1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need help with virus or adware, browser hijack?

Discussion in 'Virus & Other Malware Removal' started by firewoodman, Feb 8, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. firewoodman

    firewoodman Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    33
    I am trying to load www.mylittlesalesman.com and when I do so, it re-direct's to a St. Jude's donation ad. Every other webpage that I load, loads just fine, this one doesn't for whatever reason. I am NOT using a router and I have Comcast high speed. I have pinged the mylittlesalesman site as well as verified that there are no problems with it. I have also tried to access this same site with Chrome and Firefox, which all had the same results, a re-direct to the St. Jude's ad. I can access this site from other computers, just not this one.

    I have deleted all cookies and history as well as used system restore. I downloaded different anti virus programs, which turned up some stuff and they got quarantined and then deleted. I have also ran Malware Bytes and had some issues that were quarantined, then deleted. Currently I am using Ad-Aware Antivirus, ESET NOD 32 Antivirus, Malware Bytes Anti-Malware and Microsoft Security Essentials.

    The last successful access of this specific site was around the first week of January 2013. I am at a loss as to what to do.

    My hosts file is now fixed, it looks like this:

    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host
    # 127.0.0.1 localhost
    # ::1 localhost






    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, x64 Family 15 Model 75 Stepping 2
    Processor Count: 2
    RAM: 2045 Mb
    Graphics Card: NVIDIA GeForce 6200, 256 Mb
    Hard Drives: C: Total - 294955 MB, Free - 178228 MB; D: Total - 10239 MB, Free - 5267 MB;
    Motherboard: Dell Inc, 0CT103
    Antivirus: ESET NOD32 Antivirus 6.0, Updated and Enabled


    Thanks for your input!
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi firewoodman,
    You should only have one active antivirus.
    Having more than one can actually reduce your protection, and may make your system unstable.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Uninstall a program under the Programs heading.
    Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

    Ad-Aware

    If your ESET NOD32 is paid for: Keep it and Uninstall Microsoft Security Essentials.
    If your ESET NOD32 is a trial version: Uninstall it and keep Microsoft Security Essentials

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • For Vista or Win7, right click the icon and choose "Run as administrator".
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
      When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    askey127
     
  3. firewoodman

    firewoodman Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    33

    OTL.txt is:

    OTL logfile created on: 2/9/2013 10:40:14 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Norm & Betsy\Documents\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.61% Memory free
    4.23 Gb Paging File | 2.86 Gb Available in Paging File | 67.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.04 Gb Total Space | 173.67 Gb Free Space | 60.29% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.14 Gb Free Space | 51.44% Space Free | Partition Type: NTFS

    Computer Name: NORMBETSY-PC | User Name: Norm & Betsy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/09 09:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Norm & Betsy\Documents\Downloads\OTL.exe
    PRC - [2013/02/07 12:45:10 | 000,699,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/11 15:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2012/10/02 11:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2012/10/02 11:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/09/18 11:54:05 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2011/08/19 01:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/09 03:23:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll
    MOD - [2013/01/09 03:23:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/09 03:23:13 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll
    MOD - [2013/01/09 03:22:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
    MOD - [2013/01/09 03:22:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
    MOD - [2013/01/09 03:22:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
    MOD - [2013/01/09 03:22:13 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
    MOD - [2013/01/09 03:21:13 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
    MOD - [2013/01/09 03:21:04 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
    MOD - [2012/02/09 09:40:09 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2012/02/09 09:40:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2012/02/09 09:40:09 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
    MOD - [2012/02/09 09:40:09 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
    MOD - [2012/02/09 09:40:09 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
    MOD - [2012/02/09 09:40:08 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2012/02/09 09:40:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2012/02/09 09:40:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2012/02/09 09:40:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2012/02/09 09:40:02 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2012/02/09 09:40:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2012/02/09 09:40:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2012/02/09 09:40:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2012/02/09 09:40:01 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2012/02/09 09:40:01 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2012/02/09 09:40:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2012/02/09 09:40:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2012/02/09 09:40:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2012/02/09 09:40:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2012/02/09 09:40:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2012/02/09 09:40:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2012/02/09 09:40:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2012/02/09 09:40:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
    MOD - [2012/02/09 09:40:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2012/02/09 09:40:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2012/02/09 09:40:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2012/02/09 09:40:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2012/02/09 09:39:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2012/02/09 09:39:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2012/02/09 09:39:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2012/02/09 09:39:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2012/02/09 09:39:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2012/02/09 09:39:56 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2012/02/09 09:39:56 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2012/02/09 09:39:56 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2012/02/09 09:39:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2012/02/09 09:39:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2012/02/09 09:39:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2012/02/09 09:39:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2012/02/09 09:39:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2012/02/09 09:39:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2012/02/09 09:39:56 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    MOD - [2012/02/09 09:39:56 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
    MOD - [2012/02/09 09:39:55 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2012/02/09 09:39:55 | 001,019,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3693.42513__90ba9c70f846762e\CLI.Component.Eeu.dll
    MOD - [2012/02/09 09:39:55 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2012/02/09 09:39:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2012/02/09 09:39:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2012/02/09 09:39:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2012/02/09 09:39:54 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2012/02/09 09:39:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
    MOD - [2012/02/09 09:39:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
    MOD - [2012/02/09 09:39:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2012/02/09 09:39:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2012/02/09 09:39:54 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2006/12/10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\Hp\Digital Imaging\bin\crm\xmltok.dll
    MOD - [2006/12/10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\Hp\Digital Imaging\bin\crm\xmlparse.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - [2013/02/07 12:45:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/16 12:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/08 12:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2011/08/19 01:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/03/29 14:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
    SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2013/02/01 11:42:35 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
    DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/08/19 12:20:15 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\MpEngineStore\MpKslfaa10fa2.sys -- (MpKslfaa10fa2)
    DRV - [2011/08/19 01:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2011/08/19 01:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/08/19 01:26:34 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
    DRV - [2010/02/10 23:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2010/02/10 23:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2006/11/22 14:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2006/11/01 23:36:43 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/11/01 23:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2006/11/01 23:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070228
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070228
    IE - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.dell.com/support/in [Binary data over 200 bytes]
    IE - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    IE - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en
    IE - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:5.0


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/01 11:42:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 14:03:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2011/01/04 14:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Extensions
    [2009/07/06 16:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2013/02/01 11:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions
    [2011/12/27 19:07:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/03/12 09:38:09 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions\[email protected]
    [2012/03/12 09:37:50 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions\[email protected]
    [2013/02/01 11:41:57 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions\[email protected]
    [2008/01/18 21:49:12 | 000,002,081 | ---- | M] () (No name found) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions\[email protected]
    [2012/10/13 09:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    [2013/01/22 12:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/05/31 18:10:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/16 12:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/24 23:07:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/13 09:27:06 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/03/12 09:38:05 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2013/01/16 12:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/01/16 12:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: SelectionLinks = C:\Users\Norm & Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej\3.0_0\
    CHR - Extension: Skype Click to Call = C:\Users\Norm & Betsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\

    O1 HOSTS File: ([2013/01/26 09:14:55 | 000,000,776 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\..Trusted Domains: cnet.com ([download] https in Trusted sites)
    O15 - HKU\S-1-5-21-1178184448-1605268686-2938866084-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9109AC2E-5716-4AC8-A4F5-E0D037A06AC7}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Norm & Betsy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Norm & Betsy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{5b549509-6882-11de-ae23-00188b7bb61b}\Shell - "" = AutoRun
    O33 - MountPoints2\{5b549509-6882-11de-ae23-00188b7bb61b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
    O33 - MountPoints2\{6b4b8d47-c731-11db-8854-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{6b4b8d47-c731-11db-8854-806e6f6e6963}\Shell\AutoRun\command - "" = E:\KAV2009.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/09 10:25:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/02/09 09:52:26 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\Desktop\RK_Quarantine
    [2013/02/09 08:17:05 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/02/09 08:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
    [2013/02/07 14:04:24 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Local\{80173CF0-731D-47A7-95D0-DB2BBA8591BB}
    [2013/02/07 13:58:43 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\1993 Freightliner LL
    [2013/02/01 11:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
    [2013/02/01 11:54:19 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Roaming\LavasoftStatistics
    [2013/02/01 11:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2013/02/01 11:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
    [2013/02/01 11:42:46 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Local\Downloaded Installations
    [2013/02/01 11:42:36 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
    [2013/02/01 11:42:36 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
    [2013/02/01 11:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2013/02/01 11:42:23 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Local\adawarebp
    [2013/02/01 11:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2013/02/01 11:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
    [2013/02/01 11:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
    [2013/02/01 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Roaming\Ad-Aware Antivirus
    [2013/01/25 17:54:54 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Local\ESET
    [2013/01/22 13:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/01/22 12:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2013/01/22 12:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/01/22 11:52:50 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Local\{D1CC17DE-5F75-467A-95BC-110D054BF717}
    [2013/01/15 15:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/15 15:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2013/01/14 08:35:51 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2013/01/14 08:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
    [2013/01/11 14:23:54 | 000,000,000 | ---D | C] -- C:\Users\Norm & Betsy\Documents\Haywire Road Permit 20130004
    [3 C:\Users\Norm & Betsy\Documents\*.tmp files -> C:\Users\Norm & Betsy\Documents\*.tmp -> ]
    [1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/09 10:35:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/09 10:35:06 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/09 10:35:06 | 000,122,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/09 10:29:38 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/09 10:29:38 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/09 10:29:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/09 10:16:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/09 10:00:56 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/09 09:15:42 | 000,544,885 | ---- | M] () -- C:\Users\Norm & Betsy\AppData\Local\census.cache
    [2013/02/09 09:14:43 | 000,166,474 | ---- | M] () -- C:\Users\Norm & Betsy\AppData\Local\ars.cache
    [2013/02/09 08:18:30 | 000,002,667 | ---- | M] () -- C:\Users\Norm & Betsy\Desktop\HiJackThis.lnk
    [2013/02/07 14:54:11 | 000,149,022 | ---- | M] () -- C:\Windows\hpoins19.dat
    [2013/02/07 13:54:12 | 000,046,446 | ---- | M] () -- C:\Users\Norm & Betsy\Documents\2005 Whitlog Trailer Registration.pdf
    [2013/02/07 12:45:10 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/02/07 12:45:10 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/02/04 07:53:51 | 000,008,944 | ---- | M] () -- C:\Users\Norm & Betsy\AppData\Local\d3d9caps.dat
    [2013/02/01 11:42:35 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
    [2013/02/01 11:42:35 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
    [2013/02/01 09:09:35 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/01/30 02:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2013/01/28 09:04:35 | 000,877,984 | ---- | M] () -- C:\Users\Norm & Betsy\Documents\Smith DNR burn permit.pdf
    [2013/01/26 08:32:31 | 000,001,997 | ---- | M] () -- C:\Users\Norm & Betsy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/25 15:20:16 | 000,878,169 | ---- | M] () -- C:\Users\Norm & Betsy\Documents\Burn App Form_Long_MASTER_ SAVABLE_2012-Dec-27.pdf
    [2013/01/22 12:52:22 | 000,000,872 | ---- | M] () -- C:\Users\Norm & Betsy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/22 12:52:22 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/01/22 09:20:22 | 000,000,383 | ---- | M] () -- C:\Windows\SIERRA.INI
    [2013/01/21 16:49:11 | 000,028,762 | ---- | M] () -- C:\Users\Norm & Betsy\Desktop\AHLT Brand.pdf
    [2013/01/20 14:13:14 | 000,052,668 | ---- | M] () -- C:\Users\Norm & Betsy\Documents\Tewault Ltr.pdf
    [2013/01/18 17:59:30 | 000,070,801 | ---- | M] () -- C:\Users\Norm & Betsy\Documents\Westenskow Proposal.pdf
    [2013/01/15 15:04:49 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/14 08:35:46 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    [3 C:\Users\Norm & Betsy\Documents\*.tmp files -> C:\Users\Norm & Betsy\Documents\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/09 08:17:05 | 000,002,667 | ---- | C] () -- C:\Users\Norm & Betsy\Desktop\HiJackThis.lnk
    [2013/02/07 13:55:55 | 000,046,446 | ---- | C] () -- C:\Users\Norm & Betsy\Documents\2005 Whitlog Trailer Registration.pdf
    [2013/01/25 15:20:35 | 000,877,984 | ---- | C] () -- C:\Users\Norm & Betsy\Documents\Smith DNR burn permit.pdf
    [2013/01/25 14:51:13 | 000,878,169 | ---- | C] () -- C:\Users\Norm & Betsy\Documents\Burn App Form_Long_MASTER_ SAVABLE_2012-Dec-27.pdf
    [2013/01/22 13:11:52 | 000,001,997 | ---- | C] () -- C:\Users\Norm & Betsy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/22 13:11:52 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/01/22 12:52:22 | 000,000,872 | ---- | C] () -- C:\Users\Norm & Betsy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/22 12:52:22 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/01/22 12:52:22 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/01/21 16:49:09 | 000,028,762 | ---- | C] () -- C:\Users\Norm & Betsy\Desktop\AHLT Brand.pdf
    [2013/01/20 14:13:14 | 000,052,668 | ---- | C] () -- C:\Users\Norm & Betsy\Documents\Tewault Ltr.pdf
    [2013/01/18 17:59:30 | 000,070,801 | ---- | C] () -- C:\Users\Norm & Betsy\Documents\Westenskow Proposal.pdf
    [2013/01/15 15:04:49 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/14 08:35:46 | 000,000,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    [2013/01/14 08:35:46 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    [2012/08/19 07:51:00 | 000,149,022 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2012/08/19 07:50:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2012/08/19 07:31:54 | 000,148,935 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
    [2012/08/19 07:31:54 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
    [2012/07/20 07:29:19 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
    [2012/03/20 16:20:07 | 000,007,758 | ---- | C] () -- C:\Users\Norm & Betsy\Guistina Log Price Sheet 032012.pdf
    [2012/03/07 14:13:05 | 000,000,383 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2012/02/09 09:35:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/08/20 07:59:36 | 000,544,885 | ---- | C] () -- C:\Users\Norm & Betsy\AppData\Local\census.cache
    [2011/08/20 07:59:17 | 000,166,474 | ---- | C] () -- C:\Users\Norm & Betsy\AppData\Local\ars.cache
    [2011/08/20 04:05:56 | 000,000,036 | ---- | C] () -- C:\Users\Norm & Betsy\AppData\Local\housecall.guid.cache
    [2011/08/19 01:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2011/08/19 01:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2011/08/19 01:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2011/07/25 22:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2010/12/18 20:52:36 | 000,174,022 | ---- | C] () -- C:\Users\Norm & Betsy\untitled.bmp
    [2009/07/15 10:08:11 | 000,008,944 | ---- | C] () -- C:\Users\Norm & Betsy\AppData\Local\d3d9caps.dat
    [2009/07/03 15:28:57 | 000,081,920 | ---- | C] () -- C:\Users\Norm & Betsy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2009/09/06 21:46:22 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\acccore
    [2013/02/02 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Ad-Aware Antivirus
    [2012/03/12 09:37:58 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Babylon
    [2013/01/14 08:35:51 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/02/29 19:44:09 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\com.Shutterfly.ExpressUploader
    [2012/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\com.ynab.YNAB3.LiveCaptive.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
    [2012/11/20 08:11:59 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Downloaded Installations
    [2012/11/20 08:18:19 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\FileOpen
    [2011/08/17 11:11:00 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Foxit Software
    [2013/01/11 15:29:03 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Image Zone Express
    [2011/12/18 10:12:43 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Leadertech
    [2010/11/30 13:57:08 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\LimeWire
    [2013/01/01 14:56:14 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\MechCAD
    [2012/11/20 08:18:19 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Nitro
    [2013/01/20 13:20:02 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Nitro PDF
    [2012/07/20 07:29:25 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\OpenCandy
    [2012/07/20 07:34:41 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\PrimoPDF
    [2010/03/22 17:09:21 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Printer Info Cache
    [2010/10/27 08:01:54 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Stamps.com Internet Postage
    [2012/03/27 08:16:13 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\uTorrent
    [2012/06/22 08:58:40 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\W Photo Studio Viewer
    [2011/06/17 06:36:28 | 000,000,000 | ---D | M] -- C:\Users\Norm & Betsy\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
    < End of report >


    OTL Extras is:

    OTL Extras logfile created on: 2/9/2013 10:40:14 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Norm & Betsy\Documents\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.61% Memory free
    4.23 Gb Paging File | 2.86 Gb Available in Paging File | 67.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.04 Gb Total Space | 173.67 Gb Free Space | 60.29% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.14 Gb Free Space | 51.44% Space Free | Partition Type: NTFS

    Computer Name: NORMBETSY-PC | User Name: Norm & Betsy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1178184448-1605268686-2938866084-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0593EB57-FDA1-4600-9C80-2D35A67E3622}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{47C4DC65-3FB4-4295-9BDD-34789A450753}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8615AA7A-D803-4E28-AB6C-002DB5BB90F6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{B17B1AB3-7106-474F-80EC-501AC4E06ACF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{EAAAB20B-1AF1-4169-B619-834372392A71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{058A9605-7DD6-42F4-827C-2104FC490412}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{06BFB2DD-F372-483B-895A-DE405C3F9FBA}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5066\hpdiagnosticcoreui.exe |
    "{06D1DB82-3CC9-4207-9339-6C1FD2BFD5FD}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2e41\hpdiagnosticcoreui.exe |
    "{0B03655D-A5A4-4BCD-8EC3-1A57099E028E}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2d79\hpdiagnosticcoreui.exe |
    "{0DEA297E-53F6-4C18-B242-C3FCE65FF322}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs19c1\hpdiagnosticcoreui.exe |
    "{0F3BA8C5-8FFA-4267-89E6-6047313B27C1}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs1f80\hpdiagnosticcoreui.exe |
    "{1439673D-B188-4236-A033-445AF12D659D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{15D3E1C6-2EED-488A-8BD4-0745E9E9CCE7}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs6940\hpdiagnosticcoreui.exe |
    "{1B95295C-BB84-41A8-B23A-045BEE456584}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{1E5D7104-6858-4A13-8881-15E472732194}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs1c18\hpdiagnosticcoreui.exe |
    "{2258E788-BEED-4803-AAA2-792F81C3A218}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{239750F5-99E7-4EAC-B537-93A9C550BBDA}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2ee4\hpdiagnosticcoreui.exe |
    "{2A2DD8A2-94CF-421E-8C7A-947BE0DA7C25}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs38fb\hpdiagnosticcoreui.exe |
    "{2C11F232-4A7B-4759-9E74-A636EE2B39EB}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs6b51\hpdiagnosticcoreui.exe |
    "{2D741212-D0D4-4DAC-B35B-4AA92365F0F0}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs24f4\hpdiagnosticcoreui.exe |
    "{2E1B0284-44DA-4545-B24C-3CEC8D75F356}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5066\hpdiagnosticcoreui.exe |
    "{2E534102-6EA2-4FA4-A593-FD075CF41743}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs243b\hpdiagnosticcoreui.exe |
    "{311D75AC-6A38-4992-BA29-97D1AE77913D}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs7898\hpdiagnosticcoreui.exe |
    "{361CE265-4074-4A01-984A-7A60286071EE}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs689f\hpdiagnosticcoreui.exe |
    "{3809180F-41E2-4B88-8705-7F9C5FF3B401}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs60d8\hpdiagnosticcoreui.exe |
    "{3A30560C-8A1F-4644-A293-C33D979F854A}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs36b4\hpdiagnosticcoreui.exe |
    "{3B6B680D-B8B5-4138-9621-17471DD7AC40}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2ebd\hpdiagnosticcoreui.exe |
    "{3D46C425-4559-4021-A207-38D5F468221E}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs34ee\hpdiagnosticcoreui.exe |
    "{41EDFCC2-357F-4EC8-8869-579FD65B9411}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs7f11\hpdiagnosticcoreui.exe |
    "{42DC04A1-171C-4DCF-B3EC-BE207621520D}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs7898\hpdiagnosticcoreui.exe |
    "{43480CB4-CC87-43E5-91D5-3A91E9BAE614}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2dc9\hpdiagnosticcoreui.exe |
    "{46222130-FF94-438B-897C-27579489B3A9}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs569a\hpdiagnosticcoreui.exe |
    "{47945F05-BC36-44E7-AEE2-475DE726EEE4}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs36b4\hpdiagnosticcoreui.exe |
    "{4835C576-CA7E-47C4-B323-CC3AA5685B03}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs6ae6\hpdiagnosticcoreui.exe |
    "{4AB6E7A8-7D57-41AB-A727-599B1DA3CBA9}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2fb4\hpdiagnosticcoreui.exe |
    "{4C1F3E1B-0F35-48B9-A0F0-282E14E669BD}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs24f4\hpdiagnosticcoreui.exe |
    "{511862F8-312B-43EC-AC68-8889A9EADA0C}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs4dd5\hpdiagnosticcoreui.exe |
    "{53842F8B-80E1-4D96-B47E-B6094781495E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{55C15F05-9D01-4B07-BA0F-B4AEAAA6D5AB}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs7750\hpdiagnosticcoreui.exe |
    "{57A26B95-061F-4600-98F1-44087BBDE7CE}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2a5c\hpdiagnosticcoreui.exe |
    "{5A28AEEB-CFFF-4E2B-BA01-7F571256876F}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2fb4\hpdiagnosticcoreui.exe |
    "{5D69738A-6A19-4500-9B75-257A46685E75}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs0cf7\hpdiagnosticcoreui.exe |
    "{5E4090FE-F0CB-460E-BD12-75CCDFBE9F0A}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2ebd\hpdiagnosticcoreui.exe |
    "{5F58BEE4-3B05-4BB6-B02D-F79D95368433}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5727\hpdiagnosticcoreui.exe |
    "{64F65747-FA31-490C-ADCF-99B234A50DC1}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs40d5\hpdiagnosticcoreui.exe |
    "{69480C05-C65D-48C3-BCAE-C60C4FE291B3}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5cfe\hpdiagnosticcoreui.exe |
    "{6FB70C2E-D47C-4548-969F-506D5F1F9B80}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs1f80\hpdiagnosticcoreui.exe |
    "{747CF400-65DB-4815-9363-E6F528DF03E3}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs4390\hpdiagnosticcoreui.exe |
    "{76166B90-FD27-4BC3-BC86-6CADBB8DE09A}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2eee\hpdiagnosticcoreui.exe |
    "{79934CC7-4DDD-419D-9FF3-522A2B20088C}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs60d8\hpdiagnosticcoreui.exe |
    "{79A804F3-3925-4DE8-94E0-3F176CA12825}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs38fd\hpdiagnosticcoreui.exe |
    "{7BA7B5D8-EB8C-486A-BBC9-49C6F142999F}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs569a\hpdiagnosticcoreui.exe |
    "{7CEA758F-BD98-498E-9DFF-9689095D1D59}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs69a1\hpdiagnosticcoreui.exe |
    "{7D43BC61-885C-426A-B063-57D4B211C90E}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5f28\hpdiagnosticcoreui.exe |
    "{7DDB6CF7-2AC0-48D8-8C50-DE0921B361B4}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs7f27\hpdiagnosticcoreui.exe |
    "{7FC46FEC-2E9D-48F1-A687-F077AD19FA82}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs16fd\hpdiagnosticcoreui.exe |
    "{834FAFC9-7BC4-4832-95E7-E9CE8FE9CB19}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2e35\hpdiagnosticcoreui.exe |
    "{88F28E7A-8750-4112-BBD6-D3870DBA1BBA}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2c84\hpdiagnosticcoreui.exe |
    "{894C5BFC-0007-490E-AD83-F16F52BDE45A}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs7f11\hpdiagnosticcoreui.exe |
    "{89BFE33D-E82A-4CD9-84E1-989DEE618497}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs7750\hpdiagnosticcoreui.exe |
    "{8BE89C5A-2ED7-41F8-A0DE-ECABCFBE23F9}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
    "{8CC14686-210F-424D-82B3-3A061C11E025}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2eee\hpdiagnosticcoreui.exe |
    "{8ED89BD7-C21D-4F9C-9D8D-50410E025FCA}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2e32\hpdiagnosticcoreui.exe |
    "{923BCAEB-F6D9-414A-ABB2-0E106E1F7B38}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs21c8\hpdiagnosticcoreui.exe |
    "{9283793C-64FA-4ED1-8F42-6D15C84E8CD9}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5be7\hpdiagnosticcoreui.exe |
    "{93259A4C-CDB9-4DE1-95D1-A538173753E6}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs0cf7\hpdiagnosticcoreui.exe |
    "{9419902F-710B-46B2-9E8A-9C0EA0277E64}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2dc9\hpdiagnosticcoreui.exe |
    "{966516E0-AD3A-49CD-96A9-9E3C3276E062}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs689f\hpdiagnosticcoreui.exe |
    "{96907A7B-92BB-4BD8-8804-EFF15E487154}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs38fb\hpdiagnosticcoreui.exe |
    "{987A7B97-1F07-4058-BD0E-31544B063EB0}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs661a\hpdiagnosticcoreui.exe |
    "{989C1673-3344-4EEF-B250-0A871236402B}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs40d5\hpdiagnosticcoreui.exe |
    "{99132602-4EC5-4268-9C06-A0D00250715F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{9CD4260C-24F3-4C5E-84DD-8609D2FE9944}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5877\hpdiagnosticcoreui.exe |
    "{A23CF2FA-1D0C-4DAF-A339-73185B197F28}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2c84\hpdiagnosticcoreui.exe |
    "{A3065D91-EB78-411A-B040-737EB678144B}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs057b\hpdiagnosticcoreui.exe |
    "{A5CADE6A-D8EF-4CC1-8818-E79BAEF83C23}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5cfe\hpdiagnosticcoreui.exe |
    "{A6E5AD96-C32A-4465-A455-21904CBADDF4}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{A8AD1725-8E09-40A2-8961-2EF59AF1CC27}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs1c18\hpdiagnosticcoreui.exe |
    "{AB124B4A-E370-48CE-B1B5-B338022722F5}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs19c1\hpdiagnosticcoreui.exe |
    "{AB7E9F98-96DA-478D-9AFD-E0B70A899FDF}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5905\hpdiagnosticcoreui.exe |
    "{AF29AB67-914D-4AA4-A3E0-F6A61F8D19DC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{B024BBE0-29B5-4A38-A0DE-DA50E7F8F5EA}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs56d4\hpdiagnosticcoreui.exe |
    "{B452B507-4DE4-4E15-80E3-1D7CA8965F0A}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2e35\hpdiagnosticcoreui.exe |
    "{B6FFCDD8-2461-489C-9F06-7A5F28D159D6}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs7f27\hpdiagnosticcoreui.exe |
    "{B827F10C-CEE9-4D17-9936-360895394C02}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{B8298697-6E90-444F-A6D8-7C16C20CFC3C}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{BA86CF7D-B5BA-4890-B41B-0C9770F7A940}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs1a6a\hpdiagnosticcoreui.exe |
    "{BD065907-D09A-4658-83DE-7305EEACBAB2}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs243b\hpdiagnosticcoreui.exe |
    "{C046D364-B00F-4A73-AEB7-7326A7AFF9AF}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5c2c\hpdiagnosticcoreui.exe |
    "{C07AC410-B64C-47F4-B57D-BB816F76A151}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5905\hpdiagnosticcoreui.exe |
    "{C07E056A-7E3D-4B61-8507-4B97D96D0DE0}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs4390\hpdiagnosticcoreui.exe |
    "{C38370B9-4F5F-44CC-8B9A-EFCB78A383C4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{C3D57ED4-B9E9-4CE7-AAA8-F5AFF9C25521}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs1a6a\hpdiagnosticcoreui.exe |
    "{C816057C-0A6C-42E8-A612-1129C9527FF0}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs34ee\hpdiagnosticcoreui.exe |
    "{CBD8A3C1-44B1-4E57-9183-6BF65E4944C5}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs6940\hpdiagnosticcoreui.exe |
    "{CEEA32B9-352F-45FA-A094-EA7063725670}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2e41\hpdiagnosticcoreui.exe |
    "{D0280535-7A7B-43CC-AF36-51E5F3082993}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs21c8\hpdiagnosticcoreui.exe |
    "{D047B9FC-F5E1-4860-B560-C310FE8B9BBC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D0F01013-F1EE-4680-A48A-5485164FAEE9}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{D1490765-4696-4D33-ADC9-F8E5050BABF4}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5727\hpdiagnosticcoreui.exe |
    "{D1B506B5-5087-4683-95FE-C9FFB79E2D65}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs6f04\hpdiagnosticcoreui.exe |
    "{D44873B7-9A33-42ED-B4EE-361A4BD14074}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2a5c\hpdiagnosticcoreui.exe |
    "{D5C32A4C-DA21-4AF0-A312-EE96FB15FA51}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs057b\hpdiagnosticcoreui.exe |
    "{D6F7E3E7-4C76-4BD5-8581-F4D4A5341950}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2e32\hpdiagnosticcoreui.exe |
    "{D7BC7DCB-D48C-4EBD-ADEF-2BA4C70CE4BB}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5f28\hpdiagnosticcoreui.exe |
    "{DC61B06B-5C09-4723-8491-C6412A2114F5}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs6b51\hpdiagnosticcoreui.exe |
    "{DC88E27B-2AF1-4190-8E26-EFFDD42F3F70}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5877\hpdiagnosticcoreui.exe |
    "{DCFA9CA9-E66A-45BE-8C99-1A1DBDCBD737}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs4dd5\hpdiagnosticcoreui.exe |
    "{DE738DDA-7F49-4F35-819F-7094F17D1CF0}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs6f04\hpdiagnosticcoreui.exe |
    "{E08E529E-BF7A-4523-9980-4452E904F15A}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5c2c\hpdiagnosticcoreui.exe |
    "{E2EA616C-9696-4613-81BB-EA8AF3CD3C59}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs5be7\hpdiagnosticcoreui.exe |
    "{E5225697-CED4-425C-AF8C-976C9AE8E8EB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{E6C8FBF3-7D04-4F9A-9095-4F82B37FEDD7}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs661a\hpdiagnosticcoreui.exe |
    "{E73644EF-0F2F-4E86-B3A3-190AD652815B}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs56d4\hpdiagnosticcoreui.exe |
    "{EC117F14-7652-4161-A4F2-9B86F0427B7F}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2ee4\hpdiagnosticcoreui.exe |
    "{EC8B5DB7-29AF-4C2E-AAB7-020B07E9FD2F}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs38fd\hpdiagnosticcoreui.exe |
    "{EC8DBE02-334C-43D9-9473-7B40A0A0358F}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs458e\hpdiagnosticcoreui.exe |
    "{ED2643CA-AACE-40B3-B7EF-0E2B001D2CE4}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs458e\hpdiagnosticcoreui.exe |
    "{ED41D59C-9925-45AC-94F4-6D83C3876771}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs3d04\hpdiagnosticcoreui.exe |
    "{F087500C-0BD4-4476-858F-DF729F41CC4D}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs6ae6\hpdiagnosticcoreui.exe |
    "{F26EFFE4-33F3-4EE9-B8BC-347F956B61E0}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs2d79\hpdiagnosticcoreui.exe |
    "{F2C36F9E-E4E5-4924-A24E-3FF7084C63EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F3FA5660-38C6-4CB8-BA7C-66E48B8F2D36}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs16fd\hpdiagnosticcoreui.exe |
    "{F8011C75-63F9-4059-A7FF-BC76576D49EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FAAB7EC2-2A71-4880-A170-8D5682226C94}" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs69a1\hpdiagnosticcoreui.exe |
    "{FF1E1BB4-492F-4D95-9BA1-61ABD7659215}" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\local\temp\7zs3d04\hpdiagnosticcoreui.exe |
    "TCP Query User{11CA5AAA-F956-42EB-A3E5-9B598C98F09F}C:\users\norm & betsy\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\norm & betsy\downloads\utorrent.exe |
    "TCP Query User{13407821-0F97-43D1-A08C-74E9CC05EA06}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{31E303DB-944B-44ED-9305-3C0FEF9A2B2D}C:\users\norm & betsy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{5D488CBB-88B6-47DB-AC4E-34E3FCB46967}C:\users\norm & betsy\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\norm & betsy\downloads\utorrent.exe |
    "TCP Query User{5ECF904D-A871-4B62-9C51-AAE7F4D448D8}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "TCP Query User{5EF8FEB5-EBE1-4774-9D55-74E9D6756D8D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{89A18F4E-3A3E-4B20-A470-CC11DEB7660A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{915C846A-8E98-497B-8925-AE2F1B449E38}C:\users\norm & betsy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\norm & betsy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{948D8A8A-F917-4196-B283-D6866B479A16}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{E9782890-4B63-495A-A4F9-3E827C617F36}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe |
    "TCP Query User{F91AD501-46E7-4D06-90EE-7BCE06EA3513}C:\program files\google\google earth pro\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth pro\googleearth.exe |
    "TCP Query User{FCF60C64-5D96-4085-A8DA-B48AFFC90B5A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{03FC2291-97B7-4F76-B92D-9E16947A5581}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{0F0B0D22-22CE-44A2-ABE6-E6608BDC7B80}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{251FD951-D79B-4166-9BB0-FABDDDDF6583}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "UDP Query User{25CBE607-8BB8-4828-ADF9-387A8BE6AD51}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{5F49695C-4AE7-49CF-9A59-51578AE652CB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{64A4F334-7E38-4112-A43B-C72E050D1940}C:\users\norm & betsy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{7EBF56F0-C266-4C84-89FD-DA9524D7717C}C:\users\norm & betsy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\norm & betsy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{8E3BEF6F-B2B8-4DCE-8AD2-9808983FD93B}C:\program files\google\google earth pro\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth pro\googleearth.exe |
    "UDP Query User{968FD259-989B-4DA0-BBA7-7525B0F14909}C:\users\norm & betsy\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\norm & betsy\downloads\utorrent.exe |
    "UDP Query User{BF0EED6D-5280-4C3B-84AD-1395B347A68A}C:\users\norm & betsy\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\norm & betsy\downloads\utorrent.exe |
    "UDP Query User{C229628B-7787-40F3-944B-29004484EC75}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{DDA0C298-9303-4AF0-B5C7-DD8AEE73F123}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0E4EDFCB-DC4D-4339-AB85-A8444E85D37B}" = 2600
    "{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
    "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
    "{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2437DF07-D3CB-4D85-8397-ED8AE9ED26D5}" = LeapFrog Tag Junior Plugin
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
    "{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
    "{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AEA646F-270A-4ADA-97A5-0B31FDDAD67F}" = Font_Setup
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
    "{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
    "{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
    "{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
    "{6F215D53-6560-4E65-B268-3358508C6D6D}" = 2600Trb
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
    "{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
    "{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
    "{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
    "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4B0C5D-035C-4643-B80F-AFF81534D117}" = 2600_Help
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
    "{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
    "{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
    "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "Sierra Utilities" = Sierra Utilities
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
    "transformer_ie" = Widevine Media Transformer Plugin 5.0.0
    "UPCShell" = LeapFrog Connect
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WildTangent dell Master Uninstall" = Dell Games
    "WinLiveSuite" = Windows Live Essentials
    "YTdetect" = Yahoo! Detect

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/7/2012 9:14:34 PM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/7/2012 9:14:34 PM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/7/2012 9:14:34 PM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/7/2012 10:24:42 PM | Computer Name = NormBetsy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 3/8/2012 10:04:52 AM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/8/2012 10:04:52 AM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/8/2012 10:04:52 AM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/8/2012 10:42:01 AM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/8/2012 10:42:01 AM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 3/8/2012 10:42:01 AM | Computer Name = NormBetsy-PC | Source = Bonjour Service | ID = 100
    Description =

    [ Media Center Events ]
    Error - 10/10/2012 9:58:24 AM | Computer Name = NormBetsy-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 3/29/2010 3:14:59 PM | Computer Name = NormBetsy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 598
    seconds with 180 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 2/7/2013 6:50:28 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/7/2013 6:50:28 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/7/2013 6:51:34 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7038
    Description =

    Error - 2/7/2013 6:51:34 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/9/2013 2:14:53 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/9/2013 2:16:53 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7038
    Description =

    Error - 2/9/2013 2:16:53 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/9/2013 2:31:08 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/9/2013 2:31:46 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7038
    Description =

    Error - 2/9/2013 2:31:46 PM | Computer Name = NormBetsy-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >


    Here you go, thanks for your help. I have also downloaded and ran RougeKiller, based on things I read....
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    firewoodman,
    While I research the log results, please don't run any more scans, removals, or installations unless I ask, until we are through cleaning. Machine contents can be very complex, and I need to keep track of what's on there.

    If you still have RKreports.txt from RogueKiller on your machine, please post the contents.
    Thanks.
    askey127
     
  5. firewoodman

    firewoodman Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    33

    Sorry :( I will do as you say from here on out.....

    RK Report 1:

    RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Norm & Betsy [Admin rights]
    Mode : Scan -- Date : 02/09/2013 09:55:49
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    [SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1178184448-1605268686-2938866084-1003\$aebb65e4ea9520a5e9d9654e6cdd1170\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1178184448-1605268686-2938866084-1003\$aebb65e4ea9520a5e9d9654e6cdd1170\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1178184448-1605268686-2938866084-1003\$aebb65e4ea9520a5e9d9654e6cdd1170\L --> FOUND
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\Default\NTUSER.DAT
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST332063 3AS SCSI Disk Device +++++
    --- User ---
    [MBR] 424f45d9e498053fb8767edb964be6e3
    [BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive1: HP Photosmart 2610 USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1]_S_02092013_02d0955.txt >>
    RKreport[1]_S_02092013_02d0955.txt

    RK Report 2:

    RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Norm & Betsy [Admin rights]
    Mode : Remove -- Date : 02/09/2013 09:57:40
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    [SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1178184448-1605268686-2938866084-1003\$aebb65e4ea9520a5e9d9654e6cdd1170\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1178184448-1605268686-2938866084-1003\$aebb65e4ea9520a5e9d9654e6cdd1170\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1178184448-1605268686-2938866084-1003\$aebb65e4ea9520a5e9d9654e6cdd1170\L --> REMOVED
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\Default\NTUSER.DAT
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST332063 3AS SCSI Disk Device +++++
    --- User ---
    [MBR] 424f45d9e498053fb8767edb964be6e3
    [BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive1: HP Photosmart 2610 USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_02092013_02d0957.txt >>
    RKreport[1]_S_02092013_02d0955.txt ; RKreport[2]_D_02092013_02d0957.txt

    RK Report 3:

    RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Norm & Betsy [Admin rights]
    Mode : Shortcuts HJfix -- Date : 02/09/2013 10:05:52
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    [SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\Default\NTUSER.DAT
    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 101 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 5 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 789 / Fail 0
    My documents: Success 2 / Fail 2
    My favorites: Success 0 / Fail 0
    My pictures: Success 90 / Fail 0
    My music: Success 4 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 160 / Fail 0
    Backup: [NOT FOUND]
    Drives:
    [C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [E:] \Device\CdRom0 -- 0x5 --> Skipped
    [F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    Finished : << RKreport[3]_SC_02092013_02d1005.txt >>
    RKreport[1]_S_02092013_02d0955.txt ; RKreport[2]_D_02092013_02d0957.txt ; RKreport[3]_SC_02092013_02d1005.txt

    Here you go! Thanks so much for your help!
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Firewoodman,
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Uninstall a program under the Programs heading.
    Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

    Java(TM) 6 Update 31
    URL Assistant
    Ad-Aware Browsing Protection
    Google Updater

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------
    TDSSKiller - Rootkit Removal Tool
    Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
    1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      (Vista - W7 users: Right-click and select "Run As Administrator")
      If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
      If you don't see file extensions, please see: How to change the file extension.
      If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
    2. Click the Start Scan button. Do not use the computer during the scan!
    3. If the scan completes with nothing found, click Close to exit.
    4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
      • If Cure is not offered as an option, choose Skip.
    5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
      (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
    6. Copy and paste the contents of that file in your next reply.
    If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
      FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
      FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
      [2012/03/12 09:38:09 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions\ [email protected]
      [2013/02/01 11:41:57 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Norm & Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\7qlgfmm3.default\extensions\ [email protected]
      [2012/03/12 09:38:05 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
      O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O33 - MountPoints2\{6b4b8d47-c731-11db-8854-806e6f6e6963}\Shell\AutoRun\command - "" = E:\KAV2009.EXE
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
      "{1439673D-B188-4236-A033-445AF12D659D}" =-
      "TCP Query User{11CA5AAA-F956-42EB-A3E5-9B598C98F09F}C:\users\norm & betsy\downloads\utorrent.exe"=-
      "TCP Query User{5D488CBB-88B6-47DB-AC4E-34E3FCB46967}C:\users\norm & betsy\downloads\utorrent.exe"=-
      "UDP Query User{968FD259-989B-4DA0-BBA7-7525B0F14909}C:\users\norm & betsy\downloads\utorrent.exe"=-
      "UDP Query User{BF0EED6D-5280-4C3B-84AD-1395B347A68A}C:\users\norm & betsy\downloads\utorrent.exe"=-
      
      :Files
      C:\program files\limewire
      C:\users\norm & betsy\downloads\utorrent.exe
      C:\ProgramData\Ad-Aware Antivirus
      C:\ProgramData\Ad-Aware Browsing Protection
      C:\Program Files\adawaretb
      C:\Users\Norm & Betsy\AppData\Roaming\Ad-Aware Antivirus
      C:\Users\Norm & Betsy\AppData\Roaming\Babylon
      C:\Users\Norm & Betsy\AppData\Roaming\Ad-Aware Antivirus
      C:\Users\Norm & Betsy\AppData\Roaming\OpenCandy
      C:\Users\Norm & Betsy\AppData\Roaming\uTorrent
      ipconfig /flushdns /c
      
      :Commands
      [PURITY]
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      [RESETHOSTS]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

    So we are looking for the log from TDSSKiller, the FIX log from OTL, and the contents of the new OTL.txt from a fresh scan.
    Please feel free to post each as a separate reply if it's more convenient.

    askey127
     
  7. firewoodman

    firewoodman Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    33

    Here is the TDSSKiller results.....

    15:00:25.0183 5648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    15:00:25.0916 5648 ============================================================
    15:00:25.0916 5648 Current date / time: 2013/02/10 15:00:25.0916
    15:00:25.0916 5648 SystemInfo:
    15:00:25.0916 5648
    15:00:25.0916 5648 OS Version: 6.0.6002 ServicePack: 2.0
    15:00:25.0916 5648 Product type: Workstation
    15:00:25.0916 5648 ComputerName: NORMBETSY-PC
    15:00:25.0916 5648 UserName: Norm & Betsy
    15:00:25.0916 5648 Windows directory: C:\Windows
    15:00:25.0916 5648 System windows directory: C:\Windows
    15:00:25.0916 5648 Processor architecture: Intel x86
    15:00:25.0916 5648 Number of processors: 2
    15:00:25.0916 5648 Page size: 0x1000
    15:00:25.0916 5648 Boot type: Normal boot
    15:00:25.0916 5648 ============================================================
    15:00:27.0039 5648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    15:00:27.0070 5648 ============================================================
    15:00:27.0070 5648 \Device\Harddisk0\DR0:
    15:00:27.0070 5648 MBR partitions:
    15:00:27.0070 5648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
    15:00:27.0070 5648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x24016000
    15:00:27.0070 5648 ============================================================
    15:00:27.0102 5648 C: <-> \Device\Harddisk0\DR0\Partition2
    15:00:27.0133 5648 D: <-> \Device\Harddisk0\DR0\Partition1
    15:00:27.0133 5648 ============================================================
    15:00:27.0133 5648 Initialize success
    15:00:27.0133 5648 ============================================================
    15:00:53.0341 6052 ============================================================
    15:00:53.0341 6052 Scan started
    15:00:53.0341 6052 Mode: Manual;
    15:00:53.0341 6052 ============================================================
    15:00:58.0582 6052 ================ Scan system memory ========================
    15:00:58.0582 6052 System memory - ok
    15:00:58.0582 6052 ================ Scan services =============================
    15:01:04.0495 6052 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    15:01:04.0620 6052 ACPI - ok
    15:01:05.0696 6052 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    15:01:05.0696 6052 AdobeARMservice - ok
    15:01:05.0852 6052 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:01:05.0852 6052 AdobeFlashPlayerUpdateSvc - ok
    15:01:06.0039 6052 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    15:01:06.0102 6052 adp94xx - ok
    15:01:06.0211 6052 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
    15:01:06.0273 6052 adpahci - ok
    15:01:06.0382 6052 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    15:01:06.0398 6052 adpu160m - ok
    15:01:06.0445 6052 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    15:01:06.0460 6052 adpu320 - ok
    15:01:06.0507 6052 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    15:01:06.0554 6052 AeLookupSvc - ok
    15:01:06.0694 6052 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    15:01:06.0694 6052 AFD - ok
    15:01:06.0804 6052 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
    15:01:06.0819 6052 agp440 - ok
    15:01:06.0882 6052 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    15:01:06.0913 6052 aic78xx - ok
    15:01:06.0975 6052 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    15:01:07.0006 6052 ALG - ok
    15:01:07.0053 6052 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys
    15:01:07.0116 6052 aliide - ok
    15:01:07.0490 6052 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    15:01:07.0786 6052 amdagp - ok
    15:01:07.0849 6052 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys
    15:01:07.0942 6052 amdide - ok
    15:01:08.0036 6052 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    15:01:08.0130 6052 AmdK7 - ok
    15:01:08.0254 6052 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    15:01:08.0286 6052 AmdK8 - ok
    15:01:08.0676 6052 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    15:01:08.0691 6052 Appinfo - ok
    15:01:08.0816 6052 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
    15:01:08.0878 6052 arc - ok
    15:01:09.0206 6052 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    15:01:09.0300 6052 arcsas - ok
    15:01:09.0471 6052 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    15:01:09.0487 6052 AsyncMac - ok
    15:01:09.0627 6052 [ A779CA2C76DA4FCB595E692C05E8E4EB ] atapi C:\Windows\system32\drivers\atapi.sys
    15:01:09.0658 6052 atapi - ok
    15:01:10.0360 6052 [ 86ACB6A60C50E99EB8E68710D5A12654 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    15:01:10.0626 6052 Ati External Event Utility - ok
    15:01:11.0655 6052 [ E36D69E40C1DB6A0F6AE9E3E68BA775A ] ati2mtag C:\Windows\system32\DRIVERS\ati2mtag.sys
    15:01:12.0981 6052 ati2mtag - ok
    15:01:15.0945 6052 [ 7DB96C2801A78513BDC133C25D07929E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    15:01:21.0608 6052 atikmdag - ok
    15:01:22.0014 6052 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    15:01:22.0404 6052 AudioEndpointBuilder - ok
    15:01:22.0716 6052 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    15:01:22.0731 6052 Audiosrv - ok
    15:01:23.0090 6052 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    15:01:23.0215 6052 bcm4sbxp - ok
    15:01:23.0886 6052 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    15:01:24.0026 6052 BcmSqlStartupSvc - ok
    15:01:24.0213 6052 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    15:01:24.0229 6052 Beep - ok
    15:01:24.0463 6052 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    15:01:24.0790 6052 BFE - ok
    15:01:25.0336 6052 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
    15:01:25.0945 6052 BITS - ok
    15:01:25.0960 6052 blbdrive - ok
    15:01:26.0023 6052 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    15:01:26.0101 6052 bowser - ok
    15:01:26.0210 6052 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    15:01:26.0241 6052 BrFiltLo - ok
    15:01:26.0304 6052 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    15:01:26.0382 6052 BrFiltUp - ok
    15:01:26.0522 6052 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    15:01:26.0616 6052 Browser - ok
    15:01:26.0850 6052 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    15:01:26.0974 6052 Brserid - ok
    15:01:27.0068 6052 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    15:01:27.0084 6052 BrSerWdm - ok
    15:01:27.0224 6052 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    15:01:27.0271 6052 BrUsbMdm - ok
    15:01:27.0333 6052 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    15:01:27.0349 6052 BrUsbSer - ok
    15:01:27.0520 6052 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    15:01:27.0583 6052 BTHMODEM - ok
    15:01:27.0832 6052 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    15:01:27.0879 6052 cdfs - ok
    15:01:27.0988 6052 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    15:01:28.0113 6052 cdrom - ok
    15:01:28.0316 6052 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    15:01:28.0332 6052 CertPropSvc - ok
    15:01:28.0363 6052 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
    15:01:28.0378 6052 circlass - ok
    15:01:28.0488 6052 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    15:01:28.0519 6052 CLFS - ok
    15:01:28.0878 6052 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:01:28.0971 6052 clr_optimization_v2.0.50727_32 - ok
    15:01:29.0907 6052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:01:29.0985 6052 clr_optimization_v4.0.30319_32 - ok
    15:01:30.0048 6052 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    15:01:30.0048 6052 cmdide - ok
    15:01:30.0141 6052 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    15:01:30.0157 6052 Compbatt - ok
    15:01:30.0313 6052 [ BC6B87086FF0D99F87FE8AF9A919A1E7 ] CompFilter C:\Windows\system32\DRIVERS\lvbusflt.sys
    15:01:30.0469 6052 CompFilter - ok
    15:01:30.0469 6052 COMSysApp - ok
    15:01:30.0500 6052 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    15:01:30.0500 6052 crcdisk - ok
    15:01:30.0578 6052 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    15:01:30.0594 6052 Crusoe - ok
    15:01:30.0687 6052 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    15:01:30.0906 6052 CryptSvc - ok
    15:01:31.0140 6052 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    15:01:31.0389 6052 DcomLaunch - ok
    15:01:31.0420 6052 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    15:01:31.0467 6052 DfsC - ok
    15:01:32.0013 6052 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    15:01:33.0105 6052 DFSR - ok
    15:01:33.0324 6052 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    15:01:33.0355 6052 Dhcp - ok
    15:01:33.0448 6052 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    15:01:33.0480 6052 disk - ok
    15:01:33.0589 6052 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    15:01:33.0604 6052 Dnscache - ok
    15:01:33.0651 6052 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    15:01:33.0729 6052 dot3svc - ok
    15:01:33.0870 6052 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    15:01:33.0963 6052 Dot4 - ok
    15:01:34.0072 6052 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    15:01:34.0104 6052 Dot4Print - ok
    15:01:34.0197 6052 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    15:01:34.0260 6052 dot4usb - ok
    15:01:34.0400 6052 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    15:01:34.0618 6052 DPS - ok
    15:01:34.0712 6052 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    15:01:34.0743 6052 drmkaud - ok
    15:01:35.0024 6052 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    15:01:35.0040 6052 DXGKrnl - ok
    15:01:35.0133 6052 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
    15:01:35.0398 6052 e1express - ok
    15:01:35.0461 6052 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    15:01:35.0539 6052 E1G60 - ok
    15:01:35.0617 6052 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    15:01:35.0648 6052 EapHost - ok
    15:01:35.0804 6052 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    15:01:35.0835 6052 Ecache - ok
    15:01:36.0116 6052 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    15:01:36.0225 6052 ehRecvr - ok
    15:01:36.0256 6052 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    15:01:36.0256 6052 ehSched - ok
    15:01:36.0319 6052 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    15:01:36.0334 6052 ehstart - ok
    15:01:36.0412 6052 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
    15:01:36.0490 6052 elxstor - ok
    15:01:36.0615 6052 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    15:01:36.0709 6052 EMDMgmt - ok
    15:01:36.0787 6052 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    15:01:36.0865 6052 EventSystem - ok
    15:01:36.0990 6052 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    15:01:37.0114 6052 exfat - ok
    15:01:37.0270 6052 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    15:01:37.0333 6052 fastfat - ok
    15:01:37.0458 6052 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    15:01:37.0489 6052 fdc - ok
    15:01:37.0582 6052 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    15:01:37.0598 6052 fdPHost - ok
    15:01:37.0676 6052 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    15:01:37.0707 6052 FDResPub - ok
    15:01:37.0801 6052 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    15:01:37.0816 6052 FileInfo - ok
    15:01:37.0894 6052 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    15:01:37.0926 6052 Filetrace - ok
    15:01:38.0004 6052 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    15:01:38.0035 6052 flpydisk - ok
    15:01:38.0144 6052 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    15:01:38.0253 6052 FltMgr - ok
    15:01:38.0659 6052 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    15:01:39.0142 6052 FontCache - ok
    15:01:39.0376 6052 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    15:01:39.0408 6052 FontCache3.0.0.0 - ok
    15:01:39.0486 6052 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    15:01:39.0501 6052 Fs_Rec - ok
    15:01:39.0579 6052 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    15:01:39.0626 6052 gagp30kx - ok
    15:01:39.0766 6052 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:01:39.0766 6052 GEARAspiWDM - ok
    15:01:39.0876 6052 getPlusHelper - ok
    15:01:40.0094 6052 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\Windows\system32\drivers\gfibto.sys
    15:01:40.0094 6052 gfibto - ok
    15:01:40.0234 6052 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    15:01:40.0468 6052 gpsvc - ok
    15:01:40.0780 6052 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9ff5dbb0ea3b0 C:\Program Files\Google\Update\GoogleUpdate.exe
    15:01:40.0874 6052 gupdate1c9ff5dbb0ea3b0 - ok
    15:01:41.0014 6052 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    15:01:41.0014 6052 gupdatem - ok
    15:01:41.0186 6052 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    15:01:41.0248 6052 gusvc - ok
    15:01:41.0342 6052 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    15:01:41.0529 6052 HdAudAddService - ok
    15:01:41.0654 6052 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:01:41.0904 6052 HDAudBus - ok
    15:01:41.0982 6052 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    15:01:41.0997 6052 HidBth - ok
    15:01:42.0060 6052 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    15:01:42.0075 6052 HidIr - ok
    15:01:42.0169 6052 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    15:01:42.0184 6052 hidserv - ok
    15:01:42.0278 6052 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    15:01:42.0294 6052 HidUsb - ok
    15:01:42.0356 6052 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    15:01:42.0387 6052 hkmsvc - ok
    15:01:42.0481 6052 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    15:01:42.0512 6052 HpCISSs - ok
    15:01:43.0027 6052 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    15:01:43.0120 6052 hpqcxs08 - ok
    15:01:43.0152 6052 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    15:01:43.0230 6052 hpqddsvc - ok
    15:01:43.0386 6052 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    15:01:43.0588 6052 HTTP - ok
    15:01:43.0666 6052 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    15:01:43.0791 6052 i2omp - ok
    15:01:43.0963 6052 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    15:01:43.0978 6052 i8042prt - ok
    15:01:44.0072 6052 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    15:01:44.0400 6052 iaStorV - ok
    15:01:44.0540 6052 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    15:01:44.0571 6052 IDriverT - ok
    15:01:44.0899 6052 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:01:45.0585 6052 idsvc - ok
    15:01:45.0663 6052 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    15:01:45.0710 6052 iirsp - ok
    15:01:45.0913 6052 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    15:01:46.0240 6052 IKEEXT - ok
    15:01:46.0350 6052 [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide C:\Windows\system32\drivers\intelide.sys
    15:01:46.0365 6052 intelide - ok
    15:01:46.0443 6052 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    15:01:46.0474 6052 intelppm - ok
    15:01:46.0615 6052 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    15:01:46.0662 6052 IPBusEnum - ok
    15:01:46.0771 6052 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:01:46.0786 6052 IpFilterDriver - ok
    15:01:46.0896 6052 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    15:01:47.0005 6052 iphlpsvc - ok
    15:01:47.0005 6052 IpInIp - ok
    15:01:47.0067 6052 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    15:01:47.0083 6052 IPMIDRV - ok
    15:01:47.0161 6052 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    15:01:47.0208 6052 IPNAT - ok
    15:01:47.0442 6052 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    15:01:48.0019 6052 iPod Service - ok
    15:01:48.0112 6052 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    15:01:48.0159 6052 IRENUM - ok
    15:01:48.0268 6052 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    15:01:48.0315 6052 isapnp - ok
    15:01:48.0393 6052 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    15:01:48.0393 6052 iScsiPrt - ok
    15:01:48.0471 6052 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    15:01:48.0487 6052 iteatapi - ok
    15:01:48.0534 6052 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    15:01:48.0549 6052 iteraid - ok
    15:01:48.0612 6052 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    15:01:48.0627 6052 kbdclass - ok
    15:01:48.0705 6052 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    15:01:48.0721 6052 kbdhid - ok
    15:01:48.0783 6052 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    15:01:48.0814 6052 KeyIso - ok
    15:01:48.0986 6052 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    15:01:49.0189 6052 KSecDD - ok
    15:01:49.0314 6052 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    15:01:49.0423 6052 KtmRm - ok
    15:01:49.0485 6052 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    15:01:49.0548 6052 LanmanServer - ok
    15:01:49.0766 6052 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    15:01:49.0891 6052 LanmanWorkstation - ok
    15:01:51.0607 6052 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    15:01:54.0633 6052 LeapFrog Connect Device Service - ok
    15:01:54.0711 6052 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    15:01:54.0727 6052 lltdio - ok
    15:01:54.0805 6052 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    15:01:54.0898 6052 lltdsvc - ok
    15:01:54.0961 6052 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    15:01:54.0976 6052 lmhosts - ok
    15:01:55.0086 6052 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    15:01:55.0101 6052 LSI_FC - ok
    15:01:55.0164 6052 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    15:01:55.0195 6052 LSI_SAS - ok
    15:01:55.0257 6052 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    15:01:55.0335 6052 LSI_SCSI - ok
    15:01:55.0382 6052 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    15:01:55.0429 6052 luafv - ok
    15:01:55.0585 6052 [ 7521C0C58EE91BE90B6CC33E792D10C7 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
    15:01:55.0632 6052 LVRS - ok
    15:01:57.0004 6052 [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
    15:01:58.0315 6052 LVUVC - ok
    15:01:58.0346 6052 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    15:01:58.0362 6052 Mcx2Svc - ok
    15:01:58.0455 6052 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
    15:01:58.0486 6052 megasas - ok
    15:01:58.0549 6052 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    15:01:58.0564 6052 MMCSS - ok
    15:01:58.0642 6052 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    15:01:58.0642 6052 Modem - ok
    15:01:58.0736 6052 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    15:01:58.0736 6052 monitor - ok
    15:01:58.0798 6052 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    15:01:58.0798 6052 mouclass - ok
    15:01:58.0830 6052 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    15:01:58.0876 6052 mouhid - ok
    15:01:58.0970 6052 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    15:01:58.0986 6052 MountMgr - ok
    15:01:59.0204 6052 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    15:01:59.0251 6052 MozillaMaintenance - ok
    15:01:59.0407 6052 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    15:01:59.0516 6052 MpFilter - ok
    15:01:59.0610 6052 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
    15:01:59.0656 6052 mpio - ok
    15:02:00.0265 6052 [ A69630D039C38018689190234F866D77 ] MpKsl454a61a9 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C76CE2B-DC30-48EA-B4CE-F83256057640}\MpKsl454a61a9.sys
    15:02:00.0265 6052 MpKsl454a61a9 - ok
    15:02:00.0655 6052 [ A69630D039C38018689190234F866D77 ] MpKslfaa10fa2 C:\Windows\system32\MpEngineStore\MpKslfaa10fa2.sys
    15:02:00.0842 6052 Suspicious file (Forged): C:\Windows\system32\MpEngineStore\MpKslfaa10fa2.sys. Real md5: A69630D039C38018689190234F866D77, Fake md5: 4137EE420481D10734DA3018D0325582
    15:02:00.0842 6052 MpKslfaa10fa2 ( ForgedFile.Multi.Generic ) - warning
    15:02:00.0842 6052 MpKslfaa10fa2 - detected ForgedFile.Multi.Generic (1)
    15:02:00.0904 6052 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    15:02:00.0920 6052 mpsdrv - ok
    15:02:01.0060 6052 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    15:02:01.0482 6052 MpsSvc - ok
    15:02:01.0653 6052 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    15:02:01.0669 6052 Mraid35x - ok
    15:02:01.0747 6052 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    15:02:01.0778 6052 MRxDAV - ok
    15:02:01.0840 6052 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:02:01.0903 6052 mrxsmb - ok
    15:02:02.0090 6052 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:02:02.0386 6052 mrxsmb10 - ok
    15:02:02.0433 6052 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:02:02.0480 6052 mrxsmb20 - ok
    15:02:02.0620 6052 [ F0EC3A4E0693A34B148723B4DA31668C ] msahci C:\Windows\system32\drivers\msahci.sys
    15:02:02.0636 6052 msahci - ok
    15:02:02.0714 6052 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    15:02:02.0761 6052 msdsm - ok
    15:02:02.0901 6052 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    15:02:02.0932 6052 MSDTC - ok
    15:02:03.0010 6052 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    15:02:03.0026 6052 Msfs - ok
    15:02:03.0229 6052 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    15:02:03.0229 6052 msisadrv - ok
    15:02:03.0291 6052 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    15:02:03.0354 6052 MSiSCSI - ok
    15:02:03.0369 6052 msiserver - ok
    15:02:03.0525 6052 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    15:02:03.0572 6052 MSKSSRV - ok
    15:02:03.0759 6052 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    15:02:03.0759 6052 MsMpSvc - ok
    15:02:03.0868 6052 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    15:02:03.0884 6052 MSPCLOCK - ok
    15:02:03.0962 6052 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    15:02:03.0962 6052 MSPQM - ok
    15:02:04.0087 6052 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    15:02:04.0102 6052 MsRPC - ok
    15:02:04.0352 6052 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    15:02:04.0352 6052 mssmbios - ok
    15:02:04.0524 6052 MSSQL$MSSMLBIZ - ok
    15:02:04.0602 6052 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    15:02:04.0602 6052 MSSQLServerADHelper - ok
    15:02:04.0680 6052 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    15:02:04.0695 6052 MSTEE - ok
    15:02:04.0726 6052 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    15:02:04.0742 6052 Mup - ok
    15:02:04.0851 6052 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    15:02:04.0898 6052 napagent - ok
    15:02:05.0007 6052 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    15:02:05.0101 6052 NativeWifiP - ok
    15:02:05.0428 6052 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    15:02:05.0584 6052 NDIS - ok
    15:02:05.0647 6052 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    15:02:05.0662 6052 NdisTapi - ok
    15:02:05.0694 6052 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    15:02:05.0709 6052 Ndisuio - ok
    15:02:05.0772 6052 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    15:02:05.0803 6052 NdisWan - ok
    15:02:05.0881 6052 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    15:02:05.0928 6052 NDProxy - ok
    15:02:06.0037 6052 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    15:02:06.0068 6052 Net Driver HPZ12 - ok
    15:02:06.0162 6052 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    15:02:06.0177 6052 NetBIOS - ok
    15:02:06.0302 6052 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    15:02:06.0349 6052 netbt - ok
    15:02:06.0380 6052 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    15:02:06.0380 6052 Netlogon - ok
    15:02:06.0505 6052 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    15:02:06.0645 6052 Netman - ok
    15:02:06.0739 6052 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    15:02:06.0786 6052 netprofm - ok
    15:02:06.0864 6052 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:02:06.0910 6052 NetTcpPortSharing - ok
    15:02:07.0004 6052 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    15:02:07.0051 6052 nfrd960 - ok
    15:02:07.0269 6052 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    15:02:07.0285 6052 NisDrv - ok
    15:02:07.0659 6052 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    15:02:07.0878 6052 NisSrv - ok
    15:02:07.0987 6052 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    15:02:08.0034 6052 NlaSvc - ok
    15:02:08.0080 6052 [ 9865516D33BC66FDDAC9DB4087D4B6AA ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
    15:02:08.0673 6052 nosGetPlusHelper - ok
    15:02:08.0720 6052 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    15:02:08.0907 6052 Npfs - ok
    15:02:09.0079 6052 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    15:02:09.0126 6052 nsi - ok
    15:02:09.0219 6052 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    15:02:09.0266 6052 nsiproxy - ok
    15:02:09.0562 6052 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    15:02:09.0906 6052 Ntfs - ok
    15:02:09.0984 6052 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    15:02:09.0999 6052 ntrigdigi - ok
    15:02:10.0311 6052 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    15:02:10.0327 6052 Null - ok
    15:02:13.0166 6052 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    15:02:13.0244 6052 nvlddmkm - ok
    15:02:13.0291 6052 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
    15:02:13.0338 6052 nvraid - ok
    15:02:13.0400 6052 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    15:02:13.0416 6052 nvstor - ok
    15:02:13.0540 6052 [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
    15:02:13.0540 6052 nvstor32 - ok
    15:02:13.0915 6052 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
    15:02:14.0258 6052 nvsvc - ok
    15:02:14.0788 6052 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    15:02:15.0475 6052 nvUpdatusService - ok
    15:02:15.0553 6052 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    15:02:15.0568 6052 nv_agp - ok
    15:02:15.0568 6052 NwlnkFlt - ok
    15:02:15.0600 6052 NwlnkFwd - ok
    15:02:16.0052 6052 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    15:02:16.0208 6052 odserv - ok
    15:02:16.0302 6052 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    15:02:16.0333 6052 ohci1394 - ok
    15:02:16.0489 6052 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:02:16.0567 6052 ose - ok
    15:02:16.0988 6052 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    15:02:17.0253 6052 p2pimsvc - ok
    15:02:17.0394 6052 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    15:02:17.0394 6052 p2psvc - ok
    15:02:17.0487 6052 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    15:02:17.0518 6052 Parport - ok
    15:02:17.0596 6052 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    15:02:17.0628 6052 partmgr - ok
    15:02:17.0737 6052 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    15:02:17.0768 6052 Parvdm - ok
    15:02:17.0862 6052 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    15:02:17.0877 6052 PcaSvc - ok
    15:02:17.0986 6052 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    15:02:18.0033 6052 pci - ok
    15:02:18.0142 6052 [ 20B869152448F80AC49CF10264E91F5E ] pciide C:\Windows\system32\drivers\pciide.sys
    15:02:18.0158 6052 pciide - ok
    15:02:18.0330 6052 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    15:02:18.0376 6052 pcmcia - ok
    15:02:18.0782 6052 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    15:02:19.0234 6052 PEAUTH - ok
    15:02:19.0578 6052 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    15:02:20.0389 6052 pla - ok
    15:02:20.0529 6052 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    15:02:20.0592 6052 PlugPlay - ok
    15:02:20.0638 6052 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    15:02:20.0716 6052 Pml Driver HPZ12 - ok
    15:02:20.0950 6052 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    15:02:20.0950 6052 PNRPAutoReg - ok
    15:02:21.0216 6052 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    15:02:21.0231 6052 PNRPsvc - ok
    15:02:21.0512 6052 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    15:02:21.0746 6052 PolicyAgent - ok
    15:02:21.0840 6052 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    15:02:21.0855 6052 PptpMiniport - ok
    15:02:21.0949 6052 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
    15:02:21.0996 6052 Processor - ok
    15:02:22.0120 6052 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    15:02:22.0167 6052 ProfSvc - ok
    15:02:22.0198 6052 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    15:02:22.0214 6052 ProtectedStorage - ok
    15:02:22.0261 6052 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    15:02:22.0276 6052 PSched - ok
    15:02:22.0526 6052 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    15:02:22.0947 6052 ql2300 - ok
    15:02:22.0978 6052 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    15:02:23.0025 6052 ql40xx - ok
    15:02:23.0134 6052 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    15:02:23.0259 6052 QWAVE - ok
    15:02:23.0306 6052 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    15:02:23.0306 6052 QWAVEdrv - ok
    15:02:24.0367 6052 [ 7DB96C2801A78513BDC133C25D07929E ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
    15:02:24.0398 6052 R300 - ok
    15:02:24.0445 6052 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    15:02:24.0460 6052 RasAcd - ok
    15:02:24.0616 6052 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    15:02:24.0663 6052 RasAuto - ok
    15:02:24.0757 6052 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:02:24.0804 6052 Rasl2tp - ok
    15:02:24.0991 6052 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    15:02:25.0084 6052 RasMan - ok
    15:02:25.0350 6052 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    15:02:25.0365 6052 RasPppoe - ok
    15:02:25.0459 6052 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    15:02:25.0474 6052 RasSstp - ok
    15:02:25.0568 6052 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    15:02:25.0740 6052 rdbss - ok
    15:02:25.0802 6052 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:02:25.0818 6052 RDPCDD - ok
    15:02:25.0974 6052 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    15:02:26.0239 6052 rdpdr - ok
    15:02:26.0488 6052 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    15:02:26.0504 6052 RDPENCDD - ok
    15:02:26.0785 6052 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    15:02:26.0878 6052 RDPWD - ok
    15:02:27.0050 6052 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    15:02:27.0066 6052 RemoteAccess - ok
    15:02:27.0128 6052 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    15:02:27.0315 6052 RemoteRegistry - ok
    15:02:27.0378 6052 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    15:02:27.0393 6052 RpcLocator - ok
    15:02:27.0565 6052 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    15:02:27.0580 6052 RpcSs - ok
    15:02:27.0658 6052 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    15:02:27.0674 6052 rspndr - ok
    15:02:27.0721 6052 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    15:02:27.0721 6052 SamSs - ok
    15:02:27.0768 6052 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    15:02:27.0814 6052 sbp2port - ok
    15:02:27.0924 6052 SBRE - ok
    15:02:28.0017 6052 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    15:02:28.0080 6052 SCardSvr - ok
    15:02:28.0282 6052 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    15:02:28.0563 6052 Schedule - ok
    15:02:28.0610 6052 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    15:02:28.0610 6052 SCPolicySvc - ok
    15:02:28.0704 6052 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    15:02:28.0719 6052 SDRSVC - ok
    15:02:28.0766 6052 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    15:02:28.0782 6052 secdrv - ok
    15:02:28.0844 6052 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    15:02:28.0875 6052 seclogon - ok
    15:02:29.0031 6052 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    15:02:29.0062 6052 SENS - ok
    15:02:29.0094 6052 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    15:02:29.0125 6052 Serenum - ok
    15:02:29.0187 6052 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    15:02:29.0296 6052 Serial - ok
    15:02:29.0437 6052 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    15:02:29.0437 6052 sermouse - ok
    15:02:29.0499 6052 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    15:02:29.0546 6052 SessionEnv - ok
    15:02:29.0702 6052 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    15:02:29.0733 6052 sffdisk - ok
    15:02:29.0796 6052 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    15:02:29.0811 6052 sffp_mmc - ok
    15:02:29.0874 6052 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    15:02:29.0889 6052 sffp_sd - ok
    15:02:29.0983 6052 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    15:02:29.0983 6052 sfloppy - ok
    15:02:30.0170 6052 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    15:02:30.0310 6052 SharedAccess - ok
    15:02:30.0435 6052 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    15:02:30.0560 6052 ShellHWDetection - ok
    15:02:30.0669 6052 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    15:02:30.0685 6052 sisagp - ok
    15:02:30.0747 6052 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    15:02:30.0747 6052 SiSRaid2 - ok
    15:02:30.0794 6052 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    15:02:30.0825 6052 SiSRaid4 - ok
    15:02:31.0044 6052 [ FF0DB4D9A08864A5C7B67477CD8E3B2A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    15:02:31.0075 6052 SkypeUpdate - ok
    15:02:31.0621 6052 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    15:02:33.0259 6052 slsvc - ok
    15:02:33.0352 6052 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    15:02:33.0368 6052 SLUINotify - ok
    15:02:33.0446 6052 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    15:02:33.0540 6052 Smb - ok
    15:02:33.0602 6052 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    15:02:33.0618 6052 SNMPTRAP - ok
    15:02:33.0696 6052 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    15:02:33.0696 6052 spldr - ok
    15:02:33.0898 6052 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    15:02:33.0930 6052 Spooler - ok
    15:02:34.0054 6052 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    15:02:34.0086 6052 SQLBrowser - ok
    15:02:34.0148 6052 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    15:02:34.0195 6052 SQLWriter - ok
    15:02:34.0320 6052 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    15:02:34.0320 6052 srv - ok
    15:02:34.0382 6052 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    15:02:34.0398 6052 srv2 - ok
    15:02:34.0429 6052 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    15:02:34.0476 6052 srvnet - ok
    15:02:34.0554 6052 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    15:02:34.0600 6052 SSDPSRV - ok
    15:02:34.0725 6052 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    15:02:34.0772 6052 SstpSvc - ok
    15:02:34.0990 6052 [ AB2059AE6D9243C502C86824BC40439E ] STHDA C:\Windows\system32\drivers\stwrt.sys
    15:02:35.0334 6052 STHDA - ok
    15:02:35.0614 6052 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    15:02:35.0817 6052 stisvc - ok
    15:02:35.0817 6052 stllssvr - ok
    15:02:35.0864 6052 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    15:02:35.0864 6052 swenum - ok
    15:02:36.0036 6052 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    15:02:36.0160 6052 swprv - ok
    15:02:36.0207 6052 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    15:02:36.0223 6052 Symc8xx - ok
    15:02:36.0285 6052 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    15:02:36.0316 6052 Sym_hi - ok
    15:02:36.0348 6052 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    15:02:36.0379 6052 Sym_u3 - ok
    15:02:36.0472 6052 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    15:02:36.0504 6052 SysMain - ok
    15:02:36.0675 6052 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    15:02:36.0691 6052 TabletInputService - ok
    15:02:36.0800 6052 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    15:02:36.0847 6052 TapiSrv - ok
    15:02:36.0909 6052 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    15:02:36.0925 6052 TBS - ok
    15:02:37.0096 6052 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    15:02:37.0299 6052 Tcpip - ok
    15:02:37.0486 6052 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    15:02:37.0502 6052 Tcpip6 - ok
    15:02:37.0533 6052 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    15:02:37.0549 6052 tcpipreg - ok
    15:02:37.0596 6052 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    15:02:37.0611 6052 TDPIPE - ok
    15:02:37.0674 6052 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    15:02:37.0689 6052 TDTCP - ok
    15:02:37.0798 6052 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    15:02:37.0954 6052 tdx - ok
    15:02:38.0017 6052 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    15:02:38.0017 6052 TermDD - ok
    15:02:38.0157 6052 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    15:02:38.0360 6052 TermService - ok
    15:02:38.0438 6052 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    15:02:38.0438 6052 Themes - ok
    15:02:38.0469 6052 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    15:02:38.0469 6052 THREADORDER - ok
    15:02:38.0547 6052 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    15:02:38.0578 6052 TrkWks - ok
    15:02:38.0734 6052 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    15:02:38.0750 6052 TrustedInstaller - ok
    15:02:38.0922 6052 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:02:38.0953 6052 tssecsrv - ok
    15:02:39.0062 6052 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    15:02:39.0093 6052 tunmp - ok
    15:02:39.0171 6052 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    15:02:39.0187 6052 tunnel - ok
    15:02:39.0234 6052 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    15:02:39.0265 6052 uagp35 - ok
    15:02:39.0358 6052 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    15:02:39.0374 6052 udfs - ok
    15:02:39.0452 6052 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    15:02:39.0468 6052 UI0Detect - ok
    15:02:39.0499 6052 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    15:02:39.0514 6052 uliagpkx - ok
    15:02:39.0561 6052 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
    15:02:39.0592 6052 uliahci - ok
    15:02:39.0592 6052 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    15:02:39.0608 6052 UlSata - ok
    15:02:39.0764 6052 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    15:02:39.0795 6052 ulsata2 - ok
    15:02:39.0842 6052 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    15:02:39.0873 6052 umbus - ok
    15:02:40.0014 6052 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    15:02:40.0138 6052 UMVPFSrv - ok
    15:02:40.0232 6052 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    15:02:40.0279 6052 upnphost - ok
    15:02:40.0310 6052 USBAAPL - ok
    15:02:40.0341 6052 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    15:02:40.0341 6052 usbaudio - ok
    15:02:40.0388 6052 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    15:02:40.0419 6052 usbccgp - ok
    15:02:40.0466 6052 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    15:02:40.0497 6052 usbcir - ok
    15:02:40.0575 6052 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    15:02:40.0575 6052 usbehci - ok
    15:02:40.0716 6052 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    15:02:40.0778 6052 usbhub - ok
    15:02:40.0825 6052 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    15:02:40.0840 6052 usbohci - ok
    15:02:40.0903 6052 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    15:02:40.0903 6052 usbprint - ok
    15:02:41.0215 6052 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    15:02:41.0230 6052 usbscan - ok
    15:02:41.0277 6052 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:02:41.0293 6052 USBSTOR - ok
    15:02:41.0355 6052 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    15:02:41.0371 6052 usbuhci - ok
    15:02:41.0433 6052 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    15:02:41.0449 6052 usbvideo - ok
    15:02:41.0527 6052 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    15:02:41.0542 6052 UxSms - ok
    15:02:41.0667 6052 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    15:02:41.0714 6052 vds - ok
    15:02:41.0761 6052 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    15:02:41.0776 6052 vga - ok
    15:02:41.0823 6052 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    15:02:41.0854 6052 VgaSave - ok
    15:02:41.0917 6052 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    15:02:41.0917 6052 viaagp - ok
    15:02:41.0979 6052 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    15:02:41.0979 6052 ViaC7 - ok
    15:02:42.0057 6052 [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide C:\Windows\system32\drivers\viaide.sys
    15:02:42.0073 6052 viaide - ok
    15:02:42.0229 6052 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
    15:02:42.0260 6052 Viewpoint Manager Service - ok
    15:02:42.0276 6052 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    15:02:42.0276 6052 volmgr - ok
    15:02:42.0385 6052 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    15:02:42.0432 6052 volmgrx - ok
    15:02:42.0494 6052 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
    15:02:42.0510 6052 volsnap - ok
    15:02:42.0603 6052 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    15:02:42.0619 6052 vsmraid - ok
    15:02:42.0900 6052 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    15:02:43.0165 6052 VSS - ok
    15:02:43.0227 6052 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    15:02:43.0290 6052 W32Time - ok
    15:02:43.0352 6052 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    15:02:43.0368 6052 WacomPen - ok
    15:02:43.0430 6052 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    15:02:43.0461 6052 Wanarp - ok
    15:02:43.0461 6052 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    15:02:43.0461 6052 Wanarpv6 - ok
    15:02:43.0586 6052 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    15:02:43.0742 6052 wcncsvc - ok
    15:02:43.0804 6052 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    15:02:43.0820 6052 WcsPlugInService - ok
    15:02:43.0882 6052 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
    15:02:43.0898 6052 Wd - ok
    15:02:44.0038 6052 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    15:02:44.0272 6052 Wdf01000 - ok
    15:02:44.0350 6052 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    15:02:44.0506 6052 WdiServiceHost - ok
    15:02:44.0538 6052 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    15:02:44.0553 6052 WdiSystemHost - ok
    15:02:44.0631 6052 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    15:02:44.0709 6052 WebClient - ok
    15:02:44.0756 6052 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    15:02:44.0756 6052 Wecsvc - ok
    15:02:44.0803 6052 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    15:02:44.0818 6052 wercplsupport - ok
    15:02:44.0850 6052 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    15:02:44.0865 6052 WerSvc - ok
    15:02:45.0006 6052 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    15:02:45.0068 6052 WinDefend - ok
    15:02:45.0084 6052 WinHttpAutoProxySvc - ok
    15:02:45.0333 6052 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    15:02:45.0396 6052 Winmgmt - ok
    15:02:45.0661 6052 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    15:02:45.0957 6052 WinRM - ok
    15:02:46.0238 6052 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    15:02:46.0628 6052 Wlansvc - ok
    15:02:47.0408 6052 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    15:02:47.0845 6052 wlidsvc - ok
    15:02:47.0892 6052 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    15:02:47.0907 6052 WmiAcpi - ok
    15:02:47.0970 6052 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    15:02:47.0985 6052 wmiApSrv - ok
    15:02:48.0344 6052 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    15:02:48.0500 6052 WMPNetworkSvc - ok
    15:02:48.0547 6052 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    15:02:48.0594 6052 WPCSvc - ok
    15:02:48.0656 6052 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    15:02:48.0687 6052 WPDBusEnum - ok
    15:02:48.0734 6052 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    15:02:48.0750 6052 WpdUsb - ok
    15:02:49.0046 6052 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:02:49.0327 6052 WPFFontCache_v0400 - ok
    15:02:49.0389 6052 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    15:02:49.0389 6052 ws2ifsl - ok
    15:02:49.0483 6052 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
    15:02:49.0498 6052 wscsvc - ok
    15:02:49.0514 6052 WSearch - ok
    15:02:49.0810 6052 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    15:02:50.0154 6052 wuauserv - ok
    15:02:50.0185 6052 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    15:02:50.0200 6052 WudfPf - ok
    15:02:50.0325 6052 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:02:50.0497 6052 WUDFRd - ok
    15:02:50.0544 6052 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    15:02:50.0590 6052 wudfsvc - ok
    15:02:50.0590 6052 ================ Scan global ===============================
    15:02:50.0653 6052 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    15:02:50.0871 6052 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    15:02:51.0308 6052 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    15:02:51.0402 6052 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    15:02:51.0448 6052 [Global] - ok
    15:02:51.0448 6052 ================ Scan MBR ==================================
    15:02:51.0511 6052 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    15:02:54.0272 6052 \Device\Harddisk0\DR0 - ok
    15:02:54.0272 6052 ================ Scan VBR ==================================
    15:02:54.0303 6052 [ 6F82296566FD21461F04DD5C9397A748 ] \Device\Harddisk0\DR0\Partition1
    15:02:54.0319 6052 \Device\Harddisk0\DR0\Partition1 - ok
    15:02:54.0350 6052 [ F81809863A27E73ED703ECA72D592EEB ] \Device\Harddisk0\DR0\Partition2
    15:02:54.0366 6052 \Device\Harddisk0\DR0\Partition2 - ok
    15:02:54.0366 6052 ============================================================
    15:02:54.0366 6052 Scan finished
    15:02:54.0366 6052 ============================================================
    15:02:54.0397 6024 Detected object count: 1
    15:02:54.0397 6024 Actual detected object count: 1
    15:22:25.0988 6024 MpKslfaa10fa2 ( ForgedFile.Multi.Generic ) - skipped by user
    15:22:25.0988 6024 MpKslfaa10fa2 ( ForgedFile.Multi.Generic ) - User select action: Skip
    15:22:33.0710 5620 Deinitialize success


    I will post the OTL results in a bit......
     
  8. firewoodman

    firewoodman Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    33
    The OTL application quit responding about 5 hours in and this is all it came up with:

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Norm & Betsy\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\U0KPL6I5\%7Cfront%7Cframe1root%7Cnews%7Cbreaking-news%7Clatest-news%7Ccurrent-news%7Cworld-news%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C;!c=;ord=605191903[1] not found!
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...


    I followed your directions exactly........I have not done anything else........
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    firewoodman,
    Your machine is showing that at one time it had pieces of a "Zero Access" trojan infection.
    This is an infection that can allow remote access to your machine.
    If you have any tax or financial information on this machine it should be offloaded immediately.
    It is not possible to be certain that all vestiges of that type of infection were removed.
    The only way to be 100% certain to completely trust the machine again is to reformat the drive and re-install Vista.
    Descriptions of the infection are here:
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Sirefef
    and
    http://www.symantec.com/security_response/writeup.jsp?docid=2012-080900-3758-99
    The original infection (which appears to have been largely removed) was undoubtedly contracted by using the utorrent P2P program.
    ---------------------------------------------
    Start Internet Explorer and Click Tools on the top menu
    Choose Internet Options and click on the Security tab.
    Click on Trusted Sites, and the Sites button.
    Delete Intuit and C/net from the trusted sites.
    You should only allow Microsoft and your Internet provider in there.
    Click Close and OK
    ---------------------------------------------
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1 (32-bit)
    Download Mirror #2 (32-bit)

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      C:\_OTL\Moved Files /s
      
      :filefind
      *MpKslfaa10fa2*
      
       :folderfind
      *MpKslfaa10fa2*
      
      :regfind
       MpKslfaa10fa2 /s
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    askey127
     
  10. firewoodman

    firewoodman Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    33
    Here is what the SystemLook scan came up with:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:13 on 11/02/2013 by Norm & Betsy
    Administrator - Elevation successful
    ========== dir ==========
    C:\_OTL\Moved Files - Unable to find folder.
    ========== filefind ==========
    Searching for "*MpKslfaa10fa2*"
    C:\Windows\System32\MpEngineStore\MpKslfaa10fa2.sys --a---- 29904 bytes [20:20 19/08/2012] [20:20 19/08/2012] 4137EE420481D10734DA3018D0325582
    Searching for " :folderfind"
    No files found.
    Searching for "*MpKslfaa10fa2*"
    C:\Windows\System32\MpEngineStore\MpKslfaa10fa2.sys --a---- 29904 bytes [20:20 19/08/2012] [20:20 19/08/2012] 4137EE420481D10734DA3018D0325582
    ========== regfind ==========
    Searching for " MpKslfaa10fa2 /s"
    No data found.
    -= EOF =-

    So worse case scenario, I will have to re-install Vista or just upgrade to a new computer. If I got a new computer, what would be your suggestion? Thank you so much again for all of your help!

    Let me know if I need to do anything else for this website issue, I still need to get on it, this may solve it after I re-boot.....
     
  11. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    firewoodman,
    In order to finish, I need to find out whether this file is malicious.
    We can have the analysis done by an online service.
    ---------------------------------------------
    Show All Files
    Open Windows Explorer (My Computer)
    In the top menu, choose Tools, Folder Options
    Click on the View tab
    In the list, under Hidden Files and folders, Check Show hidden files and folders
    Uncheck Hide extensions for known file types
    Uncheck Hide protected operating system files (reommended)
    Click OK
    -----------------------------------------------------------
    Online Multi Antivirus file scan
    Please go to either: Jotti or Virus Total and upload the following file for scanning:

    C:\Windows\System32\MpEngineStore\MpKslfaa10fa2.sys

    Using Jotti
    1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
    2. Press the Browse button and navigate to the file listed above.
    3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
    4. Click on Submit..button.
      • If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
        Please press the Scan again button, so your file will be scanned.
    5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
    6. When all scans have completed... the results page is displayed
    7. Please highlight and copy the page web address link from your browser window.
      Example of web address :
      [​IMG]
    8. Paste the Web address link(s) for the scan results in your next reply.

    Using Virus Total
    1. Press the Browse button and navigate to -one- of the files in the list.
    2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
    3. Click on Send File...button.
    4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      • If you receive the message: File has already been analysed:
        Please press the Reanalyse file now button, so your file will be scanned.
    5. When all scans have completed... the results page is displayed
    6. Please highlight and copy the page web address link from your browser window.
      Example of web address :
      [​IMG]
    7. Paste the Web address link(s) for the scan results in your next reply.

    We can discuss any new computer after we get this resolved.
    Thanks,
    askey127
     
  12. firewoodman

    firewoodman Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    33

    I ran the scan and it seemed very fast, I cannot tell if it completed, but here is the link to the results:

    https://www.virustotal.com/file/d49...35b6a6700d65878fb96bea96/analysis/1360689465/
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    firewoodman,
    That scan looks OK.
    No need to remove that file.

    If you need to be 100% sure in trusting the machine, you can choose between:
    Reformat and re-install Vista if you have a disk.
    or
    Get a new copy of Windows 7, reformat the hard drive and install it.
    (In either case, you would have to re-install your programs and get all the updates)
    or, failing those two...
    Buy a new machine
    If you like the mouse and keyboard, and have sort of a business-type desktop, Win7 machines are still available..(most local stores won't have any; just online HP, Dell, etc.).
    If you like touchscreens like the e-readers and prefer simpler uses of a PC, Windows 8 touch screen machines might be preferable.
    There are not a lot of advantages of Win8 for a business mouse and keyboard desktop.

    askey127


    .
     
  14. firewoodman

    firewoodman Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    33
    Thanks askey, just so I understand you correctly, the only way to get that website to load is to re-install windows? It is so crazy, out of all of the websites that are out there, the only one I need to access and I can't! What do think the ultimate problem was or is that is making this site continue to a re-direct?
     
  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Firewoodman,
    No, that is not what I meant at all.
    It's just that after a Remote Access Infection, you can never be sure that some undetectable security changes were not made by the infection, to allow remote access again later. This is the case even if the infection appears to have been removed.
    That's why many security experts recommend re-installing the operating system in such a situation.

    Meanwhile....
    I thought you would have access to that site by now.
    There must be something else in there doing the redirects.
    Let's have another look and find it:
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Uninstall a program under the Programs heading.
    Right click this Entry, if it exists, choose Uninstall/Change, and give permission to Continue:

    AVG Secure Search

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ---------------------------------------------
    Run a Fresh Scan with OTL
    • Right click the OTL icon and choose "Run as administrator".
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
      When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
    OTL.txt will be open on your desktop. Please post the contents.

    askey127
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088700

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice