Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

BSOD Help

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Thu Apr 19, 2012 1:07 pm    Post subject: BSOD Help Reply with quote

Need help

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Natalie at 17:01:36 on 2012-04-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.3227 [GMT -4:00]
.
SP: Outpost Firewall Pro *Enabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Outpost Firewall Pro *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\dinotify.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: HP SimplePass Identity Protection Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [AdobeBridge]
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1000DDE3-7ED2-40FA-BDDF-4D1BC83407A8} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1000DDE3-7ED2-40FA-BDDF-4D1BC83407A8}\2375942554232393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1000DDE3-7ED2-40FA-BDDF-4D1BC83407A8}\36F657274797162746 : DhcpNameServer = 10.0.0.4
TCP: Interfaces\{1000DDE3-7ED2-40FA-BDDF-4D1BC83407A8}\4586560235F657E646 : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
AppInit_DLLs: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO-X64: HP SimplePass Identity Protection Extension - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys --> C:\Windows\system32\DRIVERS\afw.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
S1 SandBox;SandBox;\??\C:\Windows\system32\drivers\SandBox64.sys --> C:\Windows\system32\drivers\SandBox64.sys [?]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-8-24 3452792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
S3 afwcore;afwcore;C:\Windows\system32\drivers\afwcore.sys --> C:\Windows\system32\drivers\afwcore.sys [?]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 ASWFilt;ASWFilt;\??\C:\Windows\system32\Filt\ASWFilt64.dll --> C:\Windows\system32\Filt\ASWFilt64.dll [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CLAVIAUSB64;CLAVIAUSB64;C:\Windows\system32\DRIVERS\ClaviaUSB64.sys --> C:\Windows\system32\DRIVERS\ClaviaUSB64.sys [?]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\system32\DRIVERS\ffusb2audio.sys --> C:\Windows\system32\DRIVERS\ffusb2audio.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\system32\drivers\ymidusbx64.sys --> C:\Windows\system32\drivers\ymidusbx64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-8-30 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S4 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-10 13:29:46 -------- d-----w- C:\Users\Natalie\AppData\Roaming\iZotope
2012-04-08 16:22:31 -------- d-----w- C:\Program Files (x86)\iZotope
2012-04-08 16:22:03 -------- d-----w- C:\Program Files\Common Files\VST3
2012-04-08 16:19:43 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-04-02 03:08:46 -------- d-----w- C:\Program Files (x86)\East West
2012-03-31 21:06:41 -------- d-----w- C:\Program Files (x86)\Digidesign
2012-03-31 21:05:53 163840 ----a-w- C:\Windows\SysWow64\ArtFfct.dll
2012-03-31 21:05:46 -------- d-----w- C:\Program Files (x86)\Arturia
2012-03-22 18:17:17 -------- d-----r- C:\Users\Natalie\Dropbox
2012-03-22 01:19:19 -------- d-----w- C:\Program Files (x86)\Sonnox
.
==================== Find3M ====================
.
2012-02-18 17:47:28 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 17:02:26.63 ===============








.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2010 12:35:12 AM
System Uptime: 4/19/2012 4:34:51 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 143F
Processor: AMD Phenom(tm) II P820 Triple-Core Processor | Socket S1G4 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 445 GiB total, 135.828 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 3.027 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.086 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1449.797 GiB free.
M: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
RP205: 4/2/2012 7:30:27 PM - Scheduled Checkpoint
RP206: 4/10/2012 5:58:04 PM - Scheduled Checkpoint
RP207: 4/18/2012 8:15:37 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Franšais, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 MUI
Adobe Shockwave Player
Adobe Widget Browser
AMD USB Filter Driver
Angry Birds
Apple Application Support
Apple Software Update
Arturia Minimoog V v1.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Clavia USB Driver v3.02
dBpoweramp DSP Effects
dBpoweramp Music Converter
East West Colossus
erLT
ESET Online Scanner v3
ESU for Microsoft Windows 7
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP Software Framework
HP Update
HP User Guides 0193
IDT Audio
Inkscape 0.48.1
Intel AppUp(SM) center
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LabelPrint
LightScribe System Software
Logitech SetPoint
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 6.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Trail Maps
Native Instruments Kontakt 5
Native Instruments Service Center
Nord Sample Editor v2.10
Nord Sound Manager v5.58
North Carolina Topo Map
Octoshape add-in for Adobe Flash Player
PDF Settings CS5
PhotoScape
Quicken 2010
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Scarlett MixControl 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shooting Sports USA - October 2010
Sonnox Oxford Inflator Native VST v1.5.1
Sonnox Oxford Limiter Native VST v1.1.1
Sonnox Oxford R3 Dynamics Native VST v1.3.1
Sonnox Oxford R3 EQ Native VST v1.6.1
Sonnox Oxford Reverb Native VST v1.0
Sonnox Oxford TransMod Native VST v1.3.1
Sony Sound Forge Audio Studio 9.0
SpywareBlaster 4.4
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.2
WAV to MP3 Encoder
Waves Complete VST RTAS TDM v7.1.16
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinZip 15.0
Yamaha 01V96 Editor 64bit
Yamaha Studio Manager
.
==== Event Viewer Messages From Past Week ========
.
4/19/2012 4:35:49 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2012 4:35:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/19/2012 4:35:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/19/2012 4:35:39 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
4/19/2012 4:35:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/19/2012 4:35:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/19/2012 4:35:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache DVMIO SandBox spldr sptd Wanarpv6
4/19/2012 4:35:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2012 4:35:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff80003269ece). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041912-23197-01.
4/19/2012 4:34:54 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
4/19/2012 4:08:36 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
4/19/2012 4:08:27 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/19/2012 4:07:49 PM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.
4/19/2012 4:07:48 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: This driver has been blocked from loading
4/19/2012 4:07:48 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\DgiVecp.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/19/2012 4:07:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff80003255ece). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041912-16177-01.
4/19/2012 3:59:22 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
4/13/2012 7:12:51 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Tue Apr 24, 2012 5:47 am    Post subject: Reply with quote

Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Tue Apr 24, 2012 6:07 am    Post subject: Reply with quote

Your DDS logs are essentially clear, what kind of problems are you experiencing with your computer ?

The title of your post says BSOD, but you give no supporting symptoms or description. Since I've left my crystal ball at home, you're going to have to be a little more forthcoming. Wink

When do your BSODs occur, on startup, or at some other time?

When they occur are you able to note down the error message, especially the error code, which will give some idea as to the nature of the problem.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Tue Apr 24, 2012 8:56 am    Post subject: Reply with quote

Thanks Gary for getting back with me. My apologies for a thread with not much to go on. Embarassed I got a bios type screen stating that a memory dump was taking place and within about 10 seconds the pc shuts down and would restart. It happened out of the blue. I proceed to carrying on hoping it was a fluke thing. 30 minutes later it does it again. I go into safemode with networking and start this thread. I have been off of the pc since then except for today and nothings has happened so far. I will note or take a picture of the error for you. Thanks for everything you do, Jason
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Tue Apr 24, 2012 12:38 pm    Post subject: Reply with quote

OK, if the BSOD occurs at bootup, you may not be able to see the Error code, since Windows will automatically shut down and you may go into a Boot loop (computer starts > blue screens > shuts down > starts again > blue screens again > shuts down again > etc. etc. etc) if that happens please do the following .....


  • Reboot the computer, and press F8 on boot up to bring up the Advanced Boot Options menu.
  • Select Disable automatic restart on system failure.
  • Hit Enter.


Now when Windows boots, it will stop at the BSOD screen and give you plenty of time to note down its details.

If your computer Blue Screens again, please post me the error code.

Next

It's likely you may also have a Minidump file for the earlier BSODs ....


  • Go to the following folder (if present) ... C:\Windows\Minidump
  • There should be a number of files of the form ... AAAAAA_BBBBB_CC.dmp (where A, B, C are replaced by numbers)


Let me know if any of these dmp files are present.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Wed Apr 25, 2012 12:23 pm    Post subject: Reply with quote

There are three .dmp files present.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Wed Apr 25, 2012 12:45 pm    Post subject: Reply with quote

OK, we need to find out what is on them ....

Download ... BlueScreenView ... and install it on your computer.


  • Launch BlueScreenView and a screen similar to this will open ...





  • Shift + Click to highlight the 3 dmp files, then click the Save icon (below Edit at the top of the Blue Screen Window).
  • Save the report as Bluscreenlog.txt to your Desktop.
  • Post me the contents of the log please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Wed Apr 25, 2012 1:05 pm    Post subject: Reply with quote

==================================================
Dump File : 041912-19812-01.dmp
Crash Time : 4/19/2012 5:31:29 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000088
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`032a1ece
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+22f3f
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+705c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\041912-19812-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 274,792
==================================================

==================================================
Dump File : 041912-23197-01.dmp
Crash Time : 4/19/2012 4:35:18 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000088
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`03269ece
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+22f3f
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+705c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\041912-23197-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 274,792
==================================================

==================================================
Dump File : 041912-16177-01.dmp
Crash Time : 4/19/2012 4:07:43 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000088
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`03255ece
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+22f3f
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+705c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\041912-16177-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 274,792
==================================================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Wed Apr 25, 2012 2:33 pm    Post subject: Reply with quote

OK, the minidump files suggest that you may have a faulty usbport.sys driver, however it's possible that this driver may not be the cause of the fault.

Without going into detail, another hardware device could be requesting exclusive CPU time (raising the IRQL (interrupt request level)). The usbport device driver has already been scheduled and wants to access memory. It needs CPU time to do that, but because another device has exclusive access it causes a unrecoverable deadlock situation followed by a blue screen.

Unfortunately from the log, I can't tell exactly what device is causing the problem.

If we have a look at your Event Log, we might be lucky and get some idea, if something is faulting at the same time as your blue screens are occurring ....

Please download MiniToolBox to your Desktop.


  • Double click MiniToolBox.exe to launch the program.
  • Checkmark the following checkboxes:

    • List last 10 Event Viewer Errors

  • Click Go to start the scan.
  • When finished a log Result.txt will open.
  • Please post it in your next reply.


I'd also like to run a couple of Malware scans, just to make sure there's not an infection causing these problems. Your DDS logs don't indicate anything, but best that we check a little further to make sure.

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Change parameters

    • Check Detect TDLFS file system
    • Click OK

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • MiniToolbox log (report.txt)
  • TDSSKiller log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Wed Apr 25, 2012 5:04 pm    Post subject: Reply with quote

MiniToolBox by Farbar Version: 18-01-2012
Ran by Natalie (administrator) on 25-04-2012 at 21:03:31
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/23/2012 10:45:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/23/2012 10:45:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/23/2012 10:44:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/19/2012 04:08:12 PM) (Source: Bonjour Service) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (04/19/2012 04:08:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/18/2012 08:11:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/16/2012 02:19:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/16/2012 10:38:31 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2012 10:38:30 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2012 10:38:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (04/25/2012 09:02:01 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (04/25/2012 09:01:51 PM) (Source: Service Control Manager) (User: )
Description: The seclogon service terminated with the following error:
%%127

Error: (04/25/2012 09:01:44 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%1275

Error: (04/25/2012 09:01:44 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\DgiVecp.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/25/2012 06:09:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/25/2012 05:59:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/25/2012 05:49:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/25/2012 05:39:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/25/2012 05:29:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/25/2012 05:19:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (04/23/2012 10:45:09 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/23/2012 10:45:09 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/23/2012 10:44:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/19/2012 04:08:12 PM) (Source: Bonjour Service)(User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (04/19/2012 04:08:12 PM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/18/2012 08:11:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/16/2012 02:19:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/16/2012 10:38:31 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/16/2012 10:38:30 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/16/2012 10:38:16 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


**** End of log ****
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Wed Apr 25, 2012 5:09 pm    Post subject: Reply with quote

21:05:53.0870 1624 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:05:55.0196 1624 ============================================================
21:05:55.0196 1624 Current date / time: 2012/04/25 21:05:55.0196
21:05:55.0196 1624 SystemInfo:
21:05:55.0196 1624
21:05:55.0196 1624 OS Version: 6.1.7600 ServicePack: 0.0
21:05:55.0196 1624 Product type: Workstation
21:05:55.0196 1624 ComputerName: SNOOKS
21:05:55.0196 1624 UserName: Natalie
21:05:55.0196 1624 Windows directory: C:\Windows
21:05:55.0196 1624 System windows directory: C:\Windows
21:05:55.0196 1624 Running under WOW64
21:05:55.0196 1624 Processor architecture: Intel x64
21:05:55.0196 1624 Number of processors: 3
21:05:55.0196 1624 Page size: 0x1000
21:05:55.0196 1624 Boot type: Normal boot
21:05:55.0196 1624 ============================================================
21:05:57.0334 1624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:05:57.0349 1624 ============================================================
21:05:57.0349 1624 \Device\Harddisk0\DR0:
21:05:57.0349 1624 MBR partitions:
21:05:57.0349 1624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:05:57.0349 1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3795D000
21:05:57.0349 1624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x379C1000, BlocksNum 0x2991000
21:05:57.0349 1624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
21:05:57.0349 1624 ============================================================
21:05:57.0380 1624 C: <-> \Device\Harddisk0\DR0\Partition1
21:05:57.0412 1624 D: <-> \Device\Harddisk0\DR0\Partition2
21:05:57.0412 1624 E: <-> \Device\Harddisk0\DR0\Partition3
21:05:57.0412 1624 ============================================================
21:05:57.0412 1624 Initialize success
21:05:57.0412 1624 ============================================================
21:07:01.0434 3732 ============================================================
21:07:01.0434 3732 Scan started
21:07:01.0434 3732 Mode: Manual; TDLFS;
21:07:01.0434 3732 ============================================================
21:07:01.0871 3732 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:07:01.0887 3732 1394ohci - ok
21:07:01.0949 3732 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:07:01.0949 3732 Accelerometer - ok
21:07:02.0027 3732 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:07:02.0027 3732 ACPI - ok
21:07:02.0043 3732 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:07:02.0058 3732 AcpiPmi - ok
21:07:02.0495 3732 acssrv (18b7b69fef27c03f5f617da98745010b) C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
21:07:02.0542 3732 acssrv - ok
21:07:02.0713 3732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:07:02.0729 3732 adp94xx - ok
21:07:02.0776 3732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:07:02.0791 3732 adpahci - ok
21:07:02.0838 3732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:07:02.0838 3732 adpu320 - ok
21:07:02.0869 3732 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:07:02.0885 3732 AeLookupSvc - ok
21:07:02.0994 3732 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
21:07:02.0994 3732 AESTFilters - ok
21:07:03.0072 3732 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:07:03.0088 3732 AFD - ok
21:07:03.0135 3732 afw (cbdd7eb1431086a6d56c6f700d98b644) C:\Windows\system32\DRIVERS\afw.sys
21:07:03.0135 3732 afw - ok
21:07:03.0197 3732 afwcore (c8c34a00c98322b06bed456b13ee4497) C:\Windows\system32\drivers\afwcore.sys
21:07:03.0213 3732 afwcore - ok
21:07:03.0259 3732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:07:03.0259 3732 agp440 - ok
21:07:03.0306 3732 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:07:03.0306 3732 ALG - ok
21:07:03.0353 3732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:07:03.0353 3732 aliide - ok
21:07:03.0415 3732 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe
21:07:03.0415 3732 AMD External Events Utility - ok
21:07:03.0447 3732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:07:03.0447 3732 amdide - ok
21:07:03.0478 3732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:07:03.0478 3732 AmdK8 - ok
21:07:03.0977 3732 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
21:07:04.0039 3732 amdkmdag - ok
21:07:04.0164 3732 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
21:07:04.0164 3732 amdkmdap - ok
21:07:04.0211 3732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:07:04.0211 3732 AmdPPM - ok
21:07:04.0242 3732 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:07:04.0258 3732 amdsata - ok
21:07:04.0273 3732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:07:04.0289 3732 amdsbs - ok
21:07:04.0320 3732 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:07:04.0320 3732 amdxata - ok
21:07:04.0351 3732 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
21:07:04.0351 3732 androidusb - ok
21:07:04.0398 3732 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:07:04.0398 3732 AppID - ok
21:07:04.0429 3732 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:07:04.0429 3732 AppIDSvc - ok
21:07:04.0445 3732 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:07:04.0445 3732 Appinfo - ok
21:07:04.0523 3732 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:07:04.0539 3732 Apple Mobile Device - ok
21:07:04.0585 3732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:07:04.0601 3732 arc - ok
21:07:04.0632 3732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:07:04.0632 3732 arcsas - ok
21:07:04.0710 3732 aswArKrn - ok
21:07:04.0757 3732 ASWFilt (2343cd365b89f8772211eb1da40fd719) C:\Windows\system32\Filt\ASWFilt64.dll
21:07:04.0773 3732 ASWFilt - ok
21:07:04.0788 3732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:07:04.0804 3732 AsyncMac - ok
21:07:04.0819 3732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:07:04.0819 3732 atapi - ok
21:07:04.0866 3732 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
21:07:04.0882 3732 AtiHdmiService - ok
21:07:04.0913 3732 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:07:04.0913 3732 AtiPcie - ok
21:07:04.0991 3732 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:07:05.0007 3732 AudioEndpointBuilder - ok
21:07:05.0022 3732 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:07:05.0022 3732 AudioSrv - ok
21:07:05.0053 3732 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:07:05.0053 3732 AxInstSV - ok
21:07:05.0116 3732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:07:05.0116 3732 b06bdrv - ok
21:07:05.0163 3732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:07:05.0163 3732 b57nd60a - ok
21:07:05.0412 3732 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:07:05.0459 3732 BCM43XX - ok
21:07:05.0568 3732 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:07:05.0568 3732 BDESVC - ok
21:07:05.0599 3732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:07:05.0615 3732 Beep - ok
21:07:05.0677 3732 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:07:05.0677 3732 BFE - ok
21:07:05.0755 3732 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:07:05.0771 3732 BITS - ok
21:07:05.0818 3732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:07:05.0818 3732 blbdrive - ok
21:07:05.0911 3732 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:07:05.0927 3732 Bonjour Service - ok
21:07:05.0989 3732 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:07:05.0989 3732 bowser - ok
21:07:06.0005 3732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:07:06.0005 3732 BrFiltLo - ok
21:07:06.0036 3732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:07:06.0036 3732 BrFiltUp - ok
21:07:06.0067 3732 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:07:06.0067 3732 Browser - ok
21:07:06.0114 3732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:07:06.0114 3732 Brserid - ok
21:07:06.0161 3732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:07:06.0161 3732 BrSerWdm - ok
21:07:06.0177 3732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:07:06.0177 3732 BrUsbMdm - ok
21:07:06.0192 3732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:07:06.0192 3732 BrUsbSer - ok
21:07:06.0255 3732 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:07:06.0255 3732 BthEnum - ok
21:07:06.0270 3732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:07:06.0286 3732 BTHMODEM - ok
21:07:06.0301 3732 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:07:06.0301 3732 BthPan - ok
21:07:06.0364 3732 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
21:07:06.0379 3732 BTHPORT - ok
21:07:06.0411 3732 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:07:06.0411 3732 bthserv - ok
21:07:06.0411 3732 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
21:07:06.0426 3732 BTHUSB - ok
21:07:06.0473 3732 btwampfl (17d2e427ea4d2acb8aed728f72f75d5d) C:\Windows\system32\drivers\btwampfl.sys
21:07:06.0489 3732 btwampfl - ok
21:07:06.0520 3732 btwaudio (c4df9bc1fbf261cadb2c73181a17ccff) C:\Windows\system32\drivers\btwaudio.sys
21:07:06.0520 3732 btwaudio - ok
21:07:06.0535 3732 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
21:07:06.0535 3732 btwavdt - ok
21:07:06.0645 3732 btwdins (0ac0d9adce627225e2fedf15676a0fab) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:07:06.0676 3732 btwdins - ok
21:07:06.0691 3732 btwl2cap (06e96cf5c046f7cab4aa131df6e2b9bc) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:07:06.0691 3732 btwl2cap - ok
21:07:06.0691 3732 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
21:07:06.0691 3732 btwrchid - ok
21:07:06.0723 3732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:07:06.0723 3732 cdfs - ok
21:07:06.0738 3732 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:07:06.0738 3732 cdrom - ok
21:07:06.0769 3732 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:07:06.0769 3732 CertPropSvc - ok
21:07:06.0801 3732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:07:06.0801 3732 circlass - ok
21:07:06.0847 3732 CLAVIAUSB64 (83d696c0b941627fd2753576be9b39d0) C:\Windows\system32\DRIVERS\ClaviaUSB64.sys
21:07:06.0847 3732 CLAVIAUSB64 - ok
21:07:06.0879 3732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:07:06.0894 3732 CLFS - ok
21:07:06.0957 3732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:07:06.0957 3732 clr_optimization_v2.0.50727_32 - ok
21:07:07.0019 3732 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:07:07.0019 3732 clr_optimization_v2.0.50727_64 - ok
21:07:07.0081 3732 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:07:07.0144 3732 clr_optimization_v4.0.30319_32 - ok
21:07:07.0175 3732 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:07:07.0191 3732 clr_optimization_v4.0.30319_64 - ok
21:07:07.0206 3732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:07:07.0206 3732 CmBatt - ok
21:07:07.0237 3732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:07:07.0237 3732 cmdide - ok
21:07:07.0284 3732 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:07:07.0284 3732 CNG - ok
21:07:07.0315 3732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:07:07.0331 3732 Compbatt - ok
21:07:07.0347 3732 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:07:07.0347 3732 CompositeBus - ok
21:07:07.0362 3732 COMSysApp - ok
21:07:07.0393 3732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:07:07.0393 3732 crcdisk - ok
21:07:07.0425 3732 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:07:07.0440 3732 CryptSvc - ok
21:07:07.0487 3732 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:07:07.0503 3732 DcomLaunch - ok
21:07:07.0534 3732 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:07:07.0549 3732 defragsvc - ok
21:07:07.0596 3732 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:07:07.0596 3732 DfsC - ok
21:07:07.0612 3732 DgiVecp - ok
21:07:07.0659 3732 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:07:07.0674 3732 Dhcp - ok
21:07:07.0705 3732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:07:07.0705 3732 discache - ok
21:07:07.0737 3732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:07:07.0737 3732 Disk - ok
21:07:07.0799 3732 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:07:07.0815 3732 Dnscache - ok
21:07:07.0846 3732 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:07:07.0846 3732 dot3svc - ok
21:07:07.0924 3732 DpHost (8cbe9eb5088e36db88013d9d5858b87f) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
21:07:07.0939 3732 DpHost - ok
21:07:07.0971 3732 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:07:07.0971 3732 DPS - ok
21:07:08.0002 3732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:07:08.0002 3732 drmkaud - ok
21:07:08.0033 3732 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
21:07:08.0033 3732 DVMIO - ok
21:07:08.0142 3732 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:07:08.0142 3732 DXGKrnl - ok
21:07:08.0189 3732 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:07:08.0189 3732 EapHost - ok
21:07:08.0392 3732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:07:08.0439 3732 ebdrv - ok
21:07:08.0532 3732 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:07:08.0532 3732 EFS - ok
21:07:08.0595 3732 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:07:08.0610 3732 ehRecvr - ok
21:07:08.0657 3732 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:07:08.0657 3732 ehSched - ok
21:07:08.0735 3732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:07:08.0751 3732 elxstor - ok
21:07:08.0782 3732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:07:08.0782 3732 ErrDev - ok
21:07:08.0844 3732 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:07:08.0860 3732 EventSystem - ok
21:07:08.0907 3732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:07:08.0922 3732 exfat - ok
21:07:08.0953 3732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:07:08.0953 3732 fastfat - ok
21:07:09.0016 3732 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:07:09.0031 3732 Fax - ok
21:07:09.0047 3732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:07:09.0047 3732 fdc - ok
21:07:09.0063 3732 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:07:09.0063 3732 fdPHost - ok
21:07:09.0078 3732 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:07:09.0078 3732 FDResPub - ok
21:07:09.0109 3732 ffusb2audio (5756e9dd7c16c92aabd272b6de842727) C:\Windows\system32\DRIVERS\ffusb2audio.sys
21:07:09.0109 3732 ffusb2audio - ok
21:07:09.0125 3732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:07:09.0125 3732 FileInfo - ok
21:07:09.0141 3732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:07:09.0141 3732 Filetrace - ok
21:07:09.0172 3732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:07:09.0172 3732 flpydisk - ok
21:07:09.0203 3732 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:07:09.0219 3732 FltMgr - ok
21:07:09.0312 3732 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:07:09.0343 3732 FontCache - ok
21:07:09.0406 3732 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:07:09.0406 3732 FontCache3.0.0.0 - ok
21:07:09.0437 3732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:07:09.0437 3732 FsDepends - ok
21:07:09.0468 3732 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:07:09.0468 3732 Fs_Rec - ok
21:07:09.0515 3732 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:07:09.0515 3732 fvevol - ok
21:07:09.0562 3732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:07:09.0562 3732 gagp30kx - ok
21:07:09.0593 3732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:07:09.0593 3732 GEARAspiWDM - ok
21:07:09.0671 3732 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:07:09.0687 3732 gpsvc - ok
21:07:09.0749 3732 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
21:07:09.0749 3732 grmnusb - ok
21:07:09.0780 3732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:07:09.0796 3732 hcw85cir - ok
21:07:09.0827 3732 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:07:09.0843 3732 HdAudAddService - ok
21:07:09.0874 3732 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:07:09.0874 3732 HDAudBus - ok
21:07:09.0889 3732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:07:09.0889 3732 HidBatt - ok
21:07:09.0921 3732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:07:09.0921 3732 HidBth - ok
21:07:09.0936 3732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:07:09.0936 3732 HidIr - ok
21:07:09.0967 3732 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:07:09.0967 3732 hidserv - ok
21:07:09.0999 3732 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:07:09.0999 3732 HidUsb - ok
21:07:10.0030 3732 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:07:10.0030 3732 hkmsvc - ok
21:07:10.0045 3732 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:07:10.0061 3732 HomeGroupListener - ok
21:07:10.0077 3732 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:07:10.0092 3732 HomeGroupProvider - ok
21:07:10.0108 3732 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:07:10.0108 3732 hpdskflt - ok
21:07:10.0155 3732 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:07:10.0155 3732 HpSAMD - ok
21:07:10.0170 3732 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
21:07:10.0186 3732 hpsrv - ok
21:07:10.0264 3732 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:07:10.0264 3732 HTTP - ok
21:07:10.0279 3732 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:07:10.0279 3732 hwpolicy - ok
21:07:10.0326 3732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:07:10.0326 3732 i8042prt - ok
21:07:10.0373 3732 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:07:10.0389 3732 iaStorV - ok
21:07:10.0498 3732 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:07:10.0513 3732 idsvc - ok
21:07:10.0857 3732 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:07:10.0950 3732 igfx - ok
21:07:11.0059 3732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:07:11.0059 3732 iirsp - ok
21:07:11.0137 3732 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:07:11.0153 3732 IKEEXT - ok
21:07:11.0184 3732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:07:11.0184 3732 intelide - ok
21:07:11.0215 3732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:07:11.0231 3732 intelppm - ok
21:07:11.0247 3732 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:07:11.0247 3732 IPBusEnum - ok
21:07:11.0262 3732 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:11.0278 3732 IpFilterDriver - ok
21:07:11.0325 3732 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:07:11.0340 3732 iphlpsvc - ok
21:07:11.0356 3732 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:07:11.0356 3732 IPMIDRV - ok
21:07:11.0387 3732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:07:11.0387 3732 IPNAT - ok
21:07:11.0512 3732 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
21:07:11.0527 3732 iPod Service - ok
21:07:11.0543 3732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:07:11.0543 3732 IRENUM - ok
21:07:11.0574 3732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:07:11.0574 3732 isapnp - ok
21:07:11.0621 3732 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:07:11.0637 3732 iScsiPrt - ok
21:07:11.0668 3732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:07:11.0668 3732 kbdclass - ok
21:07:11.0699 3732 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:07:11.0699 3732 kbdhid - ok
21:07:11.0715 3732 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:11.0715 3732 KeyIso - ok
21:07:11.0746 3732 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:07:11.0746 3732 KSecDD - ok
21:07:11.0777 3732 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:07:11.0793 3732 KSecPkg - ok
21:07:11.0808 3732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:07:11.0808 3732 ksthunk - ok
21:07:11.0839 3732 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:07:11.0839 3732 KtmRm - ok
21:07:11.0871 3732 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:07:11.0886 3732 LanmanServer - ok
21:07:11.0917 3732 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:07:11.0933 3732 LanmanWorkstation - ok
21:07:12.0042 3732 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:07:12.0058 3732 LBTServ - ok
21:07:12.0105 3732 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
21:07:12.0105 3732 LEqdUsb - ok
21:07:12.0136 3732 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
21:07:12.0136 3732 LHidEqd - ok
21:07:12.0183 3732 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:07:12.0198 3732 LHidFilt - ok
21:07:12.0276 3732 LightScribeService (07b1888209c54b675ffccbde9f06d2c6) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:07:12.0276 3732 LightScribeService - ok
21:07:12.0307 3732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:07:12.0307 3732 lltdio - ok
21:07:12.0354 3732 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:07:12.0354 3732 lltdsvc - ok
21:07:12.0370 3732 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:07:12.0385 3732 lmhosts - ok
21:07:12.0385 3732 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:07:12.0385 3732 LMouFilt - ok
21:07:12.0432 3732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:07:12.0432 3732 LSI_FC - ok
21:07:12.0448 3732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:07:12.0448 3732 LSI_SAS - ok
21:07:12.0479 3732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:07:12.0479 3732 LSI_SAS2 - ok
21:07:12.0495 3732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:07:12.0510 3732 LSI_SCSI - ok
21:07:12.0526 3732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:07:12.0526 3732 luafv - ok
21:07:12.0557 3732 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:07:12.0557 3732 Mcx2Svc - ok
21:07:12.0588 3732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:07:12.0588 3732 megasas - ok
21:07:12.0619 3732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:07:12.0619 3732 MegaSR - ok
21:07:12.0651 3732 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:07:12.0651 3732 MMCSS - ok
21:07:12.0666 3732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:07:12.0666 3732 Modem - ok
21:07:12.0697 3732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:07:12.0697 3732 monitor - ok
21:07:12.0729 3732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:07:12.0729 3732 mouclass - ok
21:07:12.0744 3732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:07:12.0744 3732 mouhid - ok
21:07:12.0775 3732 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:07:12.0775 3732 mountmgr - ok
21:07:12.0807 3732 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:07:12.0807 3732 mpio - ok
21:07:12.0838 3732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:07:12.0838 3732 mpsdrv - ok
21:07:12.0885 3732 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:07:12.0900 3732 MpsSvc - ok
21:07:12.0931 3732 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:07:12.0931 3732 MRxDAV - ok
21:07:12.0994 3732 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:12.0994 3732 mrxsmb - ok
21:07:13.0072 3732 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:13.0072 3732 mrxsmb10 - ok
21:07:13.0134 3732 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:13.0134 3732 mrxsmb20 - ok
21:07:13.0150 3732 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:07:13.0150 3732 msahci - ok
21:07:13.0197 3732 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:07:13.0197 3732 msdsm - ok
21:07:13.0243 3732 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:07:13.0243 3732 MSDTC - ok
21:07:13.0290 3732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:07:13.0290 3732 Msfs - ok
21:07:13.0321 3732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:07:13.0321 3732 mshidkmdf - ok
21:07:13.0337 3732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:07:13.0337 3732 msisadrv - ok
21:07:13.0368 3732 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:07:13.0384 3732 MSiSCSI - ok
21:07:13.0384 3732 msiserver - ok
21:07:13.0415 3732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:07:13.0415 3732 MSKSSRV - ok
21:07:13.0431 3732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:13.0431 3732 MSPCLOCK - ok
21:07:13.0446 3732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:07:13.0446 3732 MSPQM - ok
21:07:13.0493 3732 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:07:13.0493 3732 MsRPC - ok
21:07:13.0509 3732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:07:13.0509 3732 mssmbios - ok
21:07:13.0524 3732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:07:13.0524 3732 MSTEE - ok
21:07:13.0555 3732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:07:13.0555 3732 MTConfig - ok
21:07:13.0587 3732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:07:13.0602 3732 Mup - ok
21:07:13.0649 3732 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:07:13.0665 3732 napagent - ok
21:07:13.0727 3732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:07:13.0727 3732 NativeWifiP - ok
21:07:13.0805 3732 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:07:13.0821 3732 NDIS - ok
21:07:13.0836 3732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:07:13.0836 3732 NdisCap - ok
21:07:13.0867 3732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:13.0867 3732 NdisTapi - ok
21:07:13.0883 3732 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:13.0899 3732 Ndisuio - ok
21:07:13.0914 3732 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:13.0914 3732 NdisWan - ok
21:07:13.0930 3732 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:07:13.0945 3732 NDProxy - ok
21:07:13.0961 3732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:07:13.0961 3732 NetBIOS - ok
21:07:13.0977 3732 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:07:13.0992 3732 NetBT - ok
21:07:14.0008 3732 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:14.0008 3732 Netlogon - ok
21:07:14.0070 3732 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:07:14.0070 3732 Netman - ok
21:07:14.0117 3732 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:07:14.0117 3732 netprofm - ok
21:07:14.0195 3732 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:07:14.0211 3732 NetTcpPortSharing - ok
21:07:14.0569 3732 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:07:14.0647 3732 netw5v64 - ok
21:07:14.0757 3732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:07:14.0757 3732 nfrd960 - ok
21:07:14.0819 3732 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:07:14.0835 3732 NlaSvc - ok
21:07:14.0850 3732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:07:14.0850 3732 Npfs - ok
21:07:14.0881 3732 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:07:14.0881 3732 nsi - ok
21:07:14.0913 3732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:07:14.0928 3732 nsiproxy - ok
21:07:15.0037 3732 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
21:07:15.0053 3732 Ntfs - ok
21:07:15.0162 3732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:07:15.0162 3732 Null - ok
21:07:15.0209 3732 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:07:15.0209 3732 nvraid - ok
21:07:15.0256 3732 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:07:15.0256 3732 nvstor - ok
21:07:15.0287 3732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:07:15.0287 3732 nv_agp - ok
21:07:15.0318 3732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:07:15.0334 3732 ohci1394 - ok
21:07:15.0381 3732 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:07:15.0381 3732 p2pimsvc - ok
21:07:15.0427 3732 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:07:15.0427 3732 p2psvc - ok
21:07:15.0474 3732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:07:15.0474 3732 Parport - ok
21:07:15.0505 3732 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:07:15.0505 3732 partmgr - ok
21:07:15.0521 3732 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:07:15.0521 3732 PcaSvc - ok
21:07:15.0552 3732 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:07:15.0552 3732 pci - ok
21:07:15.0568 3732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:07:15.0568 3732 pciide - ok
21:07:15.0599 3732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:15.0615 3732 pcmcia - ok
21:07:15.0630 3732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:07:15.0630 3732 pcw - ok
21:07:15.0677 3732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:07:15.0677 3732 PEAUTH - ok
21:07:15.0755 3732 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:07:15.0755 3732 PerfHost - ok
21:07:15.0864 3732 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:07:15.0895 3732 pla - ok
21:07:15.0973 3732 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:07:15.0989 3732 PlugPlay - ok
21:07:16.0005 3732 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:07:16.0020 3732 PNRPAutoReg - ok
21:07:16.0051 3732 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:07:16.0067 3732 PNRPsvc - ok
21:07:16.0114 3732 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:07:16.0114 3732 PolicyAgent - ok
21:07:16.0161 3732 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:07:16.0161 3732 Power - ok
21:07:16.0223 3732 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:16.0223 3732 PptpMiniport - ok
21:07:16.0239 3732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:07:16.0239 3732 Processor - ok
21:07:16.0285 3732 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:07:16.0301 3732 ProfSvc - ok
21:07:16.0317 3732 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:16.0317 3732 ProtectedStorage - ok
21:07:16.0348 3732 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:07:16.0348 3732 Psched - ok
21:07:16.0473 3732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:07:16.0488 3732 ql2300 - ok
21:07:16.0582 3732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:16.0597 3732 ql40xx - ok
21:07:16.0613 3732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:07:16.0629 3732 QWAVEdrv - ok
21:07:16.0644 3732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:16.0644 3732 RasAcd - ok
21:07:16.0691 3732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:16.0691 3732 RasAgileVpn - ok
21:07:16.0738 3732 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:07:16.0738 3732 RasAuto - ok
21:07:16.0769 3732 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:16.0769 3732 Rasl2tp - ok
21:07:16.0800 3732 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:07:16.0816 3732 RasMan - ok
21:07:16.0847 3732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:16.0847 3732 RasPppoe - ok
21:07:16.0863 3732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:16.0863 3732 RasSstp - ok
21:07:16.0894 3732 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:16.0894 3732 rdbss - ok
21:07:16.0925 3732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:16.0941 3732 rdpbus - ok
21:07:16.0972 3732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:16.0972 3732 RDPCDD - ok
21:07:17.0034 3732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:07:17.0034 3732 RDPENCDD - ok
21:07:17.0065 3732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:07:17.0065 3732 RDPREFMP - ok
21:07:17.0097 3732 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:07:17.0112 3732 RDPWD - ok
21:07:17.0143 3732 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:07:17.0143 3732 rdyboost - ok
21:07:17.0175 3732 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:07:17.0175 3732 RemoteAccess - ok
21:07:17.0206 3732 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:07:17.0221 3732 RemoteRegistry - ok
21:07:17.0268 3732 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:07:17.0268 3732 RFCOMM - ok
21:07:17.0299 3732 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:07:17.0299 3732 RpcEptMapper - ok
21:07:17.0331 3732 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:07:17.0331 3732 RpcLocator - ok
21:07:17.0362 3732 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:07:17.0377 3732 RpcSs - ok
21:07:17.0409 3732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:17.0409 3732 rspndr - ok
21:07:17.0455 3732 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
21:07:17.0455 3732 RSUSBSTOR - ok
21:07:17.0502 3732 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:07:17.0502 3732 RTL8167 - ok
21:07:17.0533 3732 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:17.0533 3732 SamSs - ok
21:07:17.0565 3732 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\Windows\System32\SUPDSvc.exe
21:07:17.0565 3732 Samsung UPD Service - ok
21:07:17.0674 3732 SandBox (353a4dbb1e43eeee63bc2fa907733b07) C:\Windows\system32\drivers\SandBox64.sys
21:07:17.0689 3732 SandBox - ok
21:07:17.0721 3732 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:07:17.0721 3732 sbp2port - ok
21:07:17.0767 3732 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:07:17.0767 3732 SCardSvr - ok
21:07:17.0799 3732 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:07:17.0799 3732 scfilter - ok
21:07:17.0908 3732 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:07:17.0923 3732 Schedule - ok
21:07:17.0939 3732 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:07:17.0955 3732 SCPolicySvc - ok
21:07:17.0986 3732 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
21:07:17.0986 3732 sdbus - ok
21:07:18.0017 3732 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:07:18.0017 3732 SDRSVC - ok
21:07:18.0048 3732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:07:18.0048 3732 secdrv - ok
21:07:18.0079 3732 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:07:18.0095 3732 seclogon - ok
21:07:18.0111 3732 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:07:18.0126 3732 SENS - ok
21:07:18.0157 3732 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:07:18.0157 3732 SensrSvc - ok
21:07:18.0189 3732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:07:18.0189 3732 Serenum - ok
21:07:18.0220 3732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:07:18.0220 3732 Serial - ok
21:07:18.0251 3732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:07:18.0251 3732 sermouse - ok
21:07:18.0298 3732 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:07:18.0298 3732 SessionEnv - ok
21:07:18.0313 3732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:07:18.0313 3732 sffdisk - ok
21:07:18.0345 3732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:07:18.0345 3732 sffp_mmc - ok
21:07:18.0360 3732 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:07:18.0360 3732 sffp_sd - ok
21:07:18.0376 3732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:18.0376 3732 sfloppy - ok
21:07:18.0438 3732 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:07:18.0438 3732 SharedAccess - ok
21:07:18.0485 3732 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:07:18.0501 3732 ShellHWDetection - ok
21:07:18.0532 3732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:18.0532 3732 SiSRaid2 - ok
21:07:18.0563 3732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:18.0563 3732 SiSRaid4 - ok
21:07:18.0610 3732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:07:18.0610 3732 Smb - ok
21:07:18.0657 3732 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:07:18.0657 3732 SNMPTRAP - ok
21:07:18.0703 3732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:07:18.0703 3732 spldr - ok
21:07:18.0766 3732 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:07:18.0781 3732 Spooler - ok
21:07:19.0015 3732 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:07:19.0062 3732 sppsvc - ok
21:07:19.0156 3732 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:07:19.0171 3732 sppuinotify - ok
21:07:19.0281 3732 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys
21:07:19.0281 3732 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
21:07:19.0281 3732 sptd ( LockedFile.Multi.Generic ) - warning
21:07:19.0281 3732 sptd - detected LockedFile.Multi.Generic (1)
21:07:19.0374 3732 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:07:19.0390 3732 srv - ok
21:07:19.0421 3732 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:07:19.0421 3732 srv2 - ok
21:07:19.0483 3732 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:07:19.0483 3732 SrvHsfHDA - ok
21:07:19.0577 3732 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:07:19.0608 3732 SrvHsfV92 - ok
21:07:19.0749 3732 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:07:19.0764 3732 SrvHsfWinac - ok
21:07:19.0827 3732 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:19.0827 3732 srvnet - ok
21:07:19.0889 3732 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
21:07:19.0905 3732 ssadbus - ok
21:07:19.0936 3732 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:07:19.0936 3732 ssadmdfl - ok
21:07:19.0983 3732 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
21:07:19.0983 3732 ssadmdm - ok
21:07:20.0029 3732 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:07:20.0045 3732 SSDPSRV - ok
21:07:20.0107 3732 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
21:07:20.0107 3732 SSPORT - ok
21:07:20.0123 3732 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:07:20.0139 3732 SstpSvc - ok
21:07:20.0217 3732 STacSV (f009aa51b87e2cf6e89c16ddfe61abb3) C:\Program Files\IDT\WDM\STacSV64.exe
21:07:20.0232 3732 STacSV - ok
21:07:20.0263 3732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:07:20.0263 3732 stexstor - ok
21:07:20.0310 3732 STHDA (e0428c27010305e3c54315be7078725b) C:\Windows\system32\DRIVERS\stwrt64.sys
21:07:20.0326 3732 STHDA - ok
21:07:20.0373 3732 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:07:20.0388 3732 stisvc - ok
21:07:20.0404 3732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:07:20.0404 3732 swenum - ok
21:07:20.0544 3732 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:07:20.0544 3732 SwitchBoard - ok
21:07:20.0607 3732 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:07:20.0622 3732 swprv - ok
21:07:20.0778 3732 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
21:07:20.0794 3732 SynTP - ok
21:07:20.0997 3732 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:07:21.0028 3732 SysMain - ok
21:07:21.0075 3732 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:07:21.0090 3732 TabletInputService - ok
21:07:21.0121 3732 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:07:21.0121 3732 TapiSrv - ok
21:07:21.0137 3732 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:07:21.0153 3732 TBS - ok
21:07:21.0324 3732 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
21:07:21.0371 3732 Tcpip - ok
21:07:21.0574 3732 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:21.0605 3732 TCPIP6 - ok
21:07:21.0667 3732 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:07:21.0667 3732 tcpipreg - ok
21:07:21.0714 3732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:07:21.0714 3732 TDPIPE - ok
21:07:21.0730 3732 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:07:21.0730 3732 TDTCP - ok
21:07:21.0777 3732 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:07:21.0777 3732 tdx - ok
21:07:21.0808 3732 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:07:21.0808 3732 TermDD - ok
21:07:21.0870 3732 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:07:21.0886 3732 TermService - ok
21:07:21.0901 3732 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:07:21.0917 3732 Themes - ok
21:07:21.0948 3732 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:07:21.0948 3732 THREADORDER - ok
21:07:21.0964 3732 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:07:21.0964 3732 TrkWks - ok
21:07:22.0011 3732 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:07:22.0011 3732 TrustedInstaller - ok
21:07:22.0042 3732 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:22.0057 3732 tssecsrv - ok
21:07:22.0089 3732 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:22.0089 3732 tunnel - ok
21:07:22.0120 3732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:07:22.0120 3732 uagp35 - ok
21:07:22.0182 3732 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
21:07:22.0182 3732 udfs - ok
21:07:22.0229 3732 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:07:22.0229 3732 UI0Detect - ok
21:07:22.0245 3732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:07:22.0260 3732 uliagpkx - ok
21:07:22.0291 3732 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:07:22.0291 3732 umbus - ok
21:07:22.0323 3732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:07:22.0323 3732 UmPass - ok
21:07:22.0354 3732 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:07:22.0354 3732 upnphost - ok
21:07:22.0401 3732 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:07:22.0401 3732 USBAAPL64 - ok
21:07:22.0432 3732 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:07:22.0447 3732 usbaudio - ok
21:07:22.0463 3732 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:22.0463 3732 usbccgp - ok
21:07:22.0494 3732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:07:22.0494 3732 usbcir - ok
21:07:22.0525 3732 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
21:07:22.0525 3732 usbehci - ok
21:07:22.0572 3732 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
21:07:22.0572 3732 usbfilter - ok
21:07:22.0619 3732 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
21:07:22.0619 3732 usbhub - ok
21:07:22.0666 3732 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:07:22.0666 3732 usbohci - ok
21:07:22.0697 3732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:07:22.0697 3732 usbprint - ok
21:07:22.0713 3732 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:22.0728 3732 USBSTOR - ok
21:07:22.0744 3732 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:07:22.0744 3732 usbuhci - ok
21:07:22.0791 3732 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:07:22.0791 3732 usbvideo - ok
21:07:22.0822 3732 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:07:22.0822 3732 UxSms - ok
21:07:22.0853 3732 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:22.0853 3732 VaultSvc - ok
21:07:23.0071 3732 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
21:07:23.0118 3732 vcsFPService - ok
21:07:23.0259 3732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:07:23.0259 3732 vdrvroot - ok
21:07:23.0321 3732 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:07:23.0337 3732 vds - ok
21:07:23.0368 3732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:23.0368 3732 vga - ok
21:07:23.0368 3732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:07:23.0368 3732 VgaSave - ok
21:07:23.0399 3732 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:07:23.0415 3732 vhdmp - ok
21:07:23.0430 3732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:07:23.0430 3732 viaide - ok
21:07:23.0446 3732 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:07:23.0446 3732 volmgr - ok
21:07:23.0477 3732 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:07:23.0493 3732 volmgrx - ok
21:07:23.0508 3732 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:07:23.0524 3732 volsnap - ok
21:07:23.0539 3732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:23.0555 3732 vsmraid - ok
21:07:23.0649 3732 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:07:23.0680 3732 VSS - ok
21:07:23.0773 3732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:23.0789 3732 vwifibus - ok
21:07:23.0820 3732 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:23.0820 3732 vwififlt - ok
21:07:23.0836 3732 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:07:23.0836 3732 vwifimp - ok
21:07:23.0898 3732 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:07:23.0898 3732 W32Time - ok
21:07:23.0929 3732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:07:23.0929 3732 WacomPen - ok
21:07:23.0976 3732 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:23.0992 3732 WANARP - ok
21:07:23.0992 3732 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:24.0007 3732 Wanarpv6 - ok
21:07:24.0132 3732 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:07:24.0148 3732 WatAdminSvc - ok
21:07:24.0257 3732 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:07:24.0273 3732 wbengine - ok
21:07:24.0382 3732 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:07:24.0397 3732 WbioSrvc - ok
21:07:24.0475 3732 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:07:24.0475 3732 wcncsvc - ok
21:07:24.0507 3732 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:07:24.0507 3732 WcsPlugInService - ok
21:07:24.0553 3732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:07:24.0553 3732 Wd - ok
21:07:24.0616 3732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:07:24.0616 3732 Wdf01000 - ok
21:07:24.0631 3732 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:07:24.0631 3732 WdiServiceHost - ok
21:07:24.0647 3732 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:07:24.0647 3732 WdiSystemHost - ok
21:07:24.0709 3732 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:07:24.0725 3732 WebClient - ok
21:07:24.0741 3732 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:07:24.0756 3732 Wecsvc - ok
21:07:24.0787 3732 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:07:24.0787 3732 wercplsupport - ok
21:07:24.0819 3732 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:07:24.0819 3732 WerSvc - ok
21:07:24.0865 3732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:24.0865 3732 WfpLwf - ok
21:07:24.0881 3732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:07:24.0881 3732 WIMMount - ok
21:07:24.0912 3732 WinDefend - ok
21:07:24.0943 3732 WinHttpAutoProxySvc - ok
21:07:25.0006 3732 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:07:25.0021 3732 Winmgmt - ok
21:07:25.0177 3732 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:07:25.0209 3732 WinRM - ok
21:07:25.0349 3732 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
21:07:25.0349 3732 WinUSB - ok
21:07:25.0443 3732 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:07:25.0458 3732 Wlansvc - ok
21:07:25.0489 3732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:07:25.0489 3732 WmiAcpi - ok
21:07:25.0536 3732 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:07:25.0552 3732 wmiApSrv - ok
21:07:25.0583 3732 WMPNetworkSvc - ok
21:07:25.0614 3732 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:07:25.0614 3732 WPCSvc - ok
21:07:25.0645 3732 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:07:25.0661 3732 WPDBusEnum - ok
21:07:25.0692 3732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:25.0692 3732 ws2ifsl - ok
21:07:25.0755 3732 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:07:25.0770 3732 wscsvc - ok
21:07:25.0770 3732 WSearch - ok
21:07:25.0942 3732 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:07:26.0004 3732 wuauserv - ok
21:07:26.0113 3732 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:07:26.0113 3732 WudfPf - ok
21:07:26.0160 3732 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:26.0160 3732 WUDFRd - ok
21:07:26.0207 3732 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:07:26.0207 3732 wudfsvc - ok
21:07:26.0254 3732 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:07:26.0254 3732 WwanSvc - ok
21:07:26.0301 3732 YMIDUSBW (8a812a2a2d1fff9654919bc5433104da) C:\Windows\system32\drivers\ymidusbx64.sys
21:07:26.0301 3732 YMIDUSBW - ok
21:07:26.0363 3732 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:07:26.0363 3732 yukonw7 - ok
21:07:26.0425 3732 MBR (0x1B8) (e59b79f4c59a4a412798c92471b53817) \Device\Harddisk0\DR0
21:07:26.0503 3732 \Device\Harddisk0\DR0 - ok
21:07:26.0535 3732 Boot (0x1200) (acddb6aa23f22e0a0a0276c155746ed2) \Device\Harddisk0\DR0\Partition0
21:07:26.0535 3732 \Device\Harddisk0\DR0\Partition0 - ok
21:07:26.0550 3732 Boot (0x1200) (ac64624859b3fba35d595fd999e3ffe6) \Device\Harddisk0\DR0\Partition1
21:07:26.0550 3732 \Device\Harddisk0\DR0\Partition1 - ok
21:07:26.0581 3732 Boot (0x1200) (76b115f66917bfcd486cc94ba0f46411) \Device\Harddisk0\DR0\Partition2
21:07:26.0581 3732 \Device\Harddisk0\DR0\Partition2 - ok
21:07:26.0597 3732 Boot (0x1200) (1e22f3b6e2854314b7bb7ce2e2361ba5) \Device\Harddisk0\DR0\Partition3
21:07:26.0597 3732 \Device\Harddisk0\DR0\Partition3 - ok
21:07:26.0597 3732 ============================================================
21:07:26.0597 3732 Scan finished
21:07:26.0597 3732 ============================================================
21:07:26.0613 3116 Detected object count: 1
21:07:26.0613 3116 Actual detected
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Wed Apr 25, 2012 8:40 pm    Post subject: Reply with quote

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=24db9f45636c76459c87a6ebaf4630a3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-26 03:28:05
# local_time=2012-04-25 11:28:05 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 22515183 22515183 0 0
# compatibility_mode=3073 16777214 0 5 51826463 51826463 0 0
# compatibility_mode=5893 16776574 100 94 53489613 86946779 0 0
# compatibility_mode=6912 16777215 100 0 51825953 51825953 0 0
# compatibility_mode=8192 67108863 100 0 22609506 22609506 0 0
# scanned=229084
# found=0
# cleaned=0
# scan_time=7557
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Wed Apr 25, 2012 9:21 pm    Post subject: Reply with quote

Looking back through your earlier DDS log, I find a correlation between the sptd.sys file, and one of the times you had a blue screen ....

Quote:
4/19/2012 4:35:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache DVMIO SandBox spldr sptd Wanarpv6


Quote:
Dump File : 041912-23197-01.dmp
Crash Time : 4/19/2012 4:35:18 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a


Since this process was also flagged by TDSSKiller ....

Quote:
21:07:19.0281 3732 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys
21:07:19.0281 3732 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
21:07:19.0281 3732 sptd ( LockedFile.Multi.Generic ) - warning
21:07:19.0281 3732 sptd - detected LockedFile.Multi.Generic (1)


.... it is likely that this may be the source of your problems.

I'd like to take a closer look at it.

First

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems
Download Mirror #1
Download Mirror #2


For 64 bit Systems
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code:
:File
C:\Windows\System32\Drivers\sptd.sys

:Filefind
sptd.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

I'd like you to check the file for Viruses.

Quote:
C:\Windows\System32\Drivers\sptd.sys


  • Browse to the file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Post me the details please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Thu Apr 26, 2012 4:04 am    Post subject: Reply with quote

SystemLook 30.07.11 by jpshortstuff
Log created at 08:01 on 26/04/2012 by Natalie
Administrator - Elevation successful

========== File ==========

C:\Windows\System32\Drivers\sptd.sys - Unable to find/read file.

========== Filefind ==========

Searching for "sptd.sys "
C:\Windows\System32\drivers\sptd.sys --a---- 526392 bytes [02:19 16/08/2010] [16:58 01/11/2011] (Unable to calculate MD5)

-= EOF =-
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Thu Apr 26, 2012 4:16 am    Post subject: Reply with quote

Was unable to locate the sptd.sys for virustotal.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Apr 26, 2012 5:32 am    Post subject: Reply with quote

OK, since sptd.sys is not a system file, we can probably remove it without any detriment to your computer. It's usually associated with CD emulation programs like Daemon Tools, but I see no signs that the program is installed on your computer.

Before I remove it, I'd like to see if I can find out what it is associated with though.


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code:
:Regfind
sptd.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Thu Apr 26, 2012 12:10 pm    Post subject: Reply with quote

SystemLook 30.07.11 by jpshortstuff
Log created at 12:37 on 26/04/2012 by Natalie
Administrator - Elevation successful

========== Regfind ==========

Searching for "sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sptd]
"ImagePath"="\SystemRoot\System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\sptd]
"ImagePath"="\SystemRoot\System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sptd]
"ImagePath"="\SystemRoot\System32\Drivers\sptd.sys"

-= EOF =-
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Thu Apr 26, 2012 12:11 pm    Post subject: Reply with quote

OTL logfile created on: 4/26/2012 12:47:11 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Natalie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 71.29% Memory free
7.49 Gb Paging File | 6.42 Gb Available in Paging File | 85.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.68 Gb Total Space | 135.08 Gb Free Space | 30.38% Space Free | Partition Type: NTFS
Drive D: | 20.78 Gb Total Space | 3.03 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 88.57 Mb Free Space | 89.44% Space Free | Partition Type: FAT32
Drive F: | 1862.89 Gb Total Space | 1449.80 Gb Free Space | 77.83% Space Free | Partition Type: NTFS

Computer Name: SNOOKS | User Name: Natalie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 12:45:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Natalie\Downloads\OTL.exe
PRC - [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/10/13 16:39:14 | 005,719,040 | ---- | M] () -- C:\Program Files (x86)\Focusrite\Scarlett MixControl\Scarlett MixControl.exe
PRC - [2009/12/30 15:22:02 | 000,623,368 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 16:39:14 | 005,719,040 | ---- | M] () -- C:\Program Files (x86)\Focusrite\Scarlett MixControl\Scarlett MixControl.exe
MOD - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/04 17:30:10 | 003,452,792 | ---- | M] (Agnitum Ltd.) [Auto | Stopped] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/30 13:59:30 | 000,258,048 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/08/30 13:59:28 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/08/08 22:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [Disabled | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010/02/23 10:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/01/28 21:04:38 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/30 15:22:12 | 000,444,680 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 10:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/01 12:58:58 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/10/13 16:40:56 | 000,059,224 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2011/10/06 06:14:08 | 000,026,496 | ---- | M] (Clavia DMI AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ClaviaUSB64.sys -- (CLAVIAUSB64)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/02 16:55:04 | 001,099,352 | ---- | M] (Agnitum Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SandBox64.sys -- (SandBox)
DRV:64bit: - [2011/02/02 16:53:30 | 000,051,360 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Filt\ASWFilt64.dll -- (ASWFilt)
DRV:64bit: - [2010/09/27 16:38:44 | 000,424,040 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/13 18:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/30 13:59:32 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/20 16:02:50 | 000,039,528 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (afw)
DRV:64bit: - [2010/02/09 01:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/03 20:05:32 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/02/03 20:05:32 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/02/03 20:05:32 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/03 20:05:32 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/02/03 20:05:30 | 000,328,232 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/01/28 14:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/27 21:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/11 16:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/08/04 13:15:36 | 000,048,200 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 12:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 12:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 17:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/08/13 20:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DgiVecp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {A4AD5260-2C37-40B3-8085-1BE40F10F9DB}
IE - HKLM\..\SearchScopes\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
IE - HKLM\..\SearchScopes\{D02923DD-830B-49E5-B091-97298E0E2BF8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{E74933D9-9BFB-4488-84FA-17453D4B18D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes,DefaultScope = {E74933D9-9BFB-4488-84FA-17453D4B18D2}
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{D02923DD-830B-49E5-B091-97298E0E2BF8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{E74933D9-9BFB-4488-84FA-17453D4B18D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/06/30 05:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Natalie\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0395C257-BC5A-4A70-8F9A-8F8A39609681}: C:\Users\Natalie\AppData\Local\{0395C257-BC5A-4A70-8F9A-8F8A39609681}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/11 19:37:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/22 08:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 08:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/08/06 00:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Extensions
[2012/02/20 01:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions
[2011/08/25 23:05:30 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/20 01:29:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/18 13:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/24 10:12:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/02/18 13:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NATALIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PAZ9RGUW.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/09/07 21:24:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/18 13:47:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AT_ScottDraves = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefeecbpfmnmdoajflbekahgnbcjihcc\2_0\
CHR - Extension: Poppit = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/11 18:47:51 | 000,616,124 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16388 more lines...
O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4:64bit: - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001..\Run: [AdobeBridge] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1000DDE3-7ED2-40FA-BDDF-4D1BC83407A8}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook64.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 17:01:26 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012/04/25 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/04/19 16:30:39 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\BigDogsJINGLE
[2012/04/19 16:28:12 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\4-14-12 Wav
[2012/04/19 16:07:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/18 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\Track 2
[2012/04/10 09:29:46 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\iZotope
[2012/04/10 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Documents\iZotope
[2012/04/08 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iZotope
[2012/04/08 12:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2012/04/08 12:21:30 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope
[2012/04/08 12:19:43 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/04/02 20:04:52 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\Track 1
[2012/04/01 23:09:32 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East West Colossus
[2012/04/01 23:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East West Colossus
[2012/04/01 23:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\East West
[2012/03/31 17:06:42 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia
[2012/03/31 17:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
[2012/03/31 17:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digidesign
[2012/03/31 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arturia
[2012/03/30 13:51:30 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\Cubase midi test

========== Files - Modified Within 30 Days ==========

[2012/04/26 12:20:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 10:24:02 | 000,006,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 10:24:02 | 000,006,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 10:23:01 | 000,733,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 10:23:01 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 10:23:01 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 10:16:33 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 10:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 10:16:21 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 17:31:17 | 431,946,598 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/17 00:06:09 | 000,318,735 | ---- | M] () -- C:\Users\Natalie\Desktop\NATALIE M & JASON T MCCLURE_500EZ-2011.pdf
[2012/04/08 12:19:43 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll

========== Files Created - No Company Name ==========

[2012/04/19 16:07:35 | 431,946,598 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/17 00:06:09 | 000,318,735 | ---- | C] () -- C:\Users\Natalie\Desktop\NATALIE M & JASON T MCCLURE_500EZ-2011.pdf
[2012/03/31 17:05:53 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2011/11/01 14:03:49 | 000,000,000 | ---- | C] () -- C:\Users\Natalie\AppData\Local\{CD0ABF6A-1363-416A-BE9C-7AAF8417AF55}
[2011/10/05 14:09:34 | 000,124,376 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/09 13:24:24 | 000,000,132 | ---- | C] () -- C:\Users\Natalie\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/09 13:21:53 | 000,001,456 | ---- | C] () -- C:\Users\Natalie\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/11 12:31:35 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/03/01 19:35:03 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/10/13 09:05:34 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/10/12 13:30:28 | 000,751,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/01 15:55:31 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/10/01 15:55:31 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/09/21 19:28:31 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/09/10 21:48:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/08/06 00:34:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/30 05:04:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/30 04:52:42 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/06/30 04:52:42 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/11/01 13:49:08 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\ASK Video
[2012/03/28 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Azureus
[2011/02/21 18:22:32 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/09 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/08/15 22:36:11 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\DAEMON Tools Lite
[2011/01/19 17:47:56 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\dBpoweramp
[2010/08/05 00:35:40 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\DigitalPersona
[2012/03/29 18:40:12 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Dropbox
[2010/08/15 23:47:45 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\E1AEDAFD288EB4BF2ACFADA10482B2B7
[2010/12/05 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\GARMIN
[2011/09/09 12:09:54 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\gtk-2.0
[2011/08/08 13:32:54 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\inkscape
[2012/04/16 15:04:45 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\iZotope
[2012/02/19 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Leadertech
[2011/08/28 00:18:20 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\PhotoScape
[2010/09/22 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Publish Providers
[2011/02/06 23:07:18 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Rovio
[2010/12/03 19:21:25 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\SoftGrid Client
[2010/09/19 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Sony
[2011/02/21 20:34:54 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/16 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Steinberg
[2010/10/12 13:31:23 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\TP
[2012/02/29 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\VST3 Presets
[2010/08/15 23:10:30 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Waves
[2012/03/20 14:10:14 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Waves Audio
[2010/08/16 01:39:23 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Waves Preferences
[2011/08/08 12:02:13 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\WinPatrol
[2012/03/28 18:04:11 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Thu Apr 26, 2012 12:12 pm    Post subject: Reply with quote

OTL logfile created on: 4/26/2012 12:47:11 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Natalie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 71.29% Memory free
7.49 Gb Paging File | 6.42 Gb Available in Paging File | 85.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.68 Gb Total Space | 135.08 Gb Free Space | 30.38% Space Free | Partition Type: NTFS
Drive D: | 20.78 Gb Total Space | 3.03 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 88.57 Mb Free Space | 89.44% Space Free | Partition Type: FAT32
Drive F: | 1862.89 Gb Total Space | 1449.80 Gb Free Space | 77.83% Space Free | Partition Type: NTFS

Computer Name: SNOOKS | User Name: Natalie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 12:45:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Natalie\Downloads\OTL.exe
PRC - [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/10/13 16:39:14 | 005,719,040 | ---- | M] () -- C:\Program Files (x86)\Focusrite\Scarlett MixControl\Scarlett MixControl.exe
PRC - [2009/12/30 15:22:02 | 000,623,368 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 16:39:14 | 005,719,040 | ---- | M] () -- C:\Program Files (x86)\Focusrite\Scarlett MixControl\Scarlett MixControl.exe
MOD - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/04 17:30:10 | 003,452,792 | ---- | M] (Agnitum Ltd.) [Auto | Stopped] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/30 13:59:30 | 000,258,048 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/08/30 13:59:28 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/08/08 22:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [Disabled | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010/02/23 10:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/01/28 21:04:38 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/30 15:22:12 | 000,444,680 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 10:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/01 12:58:58 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/10/13 16:40:56 | 000,059,224 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2011/10/06 06:14:08 | 000,026,496 | ---- | M] (Clavia DMI AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ClaviaUSB64.sys -- (CLAVIAUSB64)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/02 16:55:04 | 001,099,352 | ---- | M] (Agnitum Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SandBox64.sys -- (SandBox)
DRV:64bit: - [2011/02/02 16:53:30 | 000,051,360 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Filt\ASWFilt64.dll -- (ASWFilt)
DRV:64bit: - [2010/09/27 16:38:44 | 000,424,040 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/13 18:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/30 13:59:32 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/20 16:02:50 | 000,039,528 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (afw)
DRV:64bit: - [2010/02/09 01:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/03 20:05:32 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/02/03 20:05:32 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/02/03 20:05:32 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/03 20:05:32 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/02/03 20:05:30 | 000,328,232 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/01/28 14:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/27 21:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/11 16:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/08/04 13:15:36 | 000,048,200 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 12:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 12:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 17:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/08/13 20:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DgiVecp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {A4AD5260-2C37-40B3-8085-1BE40F10F9DB}
IE - HKLM\..\SearchScopes\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
IE - HKLM\..\SearchScopes\{D02923DD-830B-49E5-B091-97298E0E2BF8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{E74933D9-9BFB-4488-84FA-17453D4B18D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes,DefaultScope = {E74933D9-9BFB-4488-84FA-17453D4B18D2}
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{D02923DD-830B-49E5-B091-97298E0E2BF8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{E74933D9-9BFB-4488-84FA-17453D4B18D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/06/30 05:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Natalie\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0395C257-BC5A-4A70-8F9A-8F8A39609681}: C:\Users\Natalie\AppData\Local\{0395C257-BC5A-4A70-8F9A-8F8A39609681}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/11 19:37:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/22 08:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 08:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/08/06 00:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Extensions
[2012/02/20 01:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions
[2011/08/25 23:05:30 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/20 01:29:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/18 13:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/24 10:12:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/02/18 13:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NATALIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PAZ9RGUW.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/09/07 21:24:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/18 13:47:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AT_ScottDraves = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefeecbpfmnmdoajflbekahgnbcjihcc\2_0\
CHR - Extension: Poppit = C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/11 18:47:51 | 000,616,124 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16388 more lines...
O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4:64bit: - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001..\Run: [AdobeBridge] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1000DDE3-7ED2-40FA-BDDF-4D1BC83407A8}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook64.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 17:01:26 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012/04/25 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/04/19 16:30:39 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\BigDogsJINGLE
[2012/04/19 16:28:12 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\4-14-12 Wav
[2012/04/19 16:07:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/18 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\Track 2
[2012/04/10 09:29:46 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\iZotope
[2012/04/10 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Documents\iZotope
[2012/04/08 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iZotope
[2012/04/08 12:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2012/04/08 12:21:30 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope
[2012/04/08 12:19:43 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/04/02 20:04:52 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\Track 1
[2012/04/01 23:09:32 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East West Colossus
[2012/04/01 23:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East West Colossus
[2012/04/01 23:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\East West
[2012/03/31 17:06:42 | 000,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia
[2012/03/31 17:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
[2012/03/31 17:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digidesign
[2012/03/31 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arturia
[2012/03/30 13:51:30 | 000,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\Cubase midi test

========== Files - Modified Within 30 Days ==========

[2012/04/26 12:20:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 10:24:02 | 000,006,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 10:24:02 | 000,006,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 10:23:01 | 000,733,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 10:23:01 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 10:23:01 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 10:16:33 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 10:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 10:16:21 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 17:31:17 | 431,946,598 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/17 00:06:09 | 000,318,735 | ---- | M] () -- C:\Users\Natalie\Desktop\NATALIE M & JASON T MCCLURE_500EZ-2011.pdf
[2012/04/08 12:19:43 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll

========== Files Created - No Company Name ==========

[2012/04/19 16:07:35 | 431,946,598 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/17 00:06:09 | 000,318,735 | ---- | C] () -- C:\Users\Natalie\Desktop\NATALIE M & JASON T MCCLURE_500EZ-2011.pdf
[2012/03/31 17:05:53 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2011/11/01 14:03:49 | 000,000,000 | ---- | C] () -- C:\Users\Natalie\AppData\Local\{CD0ABF6A-1363-416A-BE9C-7AAF8417AF55}
[2011/10/05 14:09:34 | 000,124,376 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/09 13:24:24 | 000,000,132 | ---- | C] () -- C:\Users\Natalie\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/09 13:21:53 | 000,001,456 | ---- | C] () -- C:\Users\Natalie\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/11 12:31:35 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/03/01 19:35:03 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/10/13 09:05:34 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/10/12 13:30:28 | 000,751,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/01 15:55:31 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/10/01 15:55:31 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/09/21 19:28:31 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/09/10 21:48:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/08/06 00:34:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/30 05:04:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/30 04:52:42 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/06/30 04:52:42 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/11/01 13:49:08 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\ASK Video
[2012/03/28 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Azureus
[2011/02/21 18:22:32 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/09 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/08/15 22:36:11 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\DAEMON Tools Lite
[2011/01/19 17:47:56 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\dBpoweramp
[2010/08/05 00:35:40 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\DigitalPersona
[2012/03/29 18:40:12 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Dropbox
[2010/08/15 23:47:45 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\E1AEDAFD288EB4BF2ACFADA10482B2B7
[2010/12/05 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\GARMIN
[2011/09/09 12:09:54 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\gtk-2.0
[2011/08/08 13:32:54 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\inkscape
[2012/04/16 15:04:45 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\iZotope
[2012/02/19 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Leadertech
[2011/08/28 00:18:20 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\PhotoScape
[2010/09/22 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Publish Providers
[2011/02/06 23:07:18 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Rovio
[2010/12/03 19:21:25 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\SoftGrid Client
[2010/09/19 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Sony
[2011/02/21 20:34:54 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/16 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Steinberg
[2010/10/12 13:31:23 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\TP
[2012/02/29 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\VST3 Presets
[2010/08/15 23:10:30 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Waves
[2012/03/20 14:10:14 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Waves Audio
[2010/08/16 01:39:23 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Waves Preferences
[2011/08/08 12:02:13 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\WinPatrol
[2012/03/28 18:04:11 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Thu Apr 26, 2012 12:12 pm    Post subject: Reply with quote

OTL Extras logfile created on: 4/26/2012 12:47:12 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Natalie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 71.29% Memory free
7.49 Gb Paging File | 6.42 Gb Available in Paging File | 85.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.68 Gb Total Space | 135.08 Gb Free Space | 30.38% Space Free | Partition Type: NTFS
Drive D: | 20.78 Gb Total Space | 3.03 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 88.57 Mb Free Space | 89.44% Space Free | Partition Type: FAT32
Drive F: | 1862.89 Gb Total Space | 1449.80 Gb Free Space | 77.83% Space Free | Partition Type: NTFS

Computer Name: SNOOKS | User Name: Natalie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1262221200-1738031133-2144323258-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{160DEBFC-C651-4A26-8BA7-10FFEE75D30D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EB4D46D-7DC5-406E-9625-873C5B8E7653}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F55A5B0-82AF-422C-99A7-087F56848EDF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{426A05D0-3BD6-4350-8BCA-6BA1E34D9543}" = lport=137 | protocol=17 | dir=in | app=system |
"{509A98C9-5303-4006-B11E-EE15BE7ADFD2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53DD7576-4444-4119-A9B3-A6B60153055F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D5E1707-AFCA-485E-8A6F-95A3EB6D47CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{74B708D9-EC02-496D-A809-A975273110B6}" = rport=137 | protocol=17 | dir=out | app=system |
"{8557E57D-111E-475E-A43F-2436A39C096D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92146145-812A-466E-80DE-B58EA1CA54D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DCB0450-6510-45F0-81CA-0FFE0A25B8EF}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F362965-EFA8-4B82-BBC6-2FAE309D5314}" = rport=445 | protocol=6 | dir=out | app=system |
"{A00FFBB3-05B7-4DDC-ACF5-D1099A3B9AE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A2513186-7D29-41C9-B724-9A4C5F7CDCAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B17C988C-ED55-4514-B36C-61BC7720D746}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B3FB5BE2-9326-43F7-9979-CA7577E1C3B3}" = lport=138 | protocol=17 | dir=in | app=system |
"{C73F2243-5CAC-4346-9E2F-B4208A6E5365}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9B8A2F6-C653-45BF-A7ED-E3FC378F0F73}" = rport=139 | protocol=6 | dir=out | app=system |
"{D274BFA4-D450-42FA-B864-4B8D5ACD4F71}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D3606DE6-D951-4ED2-A68C-9EA4DC454A30}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEBDCA8C-BBB7-45B5-A9F9-A509116F42F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4542180-B1F1-4EEC-98AE-9758FD9BA327}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD27F779-E71A-46C4-B754-B5492FB0AD25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026C4155-9B98-408C-9363-29F84D60DC06}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F638086-293B-4F85-9FD1-B19E52E7F782}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F9BE6B1-5084-4FF0-B721-A0092A214FA6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{1E4FFE64-D4DD-456F-B003-D7DA8598956F}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{2418C2A7-9E74-490E-9208-B06D2112B500}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{25EA26CB-7561-45CB-BF7E-BBFE789A68F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{296D1A82-2A6C-44D1-902E-08CC9F58EFB2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{2A713F69-4E65-45C5-AFC7-006271C54912}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2DBC50EF-E4A3-4576-8728-534633D71C9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3292BA50-5A40-4961-8FC2-AA8D7897FDE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{34A3B69A-83EF-4FBD-9463-ED8B909B1DDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{35F9E772-FC55-4037-AE74-700C443C1FB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48E50A1C-CB25-4E57-8F4D-963D6599671E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{543E3CF9-806D-402B-B893-C801EA40FE6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55AEF11E-03A1-47DB-8BD1-0D1418904FDC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qp.exe |
"{60AC822F-D8A2-4456-90A7-49FCD9B6D092}" = protocol=6 | dir=out | app=system |
"{627CEA0E-C8DB-4EE8-B681-E40C42BFBAAB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{6565F518-0A4E-43FA-A02F-8816EC672ECF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7D2DCA78-146A-416D-804C-EEB95C40F391}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\hpitv.exe |
"{82057494-EA4C-4668-91B4-903E05F45D66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{827D31F4-B22D-4565-942C-7FB203A693A1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{8399F65B-B0C3-4449-8D64-6D6737CE00D1}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{93D18DCF-AC92-4538-B14B-3FBB8494503B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96A0FE9D-0566-43A8-AA7B-ED9A37608A0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{99C5B880-ABC3-4812-B148-F3235233CE94}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{9A1DEF1B-8950-455C-AD32-79065BE5E87F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE430AA2-E8AF-46A5-92E1-6DF74548170C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qpservice.exe |
"{B0244DC6-FBB5-4E06-8062-7F4843B31A88}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF9FB3CC-EBB7-4EC0-A08B-03B217F48851}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C62ED2DF-8B53-4C78-B8EF-145F26B8FDD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE72DFC7-AAB0-4B41-B635-F89045C47B36}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{D0AC8FEF-A5B5-461C-9E92-6AC780FBE5F3}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{E296A95D-F421-4A11-94D0-9D787CB1F014}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{E78DCEB1-022C-47FB-872A-2A44F0037A97}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{ED22F63A-69F3-4405-92BA-90029EB94483}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{F4AC55FF-73B6-49AB-AAC4-83749014D5E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FAC5B209-6698-4737-8173-0C936C63EB03}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}" = ATI Catalyst Install Manager
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52E3671F-BF54-4240-AB5B-05D5930759EE}" = Yamaha 01V96 Editor 64bit
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B653153C-B4C7-45D0-B2EE-037A9F635FB0}" = Yamaha USB-MIDI Driver
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{E2BDBC42-A7F5-BE3C-CAE7-672461BADFBB}" = ccc-utility64
"{F20DF0CA-5929-4C26-A501-FDB19FDF0A50}" = HP SimplePass Identity Protection
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows Driver Package - Broadcom HIDClass (09/11/2009 6.3.0.1500)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"5BB2352543C023211B5CDA6229832626C218EB7F" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/28/2010 6.3.0.3800)
"5EBE05A38E0ED7FB7DC4171215DC5B0266DA1D51" = Windows Driver Package - Focusrite USB 2.0 Audio Driver (10/13/2011 2.2.128.0)
"79B5284AC8847651E6939E5B2FB1A473E6C9D19B" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/20/2010 6.3.0.3500)
"Agnitum Outpost Firewall Pro_is1" = Outpost Firewall Pro 7.1
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06C75F9A-97AD-5248-E32E-DF614E74CB30}" = CCC Help English
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08C0DEF8-C51C-786D-028B-305AE8396248}" = Shooting Sports USA - October 2010
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17AAFDC8-0126-8325-99C3-BA94ECC88719}" = CCC Help Chinese Standard
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C7D54A1-3EAF-1FA6-865A-5BD68563978F}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2469F651-772F-53D7-66D6-EC065F786E38}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2E228408-8C07-BF2B-E3BE-6FE3226D0557}" = Catalyst Control Center Graphics Full Existing
"{3418A50C-5B73-420F-A617-B680D778573C}" = CCC Help Greek
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE8DBEF-2A88-F180-F62C-43AA930D6D47}" = CCC Help Korean
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{421BEFF3-5178-41F5-8F63-7E6F60B54DB5}" = HP User Guides 0193
"{43C189A4-D61F-F7C7-F4BC-C3FE800FF7BB}" = ccc-core-static
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{527B2D1F-0129-70C1-3D8E-D7C13994F3D8}" = Catalyst Control Center Graphics Previews Common
"{52E3671F-BF54-4240-AB5B-05D5930759EE}" = Yamaha 01V96 Editor 64bit
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{55A96310-FC2F-4B1F-BCAA-9CC00E67ADE6}" = Angry Birds
"{5911C3EB-2E4F-80CC-4A1F-65DD5BFFEA0D}" = CCC Help German
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{639BDAFA-4A48-62A1-E2D9-13A84E9582FE}" = CCC Help Polish
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6B6A1FFD-AF4B-2348-1854-1BBDD6A4E852}" = CCC Help Chinese Traditional
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{705893E4-960A-E551-4825-B63B7BE8959A}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766BF6D1-A746-9B26-EC0B-E76DF6D5DE07}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{783C5B03-DF9C-30B0-BC32-066150B77F19}" = CCC Help Japanese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83853D8B-E9F1-1E35-2F1B-4210D2875A8C}" = CCC Help Spanish
"{845E9545-2A7F-FFCB-D2FA-A292B0137325}" = CCC Help Hungarian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{898386DF-CE1A-464B-929C-578A827FA817}" = Yamaha Studio Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6E13F3-44FB-A8A6-D9F5-2AF030A47F2C}" = CCC Help Portuguese
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{996FF46F-797F-AFE4-2932-3F391B5BB4A5}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA11D798-A4C3-F2BF-E9C8-584D1AA7C891}" = Catalyst Control Center Graphics Full New
"{AB14AFDF-990F-C0FD-DDDF-6113BD111593}" = Catalyst Control Center Localization All
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Franšais, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AEBFE622-2807-E0D5-E7E2-0D5AA4977B48}" = CCC Help Danish
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFC1210F-19B0-A7F0-B027-82AD610DA5B7}" = CCC Help Italian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2D49B64-FBC1-15EE-5734-97BB457F197E}" = Catalyst Control Center Core Implementation
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D5EA734C-2DEC-76F6-9D98-97D57A6F61CE}" = CCC Help Swedish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6A09A0-34B0-BFE5-7026-C91829ED879D}" = CCC Help Turkish
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E1600759-7AB3-A146-5ED4-4A50E743D3D3}" = CCC Help Russian
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E22B38FA-7A08-3CEE-EB31-970C4CF2AA54}" = CCC Help Dutch
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3620D5D-B046-41F0-AB8D-3C56A36AFD60}" = Catalyst Control Center - Branding
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F55BB217-BB0F-4A7A-A499-8A0C34D842E2}" = Catalyst Control Center Graphics Light
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE39FB6F-05FB-4B09-4DE7-6E2BEC08427D}" = CCC Help Finnish
"877a7a6e595e340c851fb22e2348543e.784B4C5CADF861323F25287817EE67357CB1E532.1" = Shooting Sports USA - October 2010
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clavia USB Driver v3.02" = Clavia USB Driver v3.02
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"East West Colossus" = East West Colossus
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.48.1
"InstallShield_{52E3671F-BF54-4240-AB5B-05D5930759EE}" = Yamaha 01V96 Editor 64bit
"InstallShield_{898386DF-CE1A-464B-929C-578A827FA817}" = Yamaha Studio Manager
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Intel AppUp(SM) center 18167" = Intel AppUp(SM) center
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"mti_nc" = North Carolina Topo Map
"My Trails" = My Trail Maps
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Service Center" = Native Instruments Service Center
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Nord Sample Editor v2.10" = Nord Sample Editor v2.10
"Nord Sound Manager v5.58" = Nord Sound Manager v5.58
"PhotoScape" = PhotoScape
"Saffire USB 26_is1" = Scarlett MixControl 1.1
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"SpywareBlaster_is1" = SpywareBlaster 4.4
"VLC media player" = VLC media player 1.1.2
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Waves Complete v7_is1" = Waves Complete VST RTAS TDM v7.1.16
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1262221200-1738031133-2144323258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 9:54:35 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 12:58:11 PM | Computer Name = Snooks | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 12/2/2010 1:03:33 PM | Computer Name = Snooks | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ HP Wireless Assistant Events ]
Error - 8/5/2010 1:40:08 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:41:16 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:41:24 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:42:32 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:42:40 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:43:48 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:43:56 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:45:07 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:45:15 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/5/2010 1:50:04 AM | Computer Name = Snooks | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

[ Media Center Events ]
Error - 4/1/2011 10:58:16 PM | Computer Name = Snooks | Source = MCUpdate | ID = 0
Description = 10:58:06 PM - Failed to retrieve SportsSchedule (Error: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')

[ System Events ]
Error - 4/26/2012 10:16:52 AM | Computer Name = Snooks | Source = Service Control Manager | ID = 7023
Description = The seclogon service terminated with the following error: %%127

Error - 4/26/2012 10:17:00 AM | Computer Name = Snooks | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 4/26/2012 11:18:54 AM | Computer Name = Snooks | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 4/26/2012 11:28:54 AM | Computer Name = Snooks | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 4/26/2012 11:38:54 AM | Computer Name = Snooks | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 4/26/2012 11:48:54 AM | Computer Name = Snooks | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 4/26/2012 11:58:54 AM | Computer Name = Snooks | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 4/26/2012 12:08:54 PM | Computer Name = Snooks | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 4/26/2012 12:18:54 PM | Computer Name = Snooks | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 4/26/2012 12:28:54 PM | Computer Name = Snooks | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5


< End of report >
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Apr 26, 2012 1:41 pm    Post subject: Reply with quote

Something has turned up in your OTL log that I'd like to take a look at with another tool, it is possible that you may have a rootkit (or the remains of one) on your computer ....


  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.


Boot your computer into Recovery Environment


  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...





  • Select the Command Prompt option.
  • A command window will open.

    • Type notepad then hit Enter.
    • Notepad will open.

      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.


  • Back in the command window ....

    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.

      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.


  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Thu Apr 26, 2012 2:41 pm    Post subject: Reply with quote

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 26-04-2012 18:37:22
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup [769896 2011-02-04] (Agnitum Ltd.)
HKLM\...\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice [4262336 2011-02-04] (Agnitum Ltd.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Natalie\...\Run: [AdobeBridge] [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [623368 2009-12-30] (DigitalPersona, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll

==================== Services (Whitelisted) ======

2 acssrv; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [3452792 2011-02-04] (Agnitum Ltd.)
3 ASWFilt; \??\C:\Windows\system32\Filt\ASWFilt64.dll [51360 2011-02-02] (Agnitum Ltd.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
4 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [444680 2009-12-30] (DigitalPersona, Inc.)
4 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2011-05-13] (Hewlett-Packard Company)
3 LBTServ; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [160784 2009-07-20] (Logitech, Inc.)
4 Samsung UPD Service; "C:\Windows\System32\SUPDSvc.exe" [166704 2010-08-08] (Samsung Electronics CO., LTD.)
4 vcsFPService; C:\Windows\system32\vcsFPService.exe [2192176 2010-02-23] (Validity Sensors, Inc.)
4 vcsFPService; C:\Windows\SysWow64\vcsFPService.exe [1799472 2010-02-23] (Validity Sensors, Inc.)

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [43320 2011-05-13] (Hewlett-Packard Company)
1 afw; C:\Windows\System32\Drivers\afw.sys [39528 2010-04-20] (Agnitum Ltd.)
3 afwcore; C:\Windows\System32\Drivers\afwcore.sys [424040 2010-09-27] (Agnitum Ltd.)
3 CLAVIAUSB64; C:\Windows\System32\Drivers\CLAVIAUSB64.sys [26496 2011-10-06] (Clavia DMI AB)
2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [49152 2004-10-18] (DeviceGuys, Inc.)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
3 ffusb2audio; C:\Windows\System32\Drivers\ffusb2audio.sys [59224 2011-10-13] (Focusrite Audio Engineering Limited.)
3 grmnusb; C:\Windows\System32\Drivers\grmnusb.sys [20520 2009-05-08] (GARMIN Corp.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2011-05-13] (Hewlett-Packard Company)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.sys [74256 2009-06-17] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.sys [13328 2009-06-17] (Logitech, Inc.)
3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [55312 2009-06-17] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [57872 2009-06-17] (Logitech, Inc.)
1 SandBox; \??\C:\Windows\system32\drivers\SandBox64.sys [1099352 2011-02-02] (Agnitum Ltd.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-11-01] (Duplex Secure Ltd.)
2 SSPORT; C:\Windows\System32\Drivers\SSPORT.sys [11576 2007-08-13] (Samsung Electronics)
3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [48200 2009-08-04] (Yamaha Corporation)
3 aswArKrn; \??\C:\Users\Natalie\AppData\Local\Temp\aswArKrn.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-26 18:37 - 2010-09-18 19:27 - 0000000 ____D C:\FRST
2012-04-26 09:04 - 2010-12-31 21:14 - 0089550 ____A C:\Users\Natalie\Downloads\Extras.Txt
2012-04-26 09:02 - 2012-04-26 08:45 - 0090452 ____A C:\Users\Natalie\Downloads\OTL.Txt
2012-04-26 08:45 - 2012-04-25 17:03 - 0595968 ____A (OldTimer Tools) C:\Users\Natalie\Downloads\OTL.exe
2012-04-26 04:01 - 2012-04-26 08:38 - 0165376 ____A C:\Users\Natalie\Downloads\SystemLook_x64.exe
2012-04-26 04:01 - 2012-04-25 17:03 - 0001056 ____A C:\Users\Natalie\Downloads\SystemLook.txt
2012-04-25 17:05 - 2012-04-26 04:01 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Natalie\Downloads\TDSSKiller.exe
2012-04-25 17:05 - 2012-04-24 14:45 - 2054861 ____A C:\Users\Natalie\Downloads\tdsskiller.zip
2012-04-25 17:05 - 2011-11-01 16:25 - 0002254 ____A C:\Users\Natalie\Downloads\eula.txt
2012-04-25 17:05 - 2010-08-04 20:36 - 0131462 ____A C:\TDSSKiller.2.7.33.0_25.04.2012_21.05.53_log.txt
2012-04-25 17:03 - 2012-04-26 09:04 - 0396041 ____A C:\Users\Natalie\Downloads\MiniToolBox.exe
2012-04-25 17:03 - 2011-08-27 18:16 - 0010015 ____A C:\Users\Natalie\Downloads\Result.txt
2012-04-25 13:01 - 2010-08-06 13:12 - 0000000 ____D C:\Program Files (x86)\NirSoft
2012-04-25 13:01 - - 0130247 ____A C:\Users\Natalie\Downloads\bluescreenview_setup.exe
2012-04-19 13:31 - 2012-04-19 12:07 - 0274792 ____A C:\Windows\Minidump\041912-19812-01.dmp
2012-04-19 13:01 - 2012-04-25 13:01 - 0607260 ____R (Swearware) C:\Users\Natalie\Downloads\dds.com
2012-04-19 12:35 - 2012-04-19 13:31 - 0274792 ____A C:\Windows\Minidump\041912-23197-01.dmp
2012-04-19 12:30 - 2011-12-20 12:15 - 0000000 ____D C:\Users\Natalie\Desktop\BigDogsJINGLE
2012-04-19 12:28 - - 0000000 ____D C:\Users\Natalie\Desktop\4-14-12 Wav
2012-04-19 12:07 - 2011-11-02 05:20 - 0000000 ____D C:\Windows\Minidump
2012-04-19 12:07 - 2009-07-13 21:32 - 431946598 ____A C:\Windows\MEMORY.DMP
2012-04-19 12:07 - - 0274792 ____A C:\Windows\Minidump\041912-16177-01.dmp
2012-04-18 18:12 - 2012-04-05 06:33 - 0000000 ____D C:\Users\Natalie\Desktop\Track 2
2012-04-16 20:06 - 2012-03-31 10:57 - 0318735 ____A C:\Users\Natalie\Desktop\NATALIE M & JASON T MCCLURE_500EZ-2011.pdf
2012-04-10 05:29 - 2011-09-09 07:04 - 0000000 ____D C:\Users\Natalie\Documents\iZotope
2012-04-10 05:29 - 2010-09-21 15:28 - 0000000 ____D C:\Users\Natalie\AppData\Roaming\iZotope
2012-04-08 08:22 - 2011-12-17 08:12 - 0000000 ____D C:\Program Files (x86)\iZotope
2012-04-08 08:22 - 2009-07-13 21:37 - 0000000 ____D C:\Program Files\Common Files\VST3
2012-04-08 08:19 - 2009-07-13 17:11 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-04-02 16:04 - 2012-03-16 07:30 - 0000000 ____D C:\Users\Natalie\Desktop\Track 1
2012-04-01 19:08 - 2010-08-04 23:10 - 0000000 ____D C:\Program Files (x86)\East West
2012-03-31 13:06 - 2009-07-13 20:54 - 0000000 ____D C:\Program Files (x86)\Digidesign
2012-03-31 13:05 - 2011-07-27 05:54 - 0000000 ____D C:\Program Files (x86)\Arturia
2012-03-31 13:05 - 2009-07-13 17:14 - 0163840 ____A () C:\Windows\SysWOW64\ArtFfct.dll
2012-03-30 10:52 - 2011-11-01 16:25 - 0000043 ____A C:\Users\Natalie\Desktop\midi.txt
2012-03-30 09:51 - 2012-04-19 13:29 - 0000000 ____D C:\Users\Natalie\Desktop\Cubase midi test

============ 3 Months Modified Files and Folders =============

2012-04-26 14:29 - 2010-11-21 18:47 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-26 14:29 - 2010-08-16 10:01 - 0197799 ____A C:\Windows\setupact.log
2012-04-26 14:29 - 2010-06-30 00:49 - 3015888896 __ASH C:\hiberfil.sys
2012-04-26 14:29 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-26 14:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Registration
2012-04-26 14:25 - 2010-08-24 06:14 - 0523700 ____A C:\Windows\System32\config\afw_db.conf
2012-04-26 14:25 - 2010-08-24 06:14 - 0008144 ____A C:\Windows\System32\config\afw_hm.conf
2012-04-26 14:25 - 2010-08-24 05:17 - 0123418 ____A C:\Windows\System32\config\rules.rdb
2012-04-26 14:25 - 2010-06-30 00:56 - 1964813 ____A C:\Windows\WindowsUpdate.log
2012-04-26 14:23 - 2009-07-13 21:13 - 0733982 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-26 14:20 - 2010-11-21 18:47 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-26 14:06 - 2011-08-05 07:09 - 0006784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-26 14:06 - 2011-08-05 07:09 - 0006784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-26 09:04 - 2012-04-26 09:04 - 0089550 ____A C:\Users\Natalie\Downloads\Extras.Txt
2012-04-26 09:02 - 2012-04-26 09:02 - 0090452 ____A C:\Users\Natalie\Downloads\OTL.Txt
2012-04-26 08:45 - 2012-04-26 08:45 - 0595968 ____A (OldTimer Tools) C:\Users\Natalie\Downloads\OTL.exe
2012-04-26 08:38 - 2012-04-26 04:01 - 0001056 ____A C:\Users\Natalie\Downloads\SystemLook.txt
2012-04-26 04:01 - 2012-04-26 04:01 - 0165376 ____A C:\Users\Natalie\Downloads\SystemLook_x64.exe
2012-04-25 17:15 - 2012-04-25 17:05 - 0131462 ____A C:\TDSSKiller.2.7.33.0_25.04.2012_21.05.53_log.txt
2012-04-25 17:13 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-25 17:05 - 2012-04-25 17:05 - 2054861 ____A C:\Users\Natalie\Downloads\tdsskiller.zip
2012-04-25 17:03 - 2012-04-25 17:03 - 0396041 ____A C:\Users\Natalie\Downloads\MiniToolBox.exe
2012-04-25 17:03 - 2012-04-25 17:03 - 0010015 ____A C:\Users\Natalie\Downloads\Result.txt
2012-04-25 13:01 - 2012-04-25 13:01 - 0130247 ____A C:\Users\Natalie\Downloads\bluescreenview_setup.exe
2012-04-25 13:01 - 2012-04-25 13:01 - 0000000 ____D C:\Program Files (x86)\NirSoft
2012-04-24 14:45 - 2012-04-25 17:05 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Natalie\Downloads\TDSSKiller.exe
2012-04-19 13:59 - 2011-11-21 09:46 - 0255330 ____A C:\Windows\ntbtlog.txt
2012-04-19 13:31 - 2012-04-19 13:31 - 0274792 ____A C:\Windows\Minidump\041912-19812-01.dmp
2012-04-19 13:31 - 2012-04-19 12:07 - 431946598 ____A C:\Windows\MEMORY.DMP
2012-04-19 13:31 - 2012-04-19 12:07 - 0000000 ____D C:\Windows\Minidump
2012-04-19 13:29 - 2012-04-19 12:30 - 0000000 ____D C:\Users\Natalie\Desktop\BigDogsJINGLE
2012-04-19 13:01 - 2012-04-19 13:01 - 0607260 ____R (Swearware) C:\Users\Natalie\Downloads\dds.com
2012-04-19 12:54 - 2012-02-19 21:29 - 0000000 ____D C:\Users\Natalie\AppData\Local\Conduit
2012-04-19 12:54 - 2010-08-04 20:35 - 0000000 ____D C:\Users\Natalie\AppData\LocalLow
2012-04-19 12:35 - 2012-04-19 12:35 - 0274792 ____A C:\Windows\Minidump\041912-23197-01.dmp
2012-04-19 12:28 - 2012-04-19 12:28 - 0000000 ____D C:\Users\Natalie\Desktop\4-14-12 Wav
2012-04-19 12:28 - 2012-03-09 09:12 - 0000000 ____D C:\Users\Natalie\Desktop\RH 3-10-12
2012-04-19 12:07 - 2012-04-19 12:07 - 0274792 ____A C:\Windows\Minidump\041912-16177-01.dmp
2012-04-18 18:28 - 2012-04-18 18:12 - 0000000 ____D C:\Users\Natalie\Desktop\Track 2
2012-04-16 20:06 - 2012-04-16 20:06 - 0318735 ____A C:\Users\Natalie\Desktop\NATALIE M & JASON T MCCLURE_500EZ-2011.pdf
2012-04-16 11:04 - 2012-04-10 05:29 - 0000000 ____D C:\Users\Natalie\AppData\Roaming\iZotope
2012-04-16 06:38 - 2010-08-24 05:16 - 0000000 ____D C:\Windows\System32\Filt
2012-04-10 05:29 - 2012-04-10 05:29 - 0000000 ____D C:\Users\Natalie\Documents\iZotope
2012-04-08 08:22 - 2012-04-08 08:22 - 0000000 ____D C:\Program Files\Common Files\VST3
2012-04-08 08:22 - 2012-04-08 08:22 - 0000000 ____D C:\Program Files (x86)\iZotope
2012-04-08 08:19 - 2012-04-08 08:19 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-04-05 06:33 - 2012-04-02 16:04 - 0000000 ____D C:\Users\Natalie\Desktop\Track 1
2012-04-04 08:16 - 2011-08-03 08:48 - 0000000 ____D C:\Users\Natalie\AppData\Local\Adobe
2012-04-01 19:08 - 2012-04-01 19:08 - 0000000 ____D C:\Program Files (x86)\East West
2012-03-31 15:10 - 2012-03-30 09:51 - 0000000 ____D C:\Users\Natalie\Desktop\Cubase midi test
2012-03-31 13:06 - 2012-03-31 13:06 - 0000000 ____D C:\Program Files (x86)\Digidesign
2012-03-31 13:05 - 2012-03-31 13:05 - 0000000 ____D C:\Program Files (x86)\Arturia
2012-03-31 11:14 - 2012-02-20 18:55 - 0000000 ____D C:\Users\Natalie\Documents\Native Instruments
2012-03-31 10:57 - 2012-03-30 10:52 - 0000043 ____A C:\Users\Natalie\Desktop\midi.txt
2012-03-29 16:34 - 2010-06-30 01:04 - 0360540 ____A C:\Windows\PFRO.log
2012-03-29 14:40 - 2010-09-10 04:32 - 0000000 ____D C:\Users\Natalie\AppData\Roaming\Dropbox
2012-03-29 14:34 - 2012-03-22 10:17 - 0000000 ___RD C:\Users\Natalie\Dropbox
2012-03-28 14:04 - 2009-07-13 21:08 - 0032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-28 13:34 - 2012-02-19 21:30 - 0000000 ____D C:\Users\Natalie\AppData\Roaming\Azureus
2012-03-22 10:17 - 2010-08-04 20:35 - 0000000 ____D C:\users\Natalie
2012-03-21 17:41 - 2010-08-15 19:07 - 0000000 ____D C:\Program Files (x86)\Waves
2012-03-21 17:36 - 2012-03-21 17:36 - 3693554 ____A C:\Windows\SysWOW64\TmpA4325611
2012-03-21 17:19 - 2012-03-21 17:19 - 0000000 ____D C:\Program Files (x86)\Sonnox
2012-03-20 10:13 - 2012-03-20 10:13 - 0000000 ____D C:\Users\Public\Waves Audio
2012-03-20 10:13 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-20 10:10 - 2010-08-15 19:09 - 0000000 ____D C:\Users\Natalie\AppData\Roaming\Waves Audio
2012-03-16 07:30 - 2012-03-16 07:30 - 0000000 ____D C:\Users\Natalie\Desktop\SSS Artwork
2012-03-16 06:19 - 2011-09-09 09:24 - 0000132 ____A C:\Users\Natalie\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-02-29 10:41 - 2011-10-27 09:54 - 0000000 ____D C:\Users\Natalie\AppData\Roaming\VST3 Presets
2012-02-20 18:55 - 2012-02-20 18:55 - 0000000 ____D C:\Users\Natalie\AppData\Local\Native Instruments
2012-02-20 18:54 - 2012-02-20 18:54 - 0001014 ____A C:\Users\Public\Desktop\Kontakt 5.lnk
2012-02-20 18:54 - 2012-02-20 18:54 - 0000000 __HDC C:\Users\All Users\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-02-20 18:54 - 2012-02-20 18:54 - 0000000 __HDC C:\ProgramData\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-02-20 18:52 - 2012-02-20 18:51 - 0000000 ____D C:\Program Files\Native Instruments
2012-02-20 18:52 - 2012-02-20 18:51 - 0000000 ____D C:\Program Files\Common Files\Native Instruments
2012-02-20 18:51 - 2012-02-20 18:51 - 0000000 __HDC C:\Users\All Users\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-02-20 18:51 - 2012-02-20 18:51 - 0000000 __HDC C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-02-20 18:51 - 2012-02-20 18:51 - 0000000 ____D C:\Users\All Users\Native Instruments
2012-02-20 18:51 - 2012-02-20 18:51 - 0000000 ____D C:\ProgramData\Native Instruments
2012-02-19 21:30 - 2012-02-19 21:30 - 0000000 ____D C:\Users\Natalie\.swt
2012-02-19 21:29 - 2012-02-19 21:29 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-02-19 13:23 - 2012-02-19 13:23 - 0000000 ____D C:\Users\Natalie\AppData\Roaming\Logitech
2012-02-19 13:23 - 2012-02-19 13:23 - 0000000 ____D C:\Users\Natalie\AppData\Roaming\Leadertech
2012-02-19 13:23 - 2012-02-19 13:20 - 0000000 ____D C:\Users\All Users\Logitech
2012-02-19 13:23 - 2012-02-19 13:20 - 0000000 ____D C:\ProgramData\Logitech
2012-02-19 13:22 - 2012-02-19 13:22 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2012-02-19 13:22 - 2012-02-19 13:22 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2012-02-19 13:22 - 2012-02-19 13:22 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LHidEqd_01005.Wdf
2012-02-19 13:22 - 2012-02-19 13:21 - 0006661 ____A C:\Windows\LDPINST.LOG
2012-02-19 13:22 - 2012-02-19 13:20 - 0000000 ____D C:\Program Files\Common Files\Logishrd
2012-02-19 13:22 - 2012-02-19 13:19 - 0000000 ____D C:\Users\All Users\LogiShrd
2012-02-19 13:22 - 2012-02-19 13:19 - 0000000 ____D C:\ProgramData\LogiShrd
2012-02-19 13:21 - 2012-02-19 13:21 - 0001845 ____A C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
2012-02-19 13:21 - 2012-02-19 13:21 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LEqdUsb_01005.Wdf
2012-02-19 13:20 - 2012-02-19 13:20 - 0000000 ____D C:\Program Files\Logitech
2012-02-19 13:20 - 2010-05-17 17:46 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-18 09:47 - 2012-02-18 09:47 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-18 09:47 - 2012-02-18 09:47 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-18 09:47 - 2012-02-18 09:47 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-18 09:47 - 2010-08-24 06:12 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-08 11:30 - 2011-09-09 09:21 - 0001456 ____A C:\Users\Natalie\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-02-02 13:54 - 2011-11-17 12:22 - 0000000 ____D C:\Users\Natalie\Images
2012-02-02 13:54 - 2011-11-17 12:21 - 0000000 ____D C:\Users\Natalie\Audio


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe is missing.
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3137.12 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3125.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:444.68 GB) (Free:134.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:20.78 GB) (Free:3.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:13.03 GB) (Free:12.87 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 13 GB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 444 GB 200 MB
Partition 3 Primary 20 GB 444 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 444 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 20 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 13 GB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-04-25 19:52

======================= End Of Log ==========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Apr 26, 2012 3:28 pm    Post subject: Reply with quote

I'm happy to say I was wrong about the rootkit. Smile

It's past midnight here, and I'm getting a touch drowsy, so I'll post my next set of instructions in the morning (my time).
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Apr 26, 2012 10:05 pm    Post subject: Reply with quote

OK, lets take care of a few things, and see if that has any affect on your blue screen problems ....

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Java(TM) 6 Update 21 (64-bit)
NirSoft BlueScreenView


Old versions of java can be exploited, even if you have a later version installed (you've got version 6 update 31 which is the latest version)

Now I've seen your Minidump files there's no need to keep BSV on your machine.

Reboot your computer when both programs have been uninstalled.

Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
DRV:64bit: - [2011/11/01 12:58:58 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
IE - HKLM\..\SearchScopes\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\SearchScopes\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Natalie\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
[2012/02/20 01:29:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/08/24 10:12:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
O3 - HKU\S-1-5-21-1262221200-1738031133-2144323258-1001\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
[2012/04/25 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/03/28 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Azureus
[2010/08/15 22:36:11 | 000,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\DAEMON Tools Lite
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

:Commands
[CreateRestorePoint]
[EmptyTemp]
[Purity]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Please let me know if your computer is running any better now.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Sat Apr 28, 2012 6:50 am    Post subject: Reply with quote

All processes killed
========== OTL ==========
Error: Unable to stop service sptd!
Unable to delete service\driver key sptd.
C:\Windows\SysNative\drivers\sptd.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_USERS\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4AD5260-2C37-40B3-8085-1BE40F10F9DB}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Natalie\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} not found.
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\paz9rguw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1262221200-1738031133-2144323258-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Program Files (x86)\NirSoft folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\plugins\azutp folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\logs\save folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\Natalie\AppData\Roaming\Azureus folder moved successfully.
C:\Users\Natalie\AppData\Roaming\DAEMON Tools Lite\IconsCache folder moved successfully.
C:\Users\Natalie\AppData\Roaming\DAEMON Tools Lite folder moved successfully.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Natalie
->Temp folder emptied: 106062332 bytes
->Temporary Internet Files folder emptied: 208323141 bytes
->Java cache emptied: 2171699 bytes
->FireFox cache emptied: 48902542 bytes
->Google Chrome cache emptied: 301615891 bytes
->Flash cache emptied: 487932 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 238284783 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 14645263125 bytes

Total Files Cleaned = 14,831.00 mb


OTL by OldTimer - Version 3.2.42.1 log created on 04282012_103710

Files\Folders moved on Reboot...
C:\Users\Natalie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...






Gary, the pc has been running great since those last bsod's.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Sat Apr 28, 2012 9:15 am    Post subject: Reply with quote

OK, the sptd.sys file has been deleted, but it seems the service that calls it has not been removed, so I need to see if OTL reported correctly and see if it is actually still there.


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code:
:service
sptd


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Mon Apr 30, 2012 4:53 am    Post subject: Reply with quote

SystemLook 30.07.11 by jpshortstuff
Log created at 08:52 on 30/04/2012 by Natalie
Administrator - Elevation successful

========== service ==========

sptd
sptd
(No Description)
Current Status: Stopped
Startup Type: Boot
Error Control: Ignore
Binary: \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys
Group: Boot Bus Extender
SafeBoot: Minimal(Group) Network(Group)
Dependencies:
(none)
Dependant Services:
(none)

-= EOF =-
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Mon Apr 30, 2012 8:27 am    Post subject: Reply with quote

Download MiniRegTool by Farbar and extract it to your Desktop.

64 bit version


  • Double click on MiniRegTool.exe to launch the program.
  • If prompted by UAC, allow the prompts.
  • Check the following radio button ....

    • Delete Key(s)/Value(s) including locked/Null-embedded

  • Copy/Paste the contents of the code box below into the white input box.

Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd


  • Click on the Go button.
  • The scan will run and a log file will open.
  • Post me the contents of the log please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Mon Apr 30, 2012 9:41 am    Post subject: Reply with quote

MiniRegTool by Farbar
Ran by Natalie (administrator) on 2012-04-30 13:40:27

====================================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Enum deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd deleted successfully.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Mon Apr 30, 2012 1:38 pm    Post subject: Reply with quote

Looks like we've got everything now. If your computer is running OK it's time to do a little tidying up, please do the following ....

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Blue Screen View


Next

Let's clear out OTL and the files and folders it created. This will also remove SystemLook and TDSSKiller

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


Next

Please delete ....

Minitoolbox (and any log files it created)
MiniRegTool (and any log files it created)
FRST64 (and any log files it created)

As far as I can see, your computer looks clear now.

Are you still noticing any problems ?

  • If you are let me know about them.


Please read the article below which will give you a few suggestions on security.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
reachinOUT
Junior Member


Joined: 28 Jul 2011
Last Visit: 02 May 2012
Posts: 30

PostPosted: Tue May 01, 2012 7:58 am    Post subject: Reply with quote

Thanks Gary for all of your help. My pc is good to go. You and the people running this site do a great job volunteering your time for a wonderful cause. I have donated 25.00 to you guys just now. Thanks again, Jason
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 31 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Tue May 01, 2012 12:11 pm    Post subject: Reply with quote

You're welcome, glad we could help. Smile

Thanks for the donation, it is much appreciated.

Keep safe,

Gary


As your problems appear to be resolved ....

Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group