEARCH_URL}{searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=4d00c63c-565c-11e2-bf75-dc0ea1f0afaa&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId= 50CF666D57E7ABE5 SearchScopes: HKCU - {154d339e-ccaa-49a5-9b38-6878ad4220bc} URL = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71c aea8&query={searchTerms}&cat=webs&bar=true SearchScopes: HKCU - {73F94418-3FC4-4E59-B816-7A6770EA7F47} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} SearchScopes: HKCU - {91B8A9FC-169A-4157-A39C-EEC3C0A48BA7} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10269&src=kw&q={searchTerms}&locale=en_PH&a pn_ptnrs=^AH0&apn_dtid=^YYYYYY^YY^PH&apn_uid=31df5 540-b5cb-4ea1-8749-eace739f0b67&apn_sauid=2CBE0D3B-EA8D-42D1-99A6-258133F76658 SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=724&r=2013/03/18&hid=792316374&lg=EN&cc=PH SearchScopes: HKCU - {E119618A-0F31-48CA-B756-AD745B8F48D4} URL = http://searchou.com/?affil=7&uid=4d00c63c-565c-11e2-bf75-dc0ea1f0afaa&q={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File Tcpip\..\Interfaces\{0B2A7D6D-9BC2-43E7-9E15-61150A01231C}: [NameServer]10.198.220.124 202.126.40.5 Tcpip\..\Interfaces\{48056DE4-4AB9-4E99-AC13-E0A3D4C8D1C0}: [NameServer]10.198.220.124 202.126.40.5 Tcpip\..\Interfaces\{5F9CD73A-D626-47B9-8947-A4C2AC3A891C}: [NameServer]121.1.3.172 121.1.3.89 Tcpip\..\Interfaces\{6B3ADA04-D08C-4A12-9950-909E8220E55C}: [NameServer]10.198.220.124 202.126.40.5 Tcpip\..\Interfaces\{AC5A7909-C4FB-46F0-8E2A-FF23F7BC1360}: [NameServer]10.198.220.124 202.126.40.5 FireFox: ======== FF ProfilePath: C:\Users\nicholle\AppData\Roaming\Mozilla\Firefox\ Profiles\dkxp0ahe.default FF Homepage: hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0 FtD0A0F0A0AyDyE0AyDtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBt FtCtFyEtDyB&cr=408994256 FF Homepage: hxxp://smart-homepage.blogspot.com FF SearchEngine: Yahoo FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_70 0_202.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112 .dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Extension: No Name - C:\Users\nicholle\AppData\Roaming\Mozilla\Firefox\ Profiles\dkxp0ahe.default\Extensions\staged Chrome: ======= CHR RestoreOnStartup: "urls_to_restore_on_startup": null CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:acceptedSuggestion}{google:originalQueryF orSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{goog le:sourceId}{google:instantExtendedEnabledParamete r}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\Peppe rFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoo gleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.d ll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (AdobeExManDetect) - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_30 0_262.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0 CHR Extension: (Freemake Video Downloader) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojd mmimdf\1.0.0_0 CHR Extension: (uTorrentControl_v6) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggah iomebp\10.16.2.509_0 CHR Extension: (Google Search) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0 CHR Extension: (Freemake Youtube Download Button) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomdd hccfgh\1.0.0_0 CHR Extension: (Browsoee2save) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcknfjajbdljlbpnemmaajcac ocjnle\1 CHR Extension: (Freemake Video Converter) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhin clbigj\1.0.0_0 CHR Extension: (Adventure Time - Finn, Jake and BMO) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmgldhndejkhjokapdbmclded ofhabl\1_0 CHR Extension: (Norton Identity Protection) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.3.2.10_0 CHR Extension: (Gmail) - C:\Users\nicholle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0 ========================== Services (Whitelisted) ================= R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [656672 2010-12-14] (Broadcom Corporation.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-11-10] (Flexera Software, Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe [101376 2013-02-07] (Freemake) R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-07] (Ellora Assets Corp.) S2 Globe Tattoo Broadband. RunOuc; C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe [218624 2013-03-31] () R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-01-05] () S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2012-07-15] () ==================== Drivers (Whitelisted) ==================== R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [24672 2011-08-17] (Lenovo Corporation) S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [301608 2010-12-15] (Broadcom Corporation.) R1 ccSet_NSM; C:\Windows\system32\drivers\NSM\0206000.03D\ccSetx 86.sys [134304 2012-08-07] (Symantec Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-20] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-20] (ESET) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-10-25] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-08] (Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab) R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) R3 qcusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [97408 2008-03-04] (Mobile Connector) S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2010-09-30] (Realtek Semiconductor Corp.) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-02-28] (Symantec Corporation) S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\system32\drivers\NSM\0206000.03D\SymRdr S.SYS [197280 2012-07-21] (Symantec Corporation) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2012-07-20] (The OpenVPN Project) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.) S3 TVICHW32; C:\Windows\System32\Drivers\TVicHW32.sys [23600 2013-02-10] (EnTech Taiwan) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [196352 2010-10-21] (Vimicro Corporation) R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [5888 2010-08-16] (Vimicro Corporation) S3 GarenaPEngine; \??\C:\Users\nicholle\AppData\Local\Temp\UVT7464.t mp [x] S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x] S3 NPF; system32\drivers\NPF.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-24 05:17 - 2013-05-24 05:17 - 00000000 ____D C:\FRST 2013-05-24 05:16 - 2013-05-24 05:16 - 01318507 ____A (Farbar) C:\Users\nicholle\Desktop\FRST.exe 2013-05-24 00:08 - 2013-05-24 00:18 - 16351890 ____A C:\Users\nicholle\Downloads\Men's Room Mayhem v1.0 apkarchive.com.rar.crdownload 2013-05-23 23:53 - 2013-05-23 23:58 - 05966550 ____A C:\Users\nicholle\Downloads\Fixie Joe v1.1 apkarchive.com.rar.crdownload 2013-05-23 21:46 - 2013-05-23 21:54 - 00000000 ____D C:\Users\nicholle\Desktop\oath 2013-05-23 19:42 - 2013-05-23 19:47 - 05069602 ____A (Swearware) C:\Users\nicholle\Downloads\ComboFix.exe 2013-05-23 19:06 - 2013-05-23 19:06 - 00074104 ____A C:\Users\nicholle\Desktop\gsgs.txt 2013-05-23 19:00 - 2013-05-23 19:01 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\nicholle\Downloads\tdsskiller (1).exe 2013-05-23 09:31 - 2013-05-23 09:31 - 00065996 ____A C:\Users\nicholle\Desktop\Extras.Txt 2013-05-23 09:29 - 2013-05-23 09:42 - 00098706 ____A C:\Users\nicholle\Desktop\OTL.Txt 2013-05-23 08:49 - 2013-05-23 08:50 - 00602112 ____A (OldTimer Tools) C:\Users\nicholle\Desktop\OTL.exe 2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\Malwarebytes 2013-05-22 17:31 - 2013-05-22 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-22 17:31 - 2013-05-22 17:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-22 17:31 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-22 17:13 - 2013-05-22 17:45 - 00000000 ____D C:\Users\nicholle\Downloads\malware 2013-05-22 13:36 - 2013-05-24 05:07 - 00001356 ____A C:\Windows\setupact.log 2013-05-22 13:36 - 2013-05-23 08:27 - 00007638 ____A C:\Windows\PFRO.log 2013-05-22 13:36 - 2013-05-22 13:36 - 00000000 ____A C:\Windows\setuperr.log 2013-05-22 13:33 - 2013-05-24 05:05 - 00438930 ____A C:\Windows\WindowsUpdate.log 2013-05-22 08:15 - 2013-05-22 08:15 - 00000000 ____D C:\Windows\System32\Hotspot Shield 2013-05-22 07:56 - 2013-05-22 07:57 - 00847890 ____A C:\Users\nicholle\Downloads\µTorrent 3.2 (build 27850) With Patch.rar 2013-05-22 03:59 - 2013-05-22 03:59 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\ESET 2013-05-22 03:59 - 2013-05-22 03:59 - 00000000 ____D C:\Users\nicholle\AppData\Local\ESET 2013-05-22 03:55 - 2013-05-22 03:55 - 00000000 ____D C:\ProgramData\ESET 2013-05-22 00:08 - 2013-05-22 00:08 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-05-22 00:01 - 2013-04-05 13:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-22 00:01 - 2013-04-05 13:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-22 00:01 - 2013-04-05 13:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-22 00:01 - 2013-04-05 13:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-22 00:01 - 2013-04-05 13:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-22 00:01 - 2013-04-05 12:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-22 00:01 - 2013-04-05 11:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-21 23:29 - 2013-05-22 16:52 - 00000000 ____D C:\Users\nicholle\Downloads\pambarag 2013-05-21 21:02 - 2013-02-27 13:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-21 21:02 - 2013-02-27 12:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-21 21:02 - 2013-02-27 12:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-21 21:02 - 2013-02-27 12:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-21 21:02 - 2013-02-27 12:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-21 21:01 - 2013-04-10 11:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-21 21:00 - 2013-03-19 12:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-21 21:00 - 2013-03-19 11:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-21 20:57 - 2013-04-10 13:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-21 20:57 - 2013-04-10 13:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-20 14:47 - 2013-05-24 05:02 - 00000000 ____D C:\Users\nicholle\Desktop\r 2013-05-15 13:59 - 2013-05-16 19:01 - 00000000 ____D C:\Users\nicholle\Desktop\PF 2013-05-12 22:08 - 2013-05-14 12:29 - 00000000 ____D C:\Users\nicholle\Desktop\house 2013-05-03 16:52 - 2013-05-22 12:01 - 00000000 ____D C:\Program Files\ESET 2013-05-03 16:07 - 2013-05-03 16:07 - 00000000 ____D C:\ProgramData\StarApp 2013-05-03 06:10 - 2013-05-03 10:04 - 376920000 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (2).rar 2013-05-03 05:55 - 2013-05-22 10:06 - 00000000 ____D C:\Users\nicholle\Downloads\a 2013-05-03 05:03 - 2013-05-03 06:07 - 211289850 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (2).rar.crdownload 2013-05-03 05:03 - 2013-05-03 05:43 - 80693550 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (1).rar 2013-05-02 07:35 - 2013-05-02 11:22 - 265620600 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com.rar 2013-04-26 20:29 - 2013-04-26 20:29 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\Epson 2013-04-26 20:19 - 2013-05-04 05:54 - 00000000 ____D C:\Program Files\epson 2013-04-26 20:18 - 2013-05-04 05:53 - 00000000 ____D C:\ProgramData\EPSON 2013-04-26 20:18 - 2011-04-19 02:03 - 00095232 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_TLBI2E.DLL 2013-04-26 20:18 - 2011-03-14 02:03 - 00081408 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_TD4BI2E.DLL 2013-04-26 20:18 - 2007-04-10 00:06 - 00008192 ____A (SEIKO EPSON CORP.) C:\Windows\System32\E_DCINST.DLL 2013-04-25 12:22 - 2013-04-25 12:22 - 00000000 ____D C:\Freemake 2013-04-24 18:36 - 2013-04-24 18:48 - 02343680 ____A C:\Users\nicholle\Downloads\OM7 Globe + patch + phone settings.zip 2013-04-24 17:15 - 2013-04-12 21:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======== 2013-05-24 05:17 - 2013-05-24 05:17 - 00000000 ____D C:\FRST 2013-05-24 05:16 - 2013-05-24 05:16 - 01318507 ____A (Farbar) C:\Users\nicholle\Desktop\FRST.exe 2013-05-24 05:16 - 2012-07-14 15:47 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-24 05:14 - 2013-05-22 13:33 - 00438930 ____A C:\Windows\WindowsUpdate.log 2013-05-24 05:13 - 2013-03-21 06:35 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\uTorrent 2013-05-24 05:08 - 2013-03-06 06:50 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-24 05:08 - 2012-07-14 16:39 - 02037637 ____A C:\FaceProv.log 2013-05-24 05:08 - 2012-07-14 16:34 - 00000000 ____D C:\ProgramData\VeriFace 2013-05-24 05:07 - 2013-05-22 13:36 - 00001356 ____A C:\Windows\setupact.log 2013-05-24 05:07 - 2009-07-14 12:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-24 05:05 - 2009-07-14 12:34 - 00031952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-24 05:05 - 2009-07-14 12:34 - 00031952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-24 05:02 - 2013-05-20 14:47 - 00000000 ____D C:\Users\nicholle\Desktop\r 2013-05-24 05:01 - 2013-03-06 06:50 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-24 04:51 - 2012-07-14 17:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-24 02:00 - 2012-07-14 17:09 - 00000000 ___HD C:\Users\nicholle\AppData\Local\Adobe 2013-05-24 00:18 - 2013-05-24 00:08 - 16351890 ____A C:\Users\nicholle\Downloads\Men's Room Mayhem v1.0 apkarchive.com.rar.crdownload 2013-05-23 23:58 - 2013-05-23 23:53 - 05966550 ____A C:\Users\nicholle\Downloads\Fixie Joe v1.1 apkarchive.com.rar.crdownload 2013-05-23 21:54 - 2013-05-23 21:46 - 00000000 ____D C:\Users\nicholle\Desktop\oath 2013-05-23 19:47 - 2013-05-23 19:42 - 05069602 ____A (Swearware) C:\Users\nicholle\Downloads\ComboFix.exe 2013-05-23 19:06 - 2013-05-23 19:06 - 00074104 ____A C:\Users\nicholle\Desktop\gsgs.txt 2013-05-23 19:01 - 2013-05-23 19:00 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\nicholle\Downloads\tdsskiller (1).exe 2013-05-23 09:42 - 2013-05-23 09:29 - 00098706 ____A C:\Users\nicholle\Desktop\OTL.Txt 2013-05-23 09:31 - 2013-05-23 09:31 - 00065996 ____A C:\Users\nicholle\Desktop\Extras.Txt 2013-05-23 08:50 - 2013-05-23 08:49 - 00602112 ____A (OldTimer Tools) C:\Users\nicholle\Desktop\OTL.exe 2013-05-23 08:32 - 2013-02-02 13:26 - 00109976 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2013-05-23 08:27 - 2013-05-22 13:36 - 00007638 ____A C:\Windows\PFRO.log 2013-05-23 08:27 - 2012-07-14 17:47 - 00000000 ____D C:\Windows\PCHEALTH 2013-05-23 08:10 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Help 2013-05-22 17:45 - 2013-05-22 17:13 - 00000000 ____D C:\Users\nicholle\Downloads\malware 2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\Malwarebytes 2013-05-22 17:31 - 2013-05-22 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-22 17:31 - 2013-05-22 17:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-22 17:22 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-22 16:52 - 2013-05-21 23:29 - 00000000 ____D C:\Users\nicholle\Downloads\pambarag 2013-05-22 16:24 - 2009-07-14 12:53 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-22 13:36 - 2013-05-22 13:36 - 00000000 ____A C:\Windows\setuperr.log 2013-05-22 13:35 - 2012-07-14 15:28 - 00000000 ____D C:\users\nicholle 2013-05-22 13:33 - 2013-03-09 04:55 - 57540608 ____A C:\Windows\System32\config\SOFTWARE.blues 2013-05-22 13:33 - 2013-03-09 04:55 - 24657920 ____A C:\Windows\System32\config\SYSTEM.blues 2013-05-22 13:33 - 2013-03-09 04:55 - 00274432 ____A C:\Windows\System32\config\DEFAULT.blues 2013-05-22 13:33 - 2013-03-09 04:55 - 00098304 ____A C:\Windows\System32\config\SAM.blues 2013-05-22 13:33 - 2013-03-09 04:55 - 00032768 ____A C:\Windows\System32\config\SECURITY.blues 2013-05-22 12:01 - 2013-05-03 16:52 - 00000000 ____D C:\Program Files\ESET 2013-05-22 10:06 - 2013-05-03 05:55 - 00000000 ____D C:\Users\nicholle\Downloads\a 2013-05-22 09:26 - 2013-01-04 22:07 - 00000000 ____D C:\Users\nicholle\Documents\Youcam 2013-05-22 08:23 - 2013-01-04 21:27 - 00000000 ____D C:\Users\nicholle\Desktop\Key's 2013-05-22 08:15 - 2013-05-22 08:15 - 00000000 ____D C:\Windows\System32\Hotspot Shield 2013-05-22 08:15 - 2013-03-23 13:09 - 00000000 ____D C:\Windows\pss 2013-05-22 08:03 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\DriverStore 2013-05-22 07:57 - 2013-05-22 07:56 - 00847890 ____A C:\Users\nicholle\Downloads\µTorrent 3.2 (build 27850) With Patch.rar 2013-05-22 07:56 - 2012-07-14 17:09 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-22 07:56 - 2012-07-14 17:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-22 03:59 - 2013-05-22 03:59 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\ESET 2013-05-22 03:59 - 2013-05-22 03:59 - 00000000 ____D C:\Users\nicholle\AppData\Local\ESET 2013-05-22 03:55 - 2013-05-22 03:55 - 00000000 ____D C:\ProgramData\ESET 2013-05-22 03:18 - 2013-02-17 12:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-05-22 00:08 - 2013-05-22 00:08 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-05-22 00:01 - 2012-07-14 17:44 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-21 23:58 - 2012-12-23 22:47 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-21 21:41 - 2009-07-14 12:33 - 03812240 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-20 19:53 - 2013-01-18 16:50 - 00000000 ___HD C:\Users\nicholle\AppData\Roaming\vlc 2013-05-16 19:01 - 2013-05-15 13:59 - 00000000 ____D C:\Users\nicholle\Desktop\PF 2013-05-14 12:29 - 2013-05-12 22:08 - 00000000 ____D C:\Users\nicholle\Desktop\house 2013-05-13 20:57 - 2012-07-15 14:36 - 00000000 ___HD C:\Users\nicholle\AppData\Roaming\dvdcss 2013-05-04 05:54 - 2013-04-26 20:19 - 00000000 ____D C:\Program Files\epson 2013-05-04 05:54 - 2012-07-14 16:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-05-04 05:53 - 2013-04-26 20:18 - 00000000 ____D C:\ProgramData\EPSON 2013-05-03 16:07 - 2013-05-03 16:07 - 00000000 ____D C:\ProgramData\StarApp 2013-05-03 16:07 - 2013-03-12 03:42 - 00000000 ____D C:\ProgramData\InstallMate 2013-05-03 10:04 - 2013-05-03 06:10 - 376920000 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (2).rar 2013-05-03 06:07 - 2013-05-03 05:03 - 211289850 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (2).rar.crdownload 2013-05-03 05:43 - 2013-05-03 05:03 - 80693550 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com (1).rar 2013-05-02 11:22 - 2013-05-02 07:35 - 265620600 ____A C:\Users\nicholle\Downloads\OBB IM3 apkarchive.com.rar 2013-05-02 02:06 - 2012-07-14 17:06 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-04-29 13:46 - 2013-03-19 03:37 - 00000000 ____D C:\Windows\System32\%LocalAppData% 2013-04-26 20:29 - 2013-04-26 20:29 - 00000000 ____D C:\Users\nicholle\AppData\Roaming\Epson 2013-04-26 20:19 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\twain_32 2013-04-26 20:13 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-04-26 20:12 - 2013-03-25 08:58 - 00000000 ____D C:\Users\nicholle\Documents\Fax 2013-04-25 12:22 - 2013-04-25 12:22 - 00000000 ____D C:\Freemake 2013-04-24 18:48 - 2013-04-24 18:36 - 02343680 ____A C:\Users\nicholle\Downloads\OM7 Globe + patch + phone settings.zip Other Malware: =========== C:\ProgramData\ntuser.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-05-20 16:28 ==================== End Of Log ============================ |
#13
|
|||
|
|||
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-05-2013
Ran by nicholle at 2013-05-24 05:19:21 Run: Running from C:\Users\nicholle\Desktop Boot Mode: Normal ================================================== ======== ==================== Installed Programs ======================= µTorrent (Version: 3.2.0) Adobe AIR (Version: 3.6.0.6090) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe Photoshop CS6 (Version: 13.0) Adobe Reader XI (11.0.02) (Version: 11.0.02) Adobe Shockwave Player 12.0 (Version: 12.0.0.112) Apple Software Update (Version: 2.1.3.127) Atheros Client Installation Program (Version: 7.0) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.39) BurnAware Free 6.1 Conexant HD Audio (Version: 8.54.4.51) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DVD-Cloner V10.20 Build 1204 (Version: 10.20.0.1204) ELECTRA 2.4 Energy Management (Version: 6.0.3.0) ESET Antivirus License Finder (MiNODLogin) (Version: 4.0.1.63) ESET Smart Security (Version: 6.0.316.0) ESET Virtual Update Server (MiNODServer) (Version: 1.4.0.1) Freemake Video Converter version 3.2.1 (Version: 3.2.1) Freemake Video Downloader (Version: 3.5.0) Garena Plus (Version: 2011) Globe Tattoo Broadband (Version: 21.005.11.00.158) Google Books Downloader version 2.1 (Version: 2.1) Google Chrome (Version: 26.0.1410.64) Google Update Helper (Version: 1.3.21.145) Intel(R) Management Engine Components (Version: 7.0.0.1118) Intel(R) Processor Graphics (Version: 9.17.10.2932) Intel(R) PROSet/Wireless WiFi Software (Version: 14.0.2000) Intel(R) Rapid Storage Technology (Version: 10.1.5.1001) Java 7 Update 9 (Version: 7.0.90) Java Auto Updater (Version: 2.1.9.0) JetClean (Version: 1.4.0) Junk Mail filter update (Version: 16.4.3505.0912) K-Lite Codec Pack 8.9.5 (Full) (Version: 8.9.5) Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400) Lenovo EasyCamera (Version: 13.10.1201.1) Lenovo YouCam (Version: 3.1.3603) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook Connector (Version: 14.0.5118.5000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SkyDrive (Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Movie Maker (Version: 16.4.3505.0912) Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) neroxml (Version: 1.0.0) Notepad++ (Version: 5.9.8) PDF Settings CS6 (Version: 11.0) Photo Gallery (Version: 16.4.3505.0912) Photo to Cartoon (Version: 1.0.0) Proteus 7 Professional (Version: 7.01.0200) Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10003) Revo Uninstaller Pro 3.0.1 (Version: 3.0.1) SmartBRO version 4.810 swMSM (Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 15.3.0.0) TAP-Windows 9.9.2 (Version: 9.9.2) Target 3001! V14 discover (Version: ) Texas Holdem Poker 3D Deluxe Edition v1 0 DeLEGiON Ulisess Seguridad 10.3.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition uTorrent Turbo Accelerator (Version: 2.7.0.0) Vampires vs Zombies version 1.0.0.1 (Version: 1.0.0.1) VeriFace (Version: 4.0.0.1206) Virtual DJ - Atomix Productions VLC media player 2.0.5 (Version: 2.0.5) Windows Live Communications Platform (Version: 16.4.3505.0912) Windows Live Essentials (Version: 16.4.3505.0912) Windows Live Family Safety (Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3505.0912) Windows Live Mail (Version: 16.4.3505.0912) Windows Live Messenger (Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (Version: 16.4.3505.0912) Windows Live PIMT Platform (Version: 16.4.3505.0912) Windows Live SOXE (Version: 16.4.3505.0912) Windows Live SOXE Definitions (Version: 16.4.3505.0912) Windows Live UX Platform (Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (Version: 16.4.3505.0912) Windows Live Writer (Version: 16.4.3505.0912) Windows Live Writer Resources (Version: 16.4.3505.0912) WinRAR 4.20 (32-bit) (Version: 4.20.0) Yahoo! Messenger ==================== Restore Points ========================= 24-04-2013 09:16:53 Windows Update 24-04-2013 20:49:43 Windows Update 26-04-2013 12:20:22 Installed Epson Event Manager 01-05-2013 09:45:43 Windows Update 03-05-2013 08:51:46 Yüklü ESET Smart Security 03-05-2013 08:58:51 Kaldirildi ESET Smart Security 03-05-2013 21:38:33 Revo Uninstaller Pro's restore point - EPSON L210 Series Printer Uninstall 03-05-2013 21:43:50 Revo Uninstaller Pro's restore point - EPSON Scan 03-05-2013 21:53:31 Removed Epson Event Manager 14-05-2013 13:50:09 Scheduled Checkpoint 21-05-2013 13:34:32 Windows Update 21-05-2013 15:34:45 Windows Update 21-05-2013 15:58:11 Windows Update 21-05-2013 19:33:11 Device Driver Package Install: TAP-Windows Provider V9 Network adapters 21-05-2013 19:54:39 Installed ESET Smart Security 22-05-2013 00:02:05 Device Driver Package Install: Anchorfree Inc Network Service 22-05-2013 00:03:00 Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters ==================== Faulty Device Manager Devices ============= Name: NetGroup Packet Filter Driver Description: NetGroup Packet Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: npf Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (05/24/2013 05:17:17 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error: (05/24/2013 05:17:17 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error: (05/24/2013 05:12:49 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error: (05/24/2013 05:12:49 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error: (05/24/2013 05:08:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error: (05/24/2013 05:08:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error: (05/24/2013 05:08:21 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error: (05/24/2013 05:07:58 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. Error: (05/24/2013 05:07:59 AM) (Source: Winlogon) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (05/24/2013 05:04:27 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The system cannot find the file specified. System errors: ============= Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (05/24/2013 05:08:03 AM) (Source: Service Control Manager) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (05/24/2013 05:17:17 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. Error: (05/24/2013 05:17:17 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. Error: (05/24/2013 05:12:49 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. Error: (05/24/2013 05:12:49 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. Error: (05/24/2013 05:08:41 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. Error: (05/24/2013 05:08:41 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. Error: (05/24/2013 05:08:21 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. Error: (05/24/2013 05:07:58 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. Error: (05/24/2013 05:07:59 AM) (Source: Winlogon)(User: ) Description: 0x800700050x00000000 Error: (05/24/2013 05:04:27 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY) Description: The system cannot find the file specified. CodeIntegrity Errors: =================================== Date: 2013-05-22 18:32:43.838 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-05-22 18:32:43.835 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-05-22 18:32:43.833 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 22:15:08.158 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 22:15:08.155 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 22:15:08.152 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 22:15:08.142 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 22:15:08.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 22:15:08.137 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 22:15:08.094 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 1985.86 MB Available physical RAM: 786.14 MB Total Pagefile: 3971.72 MB Available Pagefile: 2380.37 MB Total Virtual: 2047.88 MB Available Virtual: 1914.25 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:235.84 GB) (Free:178.26 GB) NTFS Drive d: (New Volume) (Fixed) (Total:228.74 GB) (Free:98.93 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=236 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=229 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ |
#14
|
||||
|
||||
Hi,
I see some adware and other stuff, but nothing that explains your problems. Before we go deeper: Quote:
Please press windows-key+E, windows explorer will open. Navigate to c:\users, so you will see the content of that folder and all sub folders on the right side. Please post a screenshot from the explorer. |
#15
|
|||
|
|||
there are two user accounts - MJ and mjoe.. "mjoe" is my original account. MJ is the account automatically created by the computer.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
User account problems | frankrod79 | Windows 7 | 1 | October 5th, 2010 06:21 AM |
user account problems | boyinshirt | Windows XP | 2 | December 9th, 2007 08:18 PM |
Desktop and User Account problems | JohnFr | Malware Removal | 11 | June 12th, 2006 01:16 AM |
User Account setup problems | eeyore1138 | Windows XP | 10 | April 21st, 2006 11:35 PM |
XP user account problems | jdublu | Windows XP | 1 | December 22nd, 2003 01:37 AM |
All times are GMT +1. The time now is 10:19 AM.