Slow running laptop - Malware?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

joob

Thread Starter
Joined
Feb 9, 2013
Messages
20
Hi,

My Compaq laptop is running very slowly and boot up takes forever. I'd be grateful if I could get some advice about what, if anything, I need to remove and change. I suspect there's some malware in there. Many thanks.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:24:01, on 09/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jo Bowman\Desktop\Hijack this Prog and Logs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jo Bowman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13873 bytes


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38
Run by Jo Bowman at 16:24:47 on 2013-02-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2812.733 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
uRun: [Google Update] "C:\Users\Jo Bowman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\JOBOWM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\JOBOWM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{70D1987D-6908-4004-B0B2-F73269F6ECD8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\244584F6D65684572623D28553E493 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\2477962756C6563737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\7496E6475627E65647 : DHCPNameServer = 62.244.176.176 62.244.177.177
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mSearchAssistant = hxxp://www.google.com/ie
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [EPSON Stylus DX4800 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SE262.tmp" /EF "HKLM"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B9543f3d1-3481-4c9b-a857-ba867fe342b6%7D&mid=7c26e8835b61c8b241f4d930617def63-5348167602a57f87a8b0ae6f4e9cf1466d299058&ds=AVG&v=12.2.5.32&lang=en&pr=fr&d=2012-03-10%2000%3A02%3A18&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jo Bowman\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-11 09:35; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-12-24 11:14; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 37720]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-7-25 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-1-22 945328]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-17 227896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-25 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-7-25 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-23 517448]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-9-24 30192]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-7 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-7 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-24 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-02-08 22:07:29 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
2013-02-08 10:06:53 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
2013-02-07 22:57:31 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-02-07 22:57:31 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-02-07 22:57:26 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-02-07 22:57:26 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-02-07 22:57:26 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-07 22:57:25 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-02-07 22:57:25 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-02-07 22:57:25 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-02-07 22:57:25 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-02-07 22:06:26 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
2013-02-07 09:17:01 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
2013-02-07 09:16:01 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
2013-02-06 09:01:13 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
2013-02-05 10:55:13 -------- d-----r- C:\Program Files (x86)\Skype
2013-02-05 09:19:25 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
2013-02-04 21:18:49 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
2013-02-04 09:18:11 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
2013-02-03 14:08:50 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
2013-02-02 10:01:15 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
2013-02-01 09:11:52 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
2013-01-31 09:58:50 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
2013-01-31 09:56:35 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
2013-01-31 09:53:57 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
2013-01-30 09:08:33 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
2013-01-29 20:59:43 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
2013-01-29 08:52:25 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
2013-01-28 08:39:03 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
2013-01-27 15:30:29 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
2013-01-26 14:25:51 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
2013-01-25 08:58:15 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
2013-01-24 19:37:20 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
2013-01-24 07:08:57 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{7F4439EC-5762-4189-A273-732F824B76C9}
2013-01-23 09:42:59 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{16C9BE0B-4CA7-4262-9F75-5FF453B50F2B}
2013-01-22 21:42:20 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{76D08A1C-A21F-448E-80B4-0807831CAB03}
2013-01-22 09:16:17 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{0BACC121-9AFE-4F27-A1D9-94A795334DED}
2013-01-21 10:01:59 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{9609D731-F245-4E04-9330-9CC1C203FB29}
2013-01-20 21:41:51 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{CB0B5EA6-28B0-4F33-B778-2F6C4C2BEC25}
2013-01-18 22:10:52 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{898890BE-55F3-4C44-A613-CA9DF5A52171}
2013-01-18 10:10:08 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{AA11082B-366F-4ABD-8E61-E7F628835EAC}
2013-01-18 10:08:08 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{D97836E3-B458-4569-A3CC-88FA8814E76D}
2013-01-17 12:46:29 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{740845D1-5A0A-49E8-89AF-47E20086F2B2}
2013-01-16 10:28:33 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{3AA9FC0E-A20B-4755-AE56-C8A33773AACF}
2013-01-16 10:27:22 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{FFD636CE-BA9B-44B5-9EAA-ED50792D2F75}
2013-01-15 08:58:32 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{B2FC1960-87D7-4164-ABFB-1EF77A461851}
2013-01-14 06:43:25 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{9DE19235-275C-4263-A7D1-DC6728430288}
2013-01-11 09:32:33 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{0D4AA8DE-5811-40C9-8F0D-FDD0F53E5443}
.
==================== Find3M ====================
.
2013-02-08 10:35:18 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 10:35:18 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-22 09:17:52 37720 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-10 03:28:34 127328 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 04:52:17 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-11-14 04:52:14 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:26:58.43 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 23/09/2010 21:23:37
System Uptime: 09/02/2013 15:51:02 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 363F
Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Socket S1G3 | 782/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 175.731 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.213 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.094 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP212: 04/01/2013 09:04:53 - HPSF Restore Point
RP213: 04/01/2013 11:19:27 - HPSF Restore Point
RP214: 10/01/2013 07:17:06 - Windows Update
RP215: 07/02/2013 22:57:41 - Windows Update
RP216: 07/02/2013 23:26:44 - Windows Backup
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat XI Pro
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player
AMD USB Filter Driver
Apple Application Support
Atheros Driver Installation Program
ATI Catalyst Install Manager
AVG 2012
AVG Security Toolbar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
EPSON Printer Software
FileZilla Client 3.5.1
Google Desktop
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.5.0.457
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
Hypercosm Player 3.42
IDT Audio
Java Auto Updater
Java(TM) 6 Update 15 (64-bit)
Java(TM) 6 Update 38
Java(TM) SE Development Kit 6 Update 15 (64-bit)
Junk Mail filter update
LabelPrint
LEGO Digital Designer
LightScribe System Software
Magic Desktop
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
muvee Reveal
NVIDIA PhysX
O3D Extras
O3D Plugin
Power2Go
PowerDirector
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype&#8482; 6.1
SUPERAntiSpyware
Synaptics Pointing Device Driver
Unity Web Player (All users)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Veetle TV 0.9.17
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WildTangent Web Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
09/02/2013 08:22:40, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
09/02/2013 08:22:30, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
06/02/2013 13:47:35, Error: atikmdag [52250] - CPLIB :: OPM - Failed the HFS
06/02/2013 11:43:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-09 16:30:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0006HPM1 298.09GB
Running: eemjm5xi.exe; Driver: C:\Users\JOBOWM~1\AppData\Local\Temp\kglcrkog.sys

---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Threads - GMER 2.0 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2212:6124] 000007fefb792a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2212:5124] 000007feea0fd618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2212:3236] 000007fef9215124
---- EOF - GMER 2.0 ----
 

wannabeageek

Malware Specialist
Joined
Nov 11, 2009
Messages
581
Hello joob, and Welcome to the forum!

My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.


I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Please take time to read TSG Forum Guidelines and Rules where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start
 

wannabeageek

Malware Specialist
Joined
Nov 11, 2009
Messages
581
Hello joob,


Step 1.
FRST in Recovery Environment
Please download FRST64.exe ... by Farbar. Save it to a FLASH drive.


  1. Plug the flashdrive into the infected PC.
  2. Enter System Recovery Options.
    • To enter System Recovery Options from the Boot Menu ....
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
      • Use the arrow keys to select Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
    • To enter System Recovery Options by using Windows installation disk ....
      • Insert the installation disk.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc.
      • If your computer is not configured to start from a CD or DVD, check your BIOS settings.
      • Choose your language settings, and then click Next.
      • Click Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
  3. In the System Recovery Options Menu you will see the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Scan your computer's memory for errors.
      Command Prompt

    • Select Command Prompt
      • In the command window type in notepad and press Enter.
      • Notepad will open.
        Under File menu select Open.
      • Select "Computer" and find your flash drive letter.
      • Close Notepad.
    • In the command window type E:\frst.exe and press Enter. (Note: Replace letter E with the drive letter of your flash drive.)
  4. The tool will start to run.
  5. When the tool opens click Yes to disclaimer.
  6. Press Scan button.
  7. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 

joob

Thread Starter
Joined
Feb 9, 2013
Messages
20
Hi. Here's the scan as requested. Many thanks.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013
Ran by SYSTEM at 14-02-2013 14:31:05
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-12-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [EPSON Stylus DX4800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SE262.tmp" /EF "HKLM" [66 2010-12-13] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-23] (Google)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1124016 2013-02-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\HomeGroupUser$\...\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB [1177168 2013-01-22] ()
HKU\HomeGroupUser$\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
HKU\Jo Bowman\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Jo Bowman\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Jo Bowman\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2988784 2011-01-13] (SUPERAntiSpyware.com)
HKU\Jo Bowman\...\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" [x]
HKU\Jo Bowman\...\Run: [Google Update] "C:\Users\Jo Bowman\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2011-04-13] (Google Inc.)
HKU\Jo Bowman\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\Jo Bowman\...\Policies\system: [DisableLockWorkstation] 0
HKU\Jo Bowman\...\Policies\system: [DisableChangePassword] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Jo Bowman\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Jo Bowman\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [128752 2010-06-29] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [517448 2010-10-06] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5174392 2012-11-01] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-23] (Google)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
2 vToolbarUpdater14.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [965296 2013-02-10] ()

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-09] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [307040 2012-11-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-10] (AVG Technologies)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 eabfiltr; [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-14 14:30 - 2013-02-14 14:30 - 00000000 ____D C:\FRST
2013-02-14 14:17 - 2013-02-14 14:17 - 00000000 ____D C:\Users\All Users\Recovery
2013-02-14 02:08 - 2013-02-14 02:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6}
2013-02-13 14:07 - 2013-02-13 14:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269}
2013-02-13 02:06 - 2013-02-13 02:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB}
2013-02-12 14:06 - 2013-02-12 14:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02}
2013-02-12 01:32 - 2013-02-12 01:32 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D}
2013-02-11 01:04 - 2013-02-11 01:05 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67}
2013-02-10 11:59 - 2013-02-10 11:59 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009}
2013-02-08 14:07 - 2013-02-08 14:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
2013-02-08 02:06 - 2013-02-08 02:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
2013-02-07 14:58 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-02-07 14:58 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-02-07 14:58 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-02-07 14:58 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-02-07 14:58 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-02-07 14:58 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-02-07 14:58 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-02-07 14:58 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-02-07 14:58 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-02-07 14:58 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-02-07 14:58 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-02-07 14:58 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-02-07 14:58 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-02-07 14:58 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-02-07 14:58 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-02-07 14:58 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-02-07 14:58 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-02-07 14:58 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-02-07 14:58 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-02-07 14:58 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-02-07 14:58 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-02-07 14:58 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-02-07 14:58 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-02-07 14:58 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-02-07 14:57 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-02-07 14:57 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-02-07 14:57 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-02-07 14:57 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-02-07 14:57 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-02-07 14:57 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-02-07 14:57 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-02-07 14:57 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-02-07 14:57 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-02-07 14:06 - 2013-02-07 14:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
2013-02-07 01:17 - 2013-02-07 01:17 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
2013-02-07 01:16 - 2013-02-07 01:16 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
2013-02-06 01:42 - 2013-02-06 01:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-06 01:01 - 2013-02-06 01:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
2013-02-05 02:55 - 2013-02-05 02:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-02-05 01:19 - 2013-02-05 01:19 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
2013-02-04 13:18 - 2013-02-04 13:19 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
2013-02-04 01:18 - 2013-02-04 01:18 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
2013-02-03 07:16 - 2013-02-05 00:55 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForJo Bowman.job
2013-02-03 06:08 - 2013-02-03 06:09 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
2013-02-02 02:01 - 2013-02-02 02:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
2013-02-01 02:04 - 2013-02-01 02:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-02-01 02:04 - 2013-02-01 02:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-02-01 01:11 - 2013-02-01 01:12 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
2013-01-31 01:58 - 2013-01-31 01:59 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
2013-01-31 01:56 - 2013-01-31 01:56 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
2013-01-31 01:53 - 2013-01-31 01:53 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
2013-01-30 01:08 - 2013-01-30 01:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
2013-01-29 12:59 - 2013-01-29 13:00 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
2013-01-29 00:52 - 2013-01-29 00:52 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
2013-01-28 00:39 - 2013-01-28 00:39 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
2013-01-27 07:30 - 2013-01-27 07:30 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
2013-01-26 06:25 - 2013-01-26 06:26 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
2013-01-25 00:58 - 2013-01-25 00:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
2013-01-24 11:37 - 2013-01-24 11:37 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
2013-01-23 23:08 - 2013-01-23 23:09 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{7F4439EC-5762-4189-A273-732F824B76C9}
2013-01-23 01:42 - 2013-01-23 01:43 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{16C9BE0B-4CA7-4262-9F75-5FF453B50F2B}
2013-01-22 13:42 - 2013-01-22 13:42 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{76D08A1C-A21F-448E-80B4-0807831CAB03}
2013-01-22 01:19 - 2013-02-11 01:02 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-01-22 01:16 - 2013-01-22 01:16 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{0BACC121-9AFE-4F27-A1D9-94A795334DED}
2013-01-21 02:01 - 2013-01-21 02:02 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{9609D731-F245-4E04-9330-9CC1C203FB29}
2013-01-20 13:41 - 2013-01-20 13:42 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{CB0B5EA6-28B0-4F33-B778-2F6C4C2BEC25}
2013-01-18 14:10 - 2013-01-18 14:11 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{898890BE-55F3-4C44-A613-CA9DF5A52171}
2013-01-18 02:10 - 2013-01-18 02:10 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{AA11082B-366F-4ABD-8E61-E7F628835EAC}
2013-01-18 02:08 - 2013-01-18 02:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{D97836E3-B458-4569-A3CC-88FA8814E76D}
2013-01-17 04:46 - 2013-01-17 04:46 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{740845D1-5A0A-49E8-89AF-47E20086F2B2}
2013-01-16 02:28 - 2013-01-16 02:28 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{3AA9FC0E-A20B-4755-AE56-C8A33773AACF}
2013-01-16 02:27 - 2013-01-16 02:27 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{FFD636CE-BA9B-44B5-9EAA-ED50792D2F75}
2013-01-15 00:58 - 2013-01-15 00:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B2FC1960-87D7-4164-ABFB-1EF77A461851}

==================== One Month Modified Files and Folders =======

2013-02-14 14:30 - 2013-02-14 14:30 - 00000000 ____D C:\FRST
2013-02-14 14:17 - 2013-02-14 14:17 - 00000000 ____D C:\Users\All Users\Recovery
2013-02-14 06:14 - 2010-07-25 01:34 - 01706457 ____A C:\Windows\WindowsUpdate.log
2013-02-14 06:12 - 2010-09-23 14:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Roaming\Skype
2013-02-14 05:33 - 2011-04-13 21:32 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001UA.job
2013-02-14 05:32 - 2012-04-28 05:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-14 05:21 - 2011-12-24 10:33 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-14 04:31 - 2009-07-13 20:51 - 00349536 ____A C:\Windows\setupact.log
2013-02-14 03:42 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-14 02:08 - 2013-02-14 02:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6}
2013-02-14 01:33 - 2011-04-13 21:32 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001Core.job
2013-02-14 01:15 - 2010-10-23 14:02 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-02-13 14:07 - 2013-02-13 14:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269}
2013-02-13 06:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-02-13 06:21 - 2011-12-24 10:33 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-13 02:07 - 2013-02-13 02:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB}
2013-02-12 14:06 - 2013-02-12 14:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02}
2013-02-12 01:32 - 2013-02-12 01:32 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D}
2013-02-11 05:54 - 2010-09-23 13:29 - 00115464 ____A C:\Users\Jo Bowman\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-11 04:08 - 2009-12-17 03:20 - 00000000 ____D C:\Users\All Users\Adobe
2013-02-11 04:08 - 2009-12-17 03:20 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-02-11 01:11 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-11 01:11 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-11 01:05 - 2013-02-11 01:04 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67}
2013-02-11 01:03 - 2012-03-29 00:29 - 00000000 ____D C:\Users\Jo Bowman\AppData\Roaming\Dropbox
2013-02-11 01:02 - 2013-01-22 01:19 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-02-11 01:02 - 2012-03-29 00:38 - 00000000 ___RD C:\Users\Jo Bowman\Dropbox
2013-02-11 01:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-10 11:59 - 2013-02-10 11:59 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009}
2013-02-10 11:53 - 2012-09-04 05:42 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-02-10 11:53 - 2012-03-09 16:02 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-02-08 14:07 - 2013-02-08 14:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
2013-02-08 12:36 - 2010-09-23 12:26 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\VirtualStore
2013-02-08 05:27 - 2010-10-11 11:48 - 00000000 ____D C:\Users\Jo Bowman\Documents\Youcam
2013-02-08 02:35 - 2012-04-28 05:24 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-08 02:35 - 2011-07-12 21:25 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-08 02:07 - 2013-02-08 02:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
2013-02-07 15:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-02-07 14:50 - 2012-03-29 00:38 - 00001032 ____A C:\Users\Jo Bowman\Desktop\Dropbox.lnk
2013-02-07 14:43 - 2012-05-02 21:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-07 14:06 - 2013-02-07 14:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
2013-02-07 04:45 - 2012-12-11 00:43 - 00000000 ____D C:\Users\Jo Bowman\Desktop\Adobe Acrobat XI Pro
2013-02-07 01:17 - 2013-02-07 01:17 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
2013-02-07 01:16 - 2013-02-07 01:16 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
2013-02-06 01:43 - 2013-02-06 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-06 01:01 - 2013-02-06 01:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
2013-02-05 02:55 - 2013-02-05 02:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-02-05 02:55 - 2010-09-23 14:08 - 00000000 ____D C:\Users\All Users\Skype
2013-02-05 01:19 - 2013-02-05 01:19 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
2013-02-05 00:55 - 2013-02-03 07:16 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForJo Bowman.job
2013-02-05 00:54 - 2010-07-25 01:36 - 00310114 ____A C:\Windows\PFRO.log
2013-02-04 13:19 - 2013-02-04 13:18 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
2013-02-04 01:18 - 2013-02-04 01:18 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
2013-02-03 06:09 - 2013-02-03 06:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
2013-02-02 02:01 - 2013-02-02 02:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
2013-02-01 02:04 - 2013-02-01 02:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-02-01 02:04 - 2013-02-01 02:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-02-01 02:04 - 2010-10-23 13:47 - 00000000 ____D C:\Users\All Users\MFAData
2013-02-01 01:12 - 2013-02-01 01:11 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
2013-01-31 01:59 - 2013-01-31 01:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
2013-01-31 01:56 - 2013-01-31 01:56 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
2013-01-31 01:53 - 2013-01-31 01:53 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
2013-01-30 01:08 - 2013-01-30 01:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
2013-01-29 13:00 - 2013-01-29 12:59 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
2013-01-29 00:52 - 2013-01-29 00:52 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
2013-01-28 00:39 - 2013-01-28 00:39 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
2013-01-27 07:30 - 2013-01-27 07:30 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
2013-01-26 06:26 - 2013-01-26 06:25 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
2013-01-25 00:58 - 2013-01-25 00:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
2013-01-24 11:37 - 2013-01-24 11:37 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
2013-01-23 23:09 - 2013-01-23 23:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{7F4439EC-5762-4189-A273-732F824B76C9}
2013-01-23 01:43 - 2013-01-23 01:42 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{16C9BE0B-4CA7-4262-9F75-5FF453B50F2B}
2013-01-22 13:42 - 2013-01-22 13:42 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{76D08A1C-A21F-448E-80B4-0807831CAB03}
2013-01-22 01:16 - 2013-01-22 01:16 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{0BACC121-9AFE-4F27-A1D9-94A795334DED}
2013-01-21 02:02 - 2013-01-21 02:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{9609D731-F245-4E04-9330-9CC1C203FB29}
2013-01-20 13:42 - 2013-01-20 13:41 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{CB0B5EA6-28B0-4F33-B778-2F6C4C2BEC25}
2013-01-18 14:11 - 2013-01-18 14:10 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{898890BE-55F3-4C44-A613-CA9DF5A52171}
2013-01-18 02:10 - 2013-01-18 02:10 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{AA11082B-366F-4ABD-8E61-E7F628835EAC}
2013-01-18 02:08 - 2013-01-18 02:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{D97836E3-B458-4569-A3CC-88FA8814E76D}
2013-01-17 04:46 - 2013-01-17 04:46 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{740845D1-5A0A-49E8-89AF-47E20086F2B2}
2013-01-16 02:28 - 2013-01-16 02:28 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{3AA9FC0E-A20B-4755-AE56-C8A33773AACF}
2013-01-16 02:27 - 2013-01-16 02:27 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{FFD636CE-BA9B-44B5-9EAA-ED50792D2F75}
2013-01-15 00:58 - 2013-01-15 00:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B2FC1960-87D7-4164-ABFB-1EF77A461851}


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-07 14:58:10
Restore point made on: 2013-02-07 15:26:59
Restore point made on: 2013-02-11 03:59:47

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2812.2 MB
Available physical RAM: 2170.18 MB
Total Pagefile: 2810.35 MB
Available Pagefile: 2166.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:284.48 GB) (Free:179.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.31 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (KINGSTON) (Removable) (Total:3.75 GB) (Free:3.22 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3852 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 7661831D

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 04030201

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3851 MB 4096 B

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT32 Removable 3851 MB Healthy

=========================================================

Last Boot: 2013-02-13 06:13

==================== End Of Log =============================
 

wannabeageek

Malware Specialist
Joined
Nov 11, 2009
Messages
581
Hello joob,

Please run the following and post the results. depending upon the length of the logs you may have to make 2 posts.



Step 1.
TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.

  1. Right click on TDSSKiller.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click on Start Scan, the scan will run.
  3. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  4. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. To find the log go to Start > Computer > C:
  6. A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  7. Post the contents of that log in your next reply please.
  8. DO NOT TRY TO FIX ANYTHING AT THIS POINT




Step 2.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.

  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.




Please include in your next reply:

  1. Contents of TDSSKiller.2.4.0.0 24.07.2010 log
  2. Contents of OTL.txt
  3. Contents of Extras.txt
  4. Any problem executing the instructions?

Thanks,
wbg
 

wannabeageek

Malware Specialist
Joined
Nov 11, 2009
Messages
581
Hi joob.

It has been three days since my last post.


  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • These topics will self- close after 45 days without a response.
  • If you do not reply within the next 48 hours, I will remove this topic from my notification list.
  • If you post back after 5 days but before 45 days, PM me and wait for a response.
  • If you still need help after 45 days post a new log on a new thread.
 

joob

Thread Starter
Joined
Feb 9, 2013
Messages
20
18:50:14.0349 2480 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:50:14.0910 2480 ============================================================
18:50:14.0910 2480 Current date / time: 2013/02/23 18:50:14.0910
18:50:14.0910 2480 SystemInfo:
18:50:14.0910 2480
18:50:14.0910 2480 OS Version: 6.1.7601 ServicePack: 1.0
18:50:14.0910 2480 Product type: Workstation
18:50:14.0910 2480 ComputerName: JOBOWMAN-PC
18:50:14.0910 2480 UserName: Jo Bowman
18:50:14.0910 2480 Windows directory: C:\Windows
18:50:14.0910 2480 System windows directory: C:\Windows
18:50:14.0910 2480 Running under WOW64
18:50:14.0910 2480 Processor architecture: Intel x64
18:50:14.0910 2480 Number of processors: 2
18:50:14.0910 2480 Page size: 0x1000
18:50:14.0910 2480 Boot type: Normal boot
18:50:14.0910 2480 ============================================================
18:50:18.0436 2480 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:50:18.0451 2480 ============================================================
18:50:18.0451 2480 \Device\Harddisk0\DR0:
18:50:18.0451 2480 MBR partitions:
18:50:18.0451 2480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:50:18.0451 2480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x238F6800
18:50:18.0451 2480 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2395A800, BlocksNum 0x1AA0000
18:50:18.0451 2480 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:50:18.0451 2480 ============================================================
18:50:18.0529 2480 C: <-> \Device\Harddisk0\DR0\Partition2
18:50:18.0576 2480 D: <-> \Device\Harddisk0\DR0\Partition3
18:50:18.0592 2480 E: <-> \Device\Harddisk0\DR0\Partition4
18:50:18.0670 2480 ============================================================
18:50:18.0670 2480 Initialize success
18:50:18.0670 2480 ============================================================
18:50:39.0309 4556 ============================================================
18:50:39.0309 4556 Scan started
18:50:39.0309 4556 Mode: Manual;
18:50:39.0309 4556 ============================================================
18:50:42.0710 4556 ================ Scan system memory ========================
18:50:42.0710 4556 System memory - ok
18:50:42.0710 4556 ================ Scan services =============================
18:50:42.0834 4556 [ A0709B82FA3B5AFAD1467E565B8B3BA0 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:50:42.0897 4556 !SASCORE - ok
18:50:43.0521 4556 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:50:43.0583 4556 1394ohci - ok
18:50:43.0692 4556 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:50:43.0724 4556 ACPI - ok
18:50:43.0833 4556 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:50:43.0911 4556 AcpiPmi - ok
18:50:44.0160 4556 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:50:44.0223 4556 AdobeARMservice - ok
18:50:44.0628 4556 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:50:44.0628 4556 AdobeFlashPlayerUpdateSvc - ok
18:50:44.0675 4556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:50:44.0722 4556 adp94xx - ok
18:50:44.0769 4556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:50:44.0784 4556 adpahci - ok
18:50:44.0816 4556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:50:44.0831 4556 adpu320 - ok
18:50:44.0878 4556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:50:44.0909 4556 AeLookupSvc - ok
18:50:45.0268 4556 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
18:50:45.0315 4556 AESTFilters - ok
18:50:45.0455 4556 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:50:45.0518 4556 AFD - ok
18:50:45.0627 4556 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
18:50:45.0720 4556 AgereSoftModem - ok
18:50:45.0783 4556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:50:45.0814 4556 agp440 - ok
18:50:45.0845 4556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:50:45.0861 4556 ALG - ok
18:50:45.0876 4556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:50:45.0908 4556 aliide - ok
18:50:45.0954 4556 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:50:45.0986 4556 AMD External Events Utility - ok
18:50:46.0064 4556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:50:46.0079 4556 amdide - ok
18:50:46.0142 4556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:50:46.0173 4556 AmdK8 - ok
18:50:46.0204 4556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:50:46.0251 4556 AmdPPM - ok
18:50:46.0344 4556 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:50:46.0376 4556 amdsata - ok
18:50:46.0422 4556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:50:46.0469 4556 amdsbs - ok
18:50:46.0625 4556 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:50:46.0656 4556 amdxata - ok
18:50:46.0766 4556 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:50:46.0797 4556 AppID - ok
18:50:46.0844 4556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:50:46.0922 4556 AppIDSvc - ok
18:50:47.0000 4556 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:50:47.0000 4556 Appinfo - ok
18:50:47.0046 4556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:50:47.0062 4556 arc - ok
18:50:47.0093 4556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:50:47.0109 4556 arcsas - ok
18:50:47.0156 4556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:50:47.0187 4556 AsyncMac - ok
18:50:47.0218 4556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:50:47.0218 4556 atapi - ok
18:50:47.0343 4556 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:50:47.0468 4556 athr - ok
18:50:47.0530 4556 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
18:50:47.0577 4556 AtiHdmiService - ok
18:50:47.0780 4556 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:50:47.0998 4556 atikmdag - ok
18:50:48.0045 4556 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
18:50:48.0045 4556 AtiPcie - ok
18:50:48.0107 4556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:50:48.0138 4556 AudioEndpointBuilder - ok
18:50:48.0170 4556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:50:48.0185 4556 AudioSrv - ok
18:50:48.0279 4556 [ 22C5480B58F4A6322F844F18720ACD6B ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
18:50:48.0341 4556 AVG Security Toolbar Service - ok
18:50:48.0778 4556 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:50:48.0950 4556 AVGIDSAgent - ok
18:50:48.0981 4556 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:50:48.0996 4556 AVGIDSDriver - ok
18:50:49.0043 4556 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:50:49.0090 4556 AVGIDSFilter - ok
18:50:49.0184 4556 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:50:49.0246 4556 AVGIDSHA - ok
18:50:49.0324 4556 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:50:49.0371 4556 Avgldx64 - ok
18:50:49.0386 4556 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:50:49.0402 4556 Avgmfx64 - ok
18:50:49.0464 4556 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:50:49.0496 4556 Avgrkx64 - ok
18:50:49.0620 4556 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:50:49.0698 4556 Avgtdia - ok
18:50:49.0823 4556 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
18:50:49.0901 4556 avgtp - ok
18:50:49.0979 4556 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:50:49.0995 4556 avgwd - ok
18:50:50.0073 4556 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:50:50.0135 4556 AxInstSV - ok
18:50:50.0198 4556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:50:50.0260 4556 b06bdrv - ok
18:50:50.0369 4556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:50:50.0416 4556 b57nd60a - ok
18:50:50.0478 4556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:50:50.0478 4556 BDESVC - ok
18:50:50.0525 4556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:50:50.0525 4556 Beep - ok
18:50:50.0697 4556 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:50:50.0728 4556 BFE - ok
18:50:50.0775 4556 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:50:50.0822 4556 BITS - ok
18:50:50.0853 4556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:50:50.0853 4556 blbdrive - ok
18:50:50.0915 4556 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:50:50.0978 4556 bowser - ok
18:50:51.0056 4556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:50:51.0134 4556 BrFiltLo - ok
18:50:51.0165 4556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:50:51.0227 4556 BrFiltUp - ok
18:50:51.0290 4556 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:50:51.0336 4556 Browser - ok
18:50:51.0414 4556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:50:51.0508 4556 Brserid - ok
18:50:51.0555 4556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:50:51.0570 4556 BrSerWdm - ok
18:50:51.0586 4556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:50:51.0648 4556 BrUsbMdm - ok
18:50:51.0695 4556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:50:51.0726 4556 BrUsbSer - ok
18:50:51.0773 4556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:50:51.0820 4556 BTHMODEM - ok
18:50:51.0867 4556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:50:51.0867 4556 bthserv - ok
18:50:51.0898 4556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:50:51.0898 4556 cdfs - ok
18:50:51.0992 4556 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:50:52.0007 4556 cdrom - ok
18:50:52.0054 4556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:50:52.0054 4556 CertPropSvc - ok
18:50:52.0070 4556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:50:52.0116 4556 circlass - ok
18:50:52.0148 4556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:50:52.0163 4556 CLFS - ok
18:50:52.0241 4556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:50:52.0272 4556 clr_optimization_v2.0.50727_32 - ok
18:50:52.0335 4556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:50:52.0350 4556 clr_optimization_v2.0.50727_64 - ok
18:50:52.0413 4556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:50:52.0475 4556 clr_optimization_v4.0.30319_32 - ok
18:50:52.0506 4556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:50:52.0569 4556 clr_optimization_v4.0.30319_64 - ok
18:50:52.0600 4556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:50:52.0631 4556 CmBatt - ok
18:50:52.0678 4556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:50:52.0678 4556 cmdide - ok
18:50:52.0740 4556 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:50:52.0787 4556 CNG - ok
18:50:52.0881 4556 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:50:52.0943 4556 Com4QLBEx - ok
18:50:53.0052 4556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:50:53.0052 4556 Compbatt - ok
18:50:53.0115 4556 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:50:53.0115 4556 CompositeBus - ok
18:50:53.0130 4556 COMSysApp - ok
18:50:53.0177 4556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:50:53.0177 4556 crcdisk - ok
18:50:53.0255 4556 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:50:53.0333 4556 CryptSvc - ok
18:50:53.0380 4556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:50:53.0411 4556 DcomLaunch - ok
18:50:53.0442 4556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:50:53.0458 4556 defragsvc - ok
18:50:53.0520 4556 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:50:53.0536 4556 DfsC - ok
18:50:53.0583 4556 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:50:53.0630 4556 Dhcp - ok
18:50:53.0661 4556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:50:53.0676 4556 discache - ok
18:50:53.0723 4556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:50:53.0739 4556 Disk - ok
18:50:53.0786 4556 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:50:53.0786 4556 Dnscache - ok
18:50:53.0848 4556 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:50:53.0895 4556 dot3svc - ok
18:50:53.0942 4556 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:50:53.0973 4556 DPS - ok
18:50:54.0004 4556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:50:54.0020 4556 drmkaud - ok
18:50:54.0144 4556 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:50:54.0207 4556 DXGKrnl - ok
18:50:54.0254 4556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:50:54.0254 4556 EapHost - ok
18:50:54.0503 4556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:50:54.0644 4556 ebdrv - ok
18:50:54.0675 4556 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:50:54.0706 4556 EFS - ok
18:50:54.0831 4556 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:50:54.0909 4556 ehRecvr - ok
18:50:54.0940 4556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:50:54.0971 4556 ehSched - ok
18:50:55.0034 4556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:50:55.0080 4556 elxstor - ok
18:50:55.0143 4556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:50:55.0143 4556 ErrDev - ok
18:50:55.0236 4556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:50:55.0252 4556 EventSystem - ok
18:50:55.0299 4556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:50:55.0314 4556 exfat - ok
18:50:55.0346 4556 ezSharedSvc - ok
18:50:55.0377 4556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:50:55.0392 4556 fastfat - ok
18:50:55.0455 4556 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:50:55.0502 4556 Fax - ok
18:50:55.0533 4556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:50:55.0533 4556 fdc - ok
18:50:55.0564 4556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:50:55.0595 4556 fdPHost - ok
18:50:55.0642 4556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:50:55.0642 4556 FDResPub - ok
18:50:55.0673 4556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:50:55.0767 4556 FileInfo - ok
18:50:55.0798 4556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:50:55.0829 4556 Filetrace - ok
18:50:55.0876 4556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:50:55.0938 4556 flpydisk - ok
18:50:56.0032 4556 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:50:56.0079 4556 FltMgr - ok
18:50:56.0219 4556 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:50:56.0266 4556 FontCache - ok
18:50:56.0344 4556 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:50:56.0360 4556 FontCache3.0.0.0 - ok
18:50:56.0406 4556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:50:56.0453 4556 FsDepends - ok
18:50:56.0578 4556 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:50:56.0640 4556 Fs_Rec - ok
18:50:56.0750 4556 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:50:56.0765 4556 fvevol - ok
18:50:56.0796 4556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:50:56.0796 4556 gagp30kx - ok
18:50:56.0906 4556 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
18:50:56.0937 4556 GoogleDesktopManager-051210-111108 - ok
18:50:56.0999 4556 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:50:57.0030 4556 gpsvc - ok
18:50:57.0202 4556 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:50:57.0218 4556 gupdate - ok
18:50:57.0233 4556 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:50:57.0249 4556 gupdatem - ok
18:50:57.0264 4556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:50:57.0327 4556 hcw85cir - ok
18:50:57.0405 4556 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:50:57.0452 4556 HdAudAddService - ok
18:50:57.0483 4556 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:50:57.0514 4556 HDAudBus - ok
18:50:57.0545 4556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:50:57.0576 4556 HidBatt - ok
18:50:57.0608 4556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:50:57.0608 4556 HidBth - ok
18:50:57.0639 4556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:50:57.0639 4556 HidIr - ok
18:50:57.0670 4556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:50:57.0686 4556 hidserv - ok
18:50:57.0701 4556 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:50:57.0732 4556 HidUsb - ok
18:50:57.0779 4556 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:50:57.0795 4556 hkmsvc - ok
18:50:57.0842 4556 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:50:57.0888 4556 HomeGroupListener - ok
18:50:57.0935 4556 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:50:57.0951 4556 HomeGroupProvider - ok
18:50:58.0029 4556 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:50:58.0044 4556 HP Support Assistant Service - ok
18:50:58.0122 4556 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:50:58.0169 4556 HPDrvMntSvc.exe - ok
18:50:58.0185 4556 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:50:58.0247 4556 HpqKbFiltr - ok
18:50:58.0388 4556 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:50:58.0434 4556 hpqwmiex - ok
18:50:58.0481 4556 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:50:58.0528 4556 HpSAMD - ok
18:50:58.0606 4556 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:50:58.0653 4556 HTTP - ok
18:50:58.0715 4556 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:50:58.0731 4556 hwpolicy - ok
18:50:58.0793 4556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:50:58.0809 4556 i8042prt - ok
18:50:58.0887 4556 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:50:58.0902 4556 iaStorV - ok
18:50:58.0965 4556 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:50:59.0012 4556 idsvc - ok
18:50:59.0230 4556 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:50:59.0402 4556 igfx - ok
18:50:59.0448 4556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:50:59.0480 4556 iirsp - ok
18:50:59.0542 4556 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:50:59.0589 4556 IKEEXT - ok
18:50:59.0636 4556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:50:59.0651 4556 intelide - ok
18:50:59.0682 4556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:50:59.0698 4556 intelppm - ok
18:50:59.0729 4556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:50:59.0745 4556 IPBusEnum - ok
18:50:59.0823 4556 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:50:59.0854 4556 IpFilterDriver - ok
18:50:59.0948 4556 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:51:00.0166 4556 iphlpsvc - ok
18:51:00.0228 4556 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:51:00.0244 4556 IPMIDRV - ok
18:51:00.0291 4556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:51:00.0353 4556 IPNAT - ok
18:51:00.0400 4556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:51:00.0462 4556 IRENUM - ok
18:51:00.0494 4556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:51:00.0525 4556 isapnp - ok
18:51:00.0618 4556 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:51:00.0650 4556 iScsiPrt - ok
18:51:00.0681 4556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:51:00.0696 4556 kbdclass - ok
18:51:00.0759 4556 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:51:00.0774 4556 kbdhid - ok
18:51:00.0821 4556 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:51:00.0821 4556 KeyIso - ok
18:51:00.0884 4556 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:51:00.0884 4556 KSecDD - ok
18:51:00.0962 4556 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:51:01.0118 4556 KSecPkg - ok
18:51:01.0149 4556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:51:01.0180 4556 ksthunk - ok
18:51:01.0227 4556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:51:01.0242 4556 KtmRm - ok
18:51:01.0352 4556 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:51:01.0367 4556 LanmanServer - ok
18:51:01.0445 4556 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:51:01.0461 4556 LanmanWorkstation - ok
18:51:01.0648 4556 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:51:01.0726 4556 LightScribeService - ok
18:51:01.0898 4556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:51:01.0944 4556 lltdio - ok
18:51:02.0007 4556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:51:02.0007 4556 lltdsvc - ok
18:51:02.0038 4556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:51:02.0054 4556 lmhosts - ok
18:51:02.0100 4556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:51:02.0132 4556 LSI_FC - ok
18:51:02.0163 4556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:51:02.0178 4556 LSI_SAS - ok
18:51:02.0194 4556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:51:02.0194 4556 LSI_SAS2 - ok
18:51:02.0225 4556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:51:02.0241 4556 LSI_SCSI - ok
18:51:02.0288 4556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:51:02.0303 4556 luafv - ok
18:51:02.0350 4556 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:51:02.0366 4556 Mcx2Svc - ok
18:51:02.0381 4556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:51:02.0397 4556 megasas - ok
18:51:02.0412 4556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:51:02.0412 4556 MegaSR - ok
18:51:02.0444 4556 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:51:02.0475 4556 MMCSS - ok
18:51:02.0506 4556 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:51:02.0522 4556 Modem - ok
18:51:02.0553 4556 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:51:02.0568 4556 monitor - ok
18:51:02.0631 4556 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:51:02.0646 4556 mouclass - ok
18:51:02.0662 4556 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:51:02.0678 4556 mouhid - ok
18:51:02.0724 4556 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:51:02.0740 4556 mountmgr - ok
18:51:02.0849 4556 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:51:02.0865 4556 MozillaMaintenance - ok
18:51:02.0912 4556 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:51:02.0943 4556 mpio - ok
18:51:02.0990 4556 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:51:03.0005 4556 mpsdrv - ok
18:51:03.0068 4556 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:51:03.0099 4556 MpsSvc - ok
18:51:03.0161 4556 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:51:03.0161 4556 MRxDAV - ok
18:51:03.0224 4556 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:51:03.0286 4556 mrxsmb - ok
18:51:03.0348 4556 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:51:03.0395 4556 mrxsmb10 - ok
18:51:03.0426 4556 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:51:03.0473 4556 mrxsmb20 - ok
18:51:03.0536 4556 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:51:03.0536 4556 msahci - ok
18:51:03.0598 4556 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:51:03.0629 4556 msdsm - ok
18:51:03.0660 4556 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:51:03.0660 4556 MSDTC - ok
18:51:03.0707 4556 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:51:03.0707 4556 Msfs - ok
18:51:03.0723 4556 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:51:03.0738 4556 mshidkmdf - ok
18:51:03.0770 4556 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:51:03.0785 4556 msisadrv - ok
18:51:03.0832 4556 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:51:03.0848 4556 MSiSCSI - ok
18:51:03.0848 4556 msiserver - ok
18:51:03.0879 4556 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:51:03.0910 4556 MSKSSRV - ok
18:51:03.0941 4556 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:51:03.0941 4556 MSPCLOCK - ok
18:51:03.0957 4556 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:51:03.0957 4556 MSPQM - ok
18:51:04.0019 4556 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:51:04.0050 4556 MsRPC - ok
18:51:04.0066 4556 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:51:04.0082 4556 mssmbios - ok
18:51:04.0097 4556 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:51:04.0097 4556 MSTEE - ok
18:51:04.0113 4556 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:51:04.0128 4556 MTConfig - ok
18:51:04.0160 4556 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:51:04.0175 4556 Mup - ok
18:51:04.0222 4556 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:51:04.0238 4556 napagent - ok
18:51:04.0284 4556 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:51:04.0300 4556 NativeWifiP - ok
18:51:04.0362 4556 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:51:04.0425 4556 NDIS - ok
18:51:04.0456 4556 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:51:04.0472 4556 NdisCap - ok
18:51:04.0487 4556 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:51:04.0487 4556 NdisTapi - ok
18:51:04.0550 4556 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:51:04.0565 4556 Ndisuio - ok
18:51:04.0612 4556 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:51:04.0612 4556 NdisWan - ok
18:51:04.0659 4556 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:51:04.0659 4556 NDProxy - ok
18:51:04.0721 4556 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:51:04.0752 4556 NetBIOS - ok
18:51:04.0799 4556 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:51:04.0846 4556 NetBT - ok
18:51:04.0862 4556 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:51:04.0877 4556 Netlogon - ok
18:51:04.0940 4556 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:51:04.0955 4556 Netman - ok
18:51:05.0002 4556 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:51:05.0018 4556 netprofm - ok
18:51:05.0064 4556 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:51:05.0096 4556 NetTcpPortSharing - ok
18:51:05.0548 4556 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
18:51:05.0704 4556 netw5v64 - ok
18:51:05.0735 4556 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:51:05.0751 4556 nfrd960 - ok
18:51:05.0938 4556 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:51:06.0188 4556 NlaSvc - ok
18:51:06.0250 4556 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:51:06.0266 4556 Npfs - ok
18:51:06.0344 4556 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:51:06.0453 4556 nsi - ok
18:51:06.0484 4556 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:51:06.0718 4556 nsiproxy - ok
18:51:07.0186 4556 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:51:07.0295 4556 Ntfs - ok
18:51:07.0389 4556 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:51:07.0467 4556 Null - ok
18:51:07.0638 4556 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:51:07.0654 4556 nvraid - ok
18:51:07.0748 4556 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:51:07.0748 4556 nvstor - ok
18:51:07.0794 4556 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:51:07.0810 4556 nv_agp - ok
18:51:07.0857 4556 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:51:07.0857 4556 ohci1394 - ok
18:51:07.0950 4556 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:51:07.0982 4556 ose - ok
18:51:08.0606 4556 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:51:08.0762 4556 osppsvc - ok
18:51:08.0824 4556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:51:08.0871 4556 p2pimsvc - ok
18:51:08.0902 4556 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:51:08.0918 4556 p2psvc - ok
18:51:08.0964 4556 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:51:08.0964 4556 Parport - ok
18:51:09.0011 4556 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:51:09.0027 4556 partmgr - ok
18:51:09.0058 4556 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:51:09.0074 4556 PcaSvc - ok
18:51:09.0120 4556 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:51:09.0120 4556 pci - ok
18:51:09.0136 4556 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:51:09.0152 4556 pciide - ok
18:51:09.0183 4556 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:51:09.0198 4556 pcmcia - ok
18:51:09.0245 4556 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:51:09.0261 4556 pcw - ok
18:51:09.0308 4556 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:51:09.0323 4556 PEAUTH - ok
18:51:09.0417 4556 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:51:09.0417 4556 PerfHost - ok
18:51:09.0526 4556 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:51:09.0557 4556 pla - ok
18:51:09.0620 4556 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:51:09.0666 4556 PlugPlay - ok
18:51:09.0698 4556 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:51:09.0698 4556 PNRPAutoReg - ok
18:51:09.0729 4556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:51:09.0744 4556 PNRPsvc - ok
18:51:09.0776 4556 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:51:09.0807 4556 PolicyAgent - ok
18:51:09.0854 4556 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:51:09.0869 4556 Power - ok
18:51:09.0900 4556 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:51:09.0900 4556 PptpMiniport - ok
18:51:09.0978 4556 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:51:09.0994 4556 Processor - ok
18:51:10.0103 4556 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:51:10.0181 4556 ProfSvc - ok
18:51:10.0197 4556 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:51:10.0212 4556 ProtectedStorage - ok
18:51:10.0337 4556 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:51:10.0384 4556 Psched - ok
18:51:10.0540 4556 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:51:10.0649 4556 ql2300 - ok
18:51:10.0696 4556 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:51:10.0743 4556 ql40xx - ok
18:51:10.0790 4556 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:51:10.0821 4556 QWAVE - ok
18:51:10.0852 4556 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:51:10.0868 4556 QWAVEdrv - ok
18:51:10.0899 4556 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:51:10.0914 4556 RasAcd - ok
18:51:10.0946 4556 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:51:10.0946 4556 RasAgileVpn - ok
18:51:10.0961 4556 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:51:11.0008 4556 RasAuto - ok
18:51:11.0055 4556 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:51:11.0070 4556 Rasl2tp - ok
18:51:11.0164 4556 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:51:11.0180 4556 RasMan - ok
18:51:11.0211 4556 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:51:11.0226 4556 RasPppoe - ok
18:51:11.0273 4556 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:51:11.0289 4556 RasSstp - ok
18:51:11.0351 4556 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:51:11.0382 4556 rdbss - ok
18:51:11.0414 4556 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:51:11.0523 4556 rdpbus - ok
18:51:11.0554 4556 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:51:11.0570 4556 RDPCDD - ok
18:51:11.0648 4556 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:51:11.0648 4556 RDPENCDD - ok
18:51:11.0679 4556 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:51:11.0710 4556 RDPREFMP - ok
18:51:11.0819 4556 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:51:11.0897 4556 RdpVideoMiniport - ok
18:51:11.0991 4556 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:51:12.0084 4556 RDPWD - ok
18:51:12.0147 4556 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:51:12.0147 4556 rdyboost - ok
18:51:12.0178 4556 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:51:12.0178 4556 RemoteAccess - ok
18:51:12.0240 4556 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:51:12.0240 4556 RemoteRegistry - ok
18:51:12.0287 4556 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:51:12.0287 4556 RichVideo - ok
18:51:12.0318 4556 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:51:12.0318 4556 RpcEptMapper - ok
18:51:12.0350 4556 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:51:12.0365 4556 RpcLocator - ok
18:51:12.0412 4556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:51:12.0428 4556 RpcSs - ok
18:51:12.0474 4556 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:51:12.0474 4556 rspndr - ok
18:51:12.0490 4556 RSUSBSTOR - ok
18:51:12.0521 4556 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:51:12.0599 4556 RTL8167 - ok
18:51:12.0646 4556 RtsUIR - ok
18:51:12.0662 4556 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:51:12.0662 4556 SamSs - ok
18:51:12.0708 4556 [ 99DF79C258B3342B6C8A5F802998DE56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:51:12.0724 4556 SASDIFSV - ok
18:51:12.0802 4556 [ 2859C35C0651E8EB0D86D48E740388F2 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:51:12.0833 4556 SASKUTIL - ok
18:51:12.0880 4556 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:51:12.0896 4556 sbp2port - ok
18:51:12.0958 4556 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:51:12.0958 4556 SCardSvr - ok
18:51:13.0005 4556 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:51:13.0005 4556 scfilter - ok
18:51:13.0098 4556 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:51:13.0161 4556 Schedule - ok
18:51:13.0223 4556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:51:13.0223 4556 SCPolicySvc - ok
18:51:13.0270 4556 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:51:13.0286 4556 sdbus - ok
18:51:13.0348 4556 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:51:13.0364 4556 SDRSVC - ok
18:51:13.0410 4556 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:51:13.0410 4556 SeaPort - ok
18:51:13.0457 4556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:51:13.0457 4556 secdrv - ok
18:51:13.0504 4556 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:51:13.0520 4556 seclogon - ok
18:51:13.0566 4556 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:51:13.0566 4556 SENS - ok
18:51:13.0582 4556 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:51:13.0629 4556 SensrSvc - ok
18:51:13.0660 4556 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:51:13.0660 4556 Serenum - ok
18:51:13.0691 4556 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:51:13.0722 4556 Serial - ok
18:51:13.0894 4556 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:51:13.0910 4556 sermouse - ok
18:51:13.0972 4556 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:51:13.0988 4556 SessionEnv - ok
18:51:14.0019 4556 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:51:14.0019 4556 sffdisk - ok
18:51:14.0112 4556 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:51:14.0112 4556 sffp_mmc - ok
18:51:14.0268 4556 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:51:14.0284 4556 sffp_sd - ok
18:51:14.0315 4556 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:51:14.0331 4556 sfloppy - ok
18:51:14.0378 4556 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:51:14.0424 4556 SharedAccess - ok
18:51:14.0471 4556 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:51:14.0502 4556 ShellHWDetection - ok
18:51:14.0518 4556 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:51:14.0534 4556 SiSRaid2 - ok
18:51:14.0580 4556 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:51:14.0580 4556 SiSRaid4 - ok
18:51:14.0830 4556 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:51:14.0877 4556 SkypeUpdate - ok
18:51:14.0908 4556 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:51:14.0924 4556 Smb - ok
18:51:15.0002 4556 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:51:15.0017 4556 SNMPTRAP - ok
18:51:15.0064 4556 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:51:15.0064 4556 spldr - ok
18:51:15.0158 4556 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:51:15.0282 4556 Spooler - ok
18:51:15.0454 4556 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:51:15.0579 4556 sppsvc - ok
18:51:15.0626 4556 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:51:15.0641 4556 sppuinotify - ok
18:51:15.0704 4556 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:51:15.0782 4556 srv - ok
18:51:15.0844 4556 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:51:15.0860 4556 srv2 - ok
18:51:16.0016 4556 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:51:16.0109 4556 SrvHsfHDA - ok
18:51:16.0328 4556 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:51:16.0390 4556 SrvHsfV92 - ok
18:51:16.0546 4556 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:51:16.0702 4556 SrvHsfWinac - ok
18:51:16.0811 4556 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:51:16.0920 4556 srvnet - ok
18:51:16.0983 4556 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:51:17.0014 4556 SSDPSRV - ok
18:51:17.0045 4556 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:51:17.0061 4556 SstpSvc - ok
18:51:17.0295 4556 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
18:51:17.0295 4556 STacSV - ok
18:51:17.0326 4556 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:51:17.0326 4556 stexstor - ok
18:51:17.0388 4556 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
18:51:17.0435 4556 STHDA - ok
18:51:17.0513 4556 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:51:17.0544 4556 stisvc - ok
18:51:17.0591 4556 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:51:17.0591 4556 swenum - ok
18:51:17.0622 4556 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:51:17.0654 4556 swprv - ok
18:51:17.0685 4556 [ 924D711941956F7420A4925592BE8253 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:51:17.0685 4556 SynTP - ok
18:51:17.0778 4556 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:51:17.0841 4556 SysMain - ok
18:51:17.0872 4556 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:51:17.0872 4556 TabletInputService - ok
18:51:17.0903 4556 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:51:17.0950 4556 TapiSrv - ok
18:51:17.0966 4556 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:51:17.0981 4556 TBS - ok
18:51:18.0075 4556 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:51:18.0168 4556 Tcpip - ok
18:51:18.0278 4556 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:51:18.0309 4556 TCPIP6 - ok
18:51:18.0356 4556 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:51:18.0434 4556 tcpipreg - ok
18:51:18.0465 4556 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:51:18.0480 4556 TDPIPE - ok
18:51:18.0512 4556 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:51:18.0558 4556 TDTCP - ok
18:51:18.0605 4556 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:51:18.0621 4556 tdx - ok
18:51:18.0668 4556 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:51:18.0668 4556 TermDD - ok
18:51:18.0714 4556 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:51:18.0746 4556 TermService - ok
18:51:18.0777 4556 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:51:18.0777 4556 Themes - ok
18:51:18.0808 4556 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:51:18.0808 4556 THREADORDER - ok
18:51:18.0824 4556 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:51:18.0870 4556 TrkWks - ok
18:51:18.0933 4556 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:51:18.0948 4556 TrustedInstaller - ok
18:51:19.0011 4556 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:51:19.0026 4556 tssecsrv - ok
18:51:19.0073 4556 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:51:19.0104 4556 TsUsbFlt - ok
18:51:19.0120 4556 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:51:19.0136 4556 tunnel - ok
18:51:19.0167 4556 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:51:19.0182 4556 uagp35 - ok
18:51:19.0229 4556 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:51:19.0260 4556 udfs - ok
18:51:19.0292 4556 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:51:19.0307 4556 UI0Detect - ok
18:51:19.0338 4556 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:51:19.0354 4556 uliagpkx - ok
18:51:19.0416 4556 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:51:19.0432 4556 umbus - ok
18:51:19.0479 4556 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:51:19.0494 4556 UmPass - ok
18:51:19.0604 4556 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:51:19.0619 4556 upnphost - ok
18:51:19.0682 4556 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:51:19.0682 4556 usbaudio - ok
18:51:19.0728 4556 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:51:19.0760 4556 usbccgp - ok
18:51:19.0775 4556 USBCCID - ok
18:51:19.0838 4556 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:51:20.0025 4556 usbcir - ok
18:51:20.0056 4556 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:51:20.0087 4556 usbehci - ok
18:51:20.0134 4556 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
18:51:20.0150 4556 usbfilter - ok
18:51:20.0228 4556 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:51:20.0306 4556 usbhub - ok
18:51:20.0321 4556 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:51:20.0337 4556 usbohci - ok
18:51:20.0368 4556 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:51:20.0384 4556 usbprint - ok
18:51:20.0446 4556 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:51:20.0446 4556 usbscan - ok
18:51:20.0477 4556 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:51:20.0555 4556 USBSTOR - ok
18:51:20.0602 4556 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:51:20.0618 4556 usbuhci - ok
18:51:20.0758 4556 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:51:20.0758 4556 usbvideo - ok
18:51:20.0805 4556 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:51:20.0820 4556 UxSms - ok
18:51:20.0836 4556 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:51:20.0852 4556 VaultSvc - ok
18:51:20.0883 4556 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:51:20.0883 4556 vdrvroot - ok
18:51:21.0148 4556 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:51:21.0179 4556 vds - ok
18:51:21.0226 4556 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:51:21.0242 4556 vga - ok
18:51:21.0273 4556 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:51:21.0273 4556 VgaSave - ok
18:51:21.0398 4556 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:51:21.0444 4556 vhdmp - ok
18:51:21.0476 4556 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:51:21.0491 4556 viaide - ok
18:51:21.0522 4556 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:51:21.0538 4556 volmgr - ok
18:51:21.0616 4556 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:51:21.0632 4556 volmgrx - ok
18:51:21.0678 4556 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:51:21.0756 4556 volsnap - ok
18:51:21.0803 4556 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:51:21.0881 4556 vsmraid - ok
18:51:22.0068 4556 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:51:22.0131 4556 VSS - ok
18:51:22.0256 4556 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
18:51:22.0287 4556 vToolbarUpdater14.2.0 - ok
18:51:22.0318 4556 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:51:22.0334 4556 vwifibus - ok
18:51:22.0349 4556 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:51:22.0349 4556 vwififlt - ok
18:51:22.0396 4556 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:51:22.0427 4556 W32Time - ok
18:51:22.0443 4556 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:51:22.0505 4556 WacomPen - ok
18:51:22.0568 4556 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:51:22.0583 4556 WANARP - ok
18:51:22.0583 4556 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:51:22.0599 4556 Wanarpv6 - ok
18:51:22.0677 4556 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:51:22.0755 4556 WatAdminSvc - ok
18:51:22.0848 4556 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:51:22.0958 4556 wbengine - ok
18:51:22.0973 4556 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:51:22.0989 4556 WbioSrvc - ok
18:51:23.0051 4556 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:51:23.0082 4556 wcncsvc - ok
18:51:23.0098 4556 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:51:23.0114 4556 WcsPlugInService - ok
18:51:23.0145 4556 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:51:23.0160 4556 Wd - ok
18:51:23.0207 4556 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:51:23.0270 4556 Wdf01000 - ok
18:51:23.0285 4556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:51:23.0301 4556 WdiServiceHost - ok
18:51:23.0301 4556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:51:23.0316 4556 WdiSystemHost - ok
18:51:23.0379 4556 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:51:23.0394 4556 WebClient - ok
18:51:23.0426 4556 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:51:23.0441 4556 Wecsvc - ok
18:51:23.0457 4556 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:51:23.0472 4556 wercplsupport - ok
18:51:23.0488 4556 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:51:23.0504 4556 WerSvc - ok
18:51:23.0535 4556 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:51:23.0535 4556 WfpLwf - ok
18:51:23.0582 4556 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:51:23.0582 4556 WIMMount - ok
18:51:23.0613 4556 WinDefend - ok
18:51:23.0628 4556 WinHttpAutoProxySvc - ok
18:51:23.0722 4556 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:51:23.0722 4556 Winmgmt - ok
18:51:23.0831 4556 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:51:23.0894 4556 WinRM - ok
18:51:23.0972 4556 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:51:23.0972 4556 WinUsb - ok
18:51:24.0050 4556 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:51:24.0081 4556 Wlansvc - ok
18:51:24.0237 4556 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:51:24.0346 4556 wlidsvc - ok
18:51:24.0393 4556 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:51:24.0408 4556 WmiAcpi - ok
18:51:24.0471 4556 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:51:24.0471 4556 wmiApSrv - ok
18:51:24.0486 4556 WMPNetworkSvc - ok
18:51:24.0502 4556 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:51:24.0549 4556 WPCSvc - ok
18:51:24.0611 4556 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:51:24.0627 4556 WPDBusEnum - ok
18:51:24.0658 4556 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:51:24.0658 4556 ws2ifsl - ok
18:51:24.0689 4556 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:51:24.0705 4556 wscsvc - ok
18:51:24.0705 4556 WSearch - ok
18:51:24.0845 4556 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:51:24.0954 4556 wuauserv - ok
18:51:25.0095 4556 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:51:25.0235 4556 WudfPf - ok
18:51:25.0313 4556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:51:25.0438 4556 WUDFRd - ok
18:51:25.0454 4556 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:51:25.0516 4556 wudfsvc - ok
18:51:25.0547 4556 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:51:25.0578 4556 WwanSvc - ok
18:51:25.0641 4556 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:51:25.0672 4556 yukonw7 - ok
18:51:25.0703 4556 ================ Scan global ===============================
18:51:25.0734 4556 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:51:25.0766 4556 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:51:25.0797 4556 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:51:25.0859 4556 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:51:25.0875 4556 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:51:25.0906 4556 [Global] - ok
18:51:25.0906 4556 ================ Scan MBR ==================================
18:51:25.0922 4556 [ 7D9AB4D37BD50F4B8E37EAB264EDADD4 ] \Device\Harddisk0\DR0
18:51:26.0967 4556 \Device\Harddisk0\DR0 - ok
18:51:26.0967 4556 ================ Scan VBR ==================================
18:51:26.0982 4556 [ 5DC5A89642E4275DC6B52EDB9604762B ] \Device\Harddisk0\DR0\Partition1
18:51:26.0982 4556 \Device\Harddisk0\DR0\Partition1 - ok
18:51:27.0014 4556 [ 3E1D402C0BFDBCC1F30FF4F6A5AA5BC5 ] \Device\Harddisk0\DR0\Partition2
18:51:27.0014 4556 \Device\Harddisk0\DR0\Partition2 - ok
18:51:27.0060 4556 [ 952925045C1C6BA01C6B008C863EF2A0 ] \Device\Harddisk0\DR0\Partition3
18:51:27.0060 4556 \Device\Harddisk0\DR0\Partition3 - ok
18:51:27.0123 4556 [ 2889500F44B86447CE37B928F79CB8A1 ] \Device\Harddisk0\DR0\Partition4
18:51:27.0138 4556 \Device\Harddisk0\DR0\Partition4 - ok
18:51:27.0138 4556 ============================================================
18:51:27.0138 4556 Scan finished
18:51:27.0138 4556 ============================================================
18:51:27.0170 4328 Detected object count: 0
18:51:27.0170 4328 Actual detected object count: 0

OTL logfile created on: 23/02/2013 18:57:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo Bowman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 31.69% Memory free
5.49 Gb Paging File | 2.47 Gb Available in Paging File | 44.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.48 Gb Total Space | 176.68 Gb Free Space | 62.11% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 2.21 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.87 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: JOBOWMAN-PC | User Name: Jo Bowman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/23 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
PRC - [2013/02/23 08:27:52 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/02/23 08:27:52 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/02/15 22:31:18 | 001,430,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2013/02/12 09:27:44 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/02/06 09:43:05 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/18 05:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\prevhost.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/23 08:46:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/23 08:27:53 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/23 08:27:52 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/02/06 09:43:03 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/15 10:32:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/11 10:27:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:26:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:26:14 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/11 10:25:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:24:30 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:24:22 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll
MOD - [2013/01/11 10:24:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/11 10:24:19 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:23:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:23:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:23:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:23:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:22:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/18 14:28:12 | 000,305,880 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/12/12 05:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/12/20 16:35:50 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/18 09:04:04 | 000,196,448 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/24 00:50:42 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2009/09/29 23:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 23:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 23:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 23:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 23:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 23:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 23:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/09/29 23:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/08/20 19:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 19:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 19:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/06/29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/08/05 04:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2013/02/23 08:27:52 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/08 10:35:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 09:43:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/23 08:27:53 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/08 12:15:59 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/08/05 05:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 07:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/22 01:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 13:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/...s/*http://uk.docs.yahoo.com/info/bt_side.html
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE - HKLM\..\SearchScopes,DefaultScope = {3B6E301C-C889-4A2C-89C5-D3C55B956210}
IE - HKLM\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=T1ifHWt-20Vz3K58mf4U4m7WwGc?q={searchTerms}
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={594214DD-D9B6-4B60-957B-5BFCD993CF28}&mid=7c26e8835b61c8b241f4d930617def63-5348167602a57f87a8b0ae6f4e9cf1466d299058&lang=en&ds=AVG&pr=fr&d=2012-03-10 00:02:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{B1C5C8A9-7DB3-4B39-9E4E-069EA900D100}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-158352679-13925165-2501972755-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1002\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/CQNOT/2
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B9543f3d1-3481-4c9b-a857-ba867fe342b6%7D&mid=7c26e8835b61c8b241f4d930617def63-5348167602a57f87a8b0ae6f4e9cf1466d299058&ds=AVG&v=12.2.5.32&lang=en&pr=fr&d=2012-03-10%2000%3A02%3A18&sap=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@hypercosm.com/HypercosmPlayer: C:\Program Files (x86)\Hypercosm\Hypercosm Player\components\nphypercosm.dll (Hypercosm, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/02/01 10:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/23 08:30:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 09:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 08:36:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 09:43:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 08:36:00 | 000,000,000 | ---D | M]

[2010/09/24 01:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Extensions
[2010/09/23 23:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/23 08:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions
[2011/06/17 08:13:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/10/17 19:26:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/10 19:37:58 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\firefox@tvunetworks.com
[2013/02/06 09:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 09:42:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/06 09:42:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013/02/23 08:30:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
[2013/02/06 09:43:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/06/25 12:17:00 | 000,609,328 | ---- | M] (Hypercosm, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\nphypercosm.dll
[2013/02/23 08:31:01 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/14 07:54:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 13:28:49 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EPSON Stylus DX4800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIADE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1001..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" File not found
O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1002..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O4 - Startup: C:\Users\Jo Bowman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70D1987D-6908-4004-B0B2-F73269F6ECD8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/13 17:06:10 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\Shell\AutoRun\command - "" = G:\winopen.exe \start.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/23 18:54:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
[2013/02/23 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B411FF63-CD07-428D-90CD-397CA575D391}
[2013/02/14 22:30:48 | 000,000,000 | ---D | C] -- C:\FRST
[2013/02/14 22:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/02/14 19:12:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/14 19:12:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/14 19:12:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/14 19:12:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/14 19:12:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/14 19:12:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/14 19:12:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/14 19:12:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/14 19:12:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/14 19:12:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/14 19:12:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/14 19:12:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/14 19:12:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/14 19:12:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/14 19:12:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/14 10:08:06 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6}
[2013/02/13 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269}
[2013/02/13 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB}
[2013/02/13 09:22:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 09:22:19 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 09:22:18 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 09:22:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 09:22:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 09:22:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 09:22:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 09:22:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 09:22:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 09:21:58 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/12 22:06:17 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02}
[2013/02/12 09:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D}
[2013/02/11 09:04:59 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67}
[2013/02/10 19:59:04 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009}
[2013/02/08 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
[2013/02/08 10:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
[2013/02/07 22:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/07 22:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/07 22:58:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/02/07 22:58:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/02/07 22:58:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/07 22:58:50 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/02/07 22:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/02/07 22:58:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/02/07 22:58:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/02/07 22:58:50 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/02/07 22:58:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/02/07 22:58:49 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/07 22:58:49 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/02/07 22:58:49 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/02/07 22:58:49 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/02/07 22:58:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/07 22:58:49 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/02/07 22:58:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/02/07 22:58:49 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/02/07 22:58:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/02/07 22:58:48 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/07 22:58:48 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/07 22:58:47 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/07 22:58:46 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/07 22:57:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/02/07 22:57:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/02/07 22:57:25 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/07 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
[2013/02/07 09:17:01 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
[2013/02/07 09:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
[2013/02/06 09:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 09:01:13 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
[2013/02/05 10:55:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/05 10:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/05 10:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/05 09:19:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
[2013/02/04 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
[2013/02/04 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
[2013/02/03 14:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
[2013/02/02 10:01:15 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
[2013/02/01 10:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/02/01 09:11:52 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
[2013/01/31 09:58:50 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
[2013/01/31 09:56:35 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
[2013/01/31 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
[2013/01/30 09:08:33 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
[2013/01/29 20:59:43 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
[2013/01/29 08:52:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
[2013/01/28 08:39:03 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
[2013/01/27 15:30:29 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
[2013/01/26 14:25:51 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
[2013/01/25 08:58:15 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
[2013/01/24 19:37:20 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
[4 C:\Users\Jo Bowman\Desktop\*.tmp files -> C:\Users\Jo Bowman\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/23 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
[2013/02/23 18:43:14 | 111,023,119 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/02/23 18:40:39 | 000,587,883 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/02/23 18:38:16 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/23 18:38:15 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001UA.job
[2013/02/23 18:37:57 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/23 18:37:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/23 18:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/23 17:09:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001Core.job
[2013/02/23 08:55:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/23 08:55:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/23 08:27:53 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/23 08:26:54 | 000,416,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/23 08:25:20 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/14 19:18:54 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/14 19:18:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/14 19:18:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/11 10:43:04 | 000,313,137 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\BoardingPass.pdf
[2013/02/08 10:35:18 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/08 10:35:18 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/07 22:51:06 | 000,001,056 | ---- | M] () -- C:\Users\Jo Bowman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/07 22:50:33 | 000,001,032 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\Dropbox.lnk
[2013/02/07 22:07:23 | 000,002,040 | ---- | M] () -- C:\Users\Jo Bowman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/05 13:32:42 | 000,178,723 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\writingItalian.pdf
[2013/02/03 14:10:21 | 000,866,251 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\25k-raster-legend.pdf
[4 C:\Users\Jo Bowman\Desktop\*.tmp files -> C:\Users\Jo Bowman\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 10:43:02 | 000,313,137 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\BoardingPass.pdf
[2013/02/05 13:32:40 | 000,178,723 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\writingItalian.pdf
[2013/02/03 14:10:16 | 000,866,251 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\25k-raster-legend.pdf
[2011/01/22 17:36:42 | 000,001,854 | ---- | C] () -- C:\Users\Jo Bowman\AppData\Roaming\GhostObjGAFix.xml
[2011/01/06 18:01:36 | 000,072,080 | ---- | C] () -- C:\Users\Jo Bowman\g2mdlhlpx.exe
[2010/11/27 08:43:17 | 000,002,370 | ---- | C] () -- C:\Users\Jo Bowman\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 62 bytes -> C:\Users\Jo Bowman\Desktop\DSCF0822.JPG:com.dropbox.attributes
@Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\Hnerfletter.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\Hnerfdesign.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\H report.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

OTL Extras logfile created on: 23/02/2013 18:57:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo Bowman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 31.69% Memory free
5.49 Gb Paging File | 2.47 Gb Available in Paging File | 44.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.48 Gb Total Space | 176.68 Gb Free Space | 62.11% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 2.21 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.87 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: JOBOWMAN-PC | User Name: Jo Bowman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F06894-877B-4462-8C15-B273DEEFC520}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{086E8AD9-FCB9-445A-8341-FF250D6CD112}" = rport=138 | protocol=17 | dir=out | app=system |
"{33E8C9B6-A119-41A4-A8CB-BA1D374F60DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46991153-ACAE-4967-890F-8FF56776ABA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{488DEF2F-88CD-4E6A-9402-BAF8251B2E24}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4A340E6F-AD72-4539-88C8-8AAD524DE396}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C630436-6C16-40BD-945A-5610043F4486}" = lport=138 | protocol=17 | dir=in | app=system |
"{6204CA4D-5013-4529-896F-1C63D7DA98BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A13997A-B9FE-4B52-A7F8-844206D0D049}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7F7B5B38-0BA4-4C26-886D-270D40CC530A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7FD38448-7448-4DB7-AAD0-01C46C54296C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87B71137-37A7-4F87-A4C3-869F30D8460F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B731B1F-1369-4269-B37A-0EDE0A247DA0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99D91145-2534-45D5-AA8C-390A12D4CB07}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC766175-61F2-4945-A26C-32E57B2D8D0D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE65802E-FFE7-42DB-A634-016CDE9779A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B79E6967-4955-443F-BF00-314C44233AAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBC350CD-DAE0-4B27-A01B-E1A7BC224CCF}" = rport=139 | protocol=6 | dir=out | app=system |
"{C57A3A73-64B1-47E6-8E60-091A8CB31C01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CCDED883-9060-4BE1-A7F9-3ED55199630E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0791FF6-B500-4E40-8E81-39ACAC81F59B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E455F4EB-A9E5-474F-9F61-75C4D137366E}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0BDC35C-05B2-4F66-9E42-7B5B175C81AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F75EF522-427C-4CB4-9CBA-917F3BDE7E68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FF5A3842-3B7A-40AF-B343-66308D912510}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083B59A4-DA70-4319-B906-6C86232946CF}" = protocol=6 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
"{10F10DB3-51F6-4D23-BAD8-BB180C1B3238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12551D06-E2D6-4235-A7D5-DC450E9E2018}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{1418575D-F3D4-458F-AE09-7DC8D6B2045E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{165546DB-BDB1-4364-AB50-70CABA22A822}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1FB81182-62E3-4CBE-9129-B2F4F6359EC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1FC5B328-0000-4AC4-B486-DD2C8859461F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{273C1677-B85B-4D5B-B79B-ABB1B51A8B42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{2A2ED212-4056-4683-BDAD-FA34F777B7CB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{37A916D3-334F-4127-A92E-7836EE62351B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{44611FDB-BBE2-4B31-B511-32EBD198A291}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{46EABC21-9904-4F99-A92C-E228080D63C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{478102E6-08F3-462C-A205-F70FF7E3236C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{47E0B5C9-154E-4DC4-8D5B-9C6248159F6F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49F6B60A-1B73-446E-A085-DDB996D09E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5EE8FEAB-AAFB-4EEA-BC41-90A7E65AF0A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{605F08B5-3E6D-4372-A897-D88AC54D6498}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{636CC741-2B64-4B48-92C5-7F0436DA49D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{68C9DA72-BF0D-4AEA-87A5-D387C390FA8C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6C6A7E36-91E0-4A5B-8C13-ACF276FA504C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{6F91CD18-B61B-4ED5-9317-F6AE8343A802}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7423406F-2CEA-43C7-AEFC-1A4D0B6073DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{748405CF-7CDB-4D1B-A14B-B91522297C16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{74BF339F-0DCD-4F5F-B8A0-46C1B42A8451}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{8334D303-D609-40EA-9842-DCFC80B4CAF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85B54D38-BA01-454B-B5C3-F891987CC4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{98830A54-98E2-4384-B097-15AD7E0E8C76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9CAF1862-CE9D-4946-A4F9-E8B73C1B970F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F78426A-93CF-4323-AB54-BE96CEC0C9C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6A77267-313C-4ED6-A9DA-1253B574E53B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7D11A65-DF24-4095-BCAE-336A4B5FE070}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A81FE208-1E76-47AF-A5C7-6EAB894CD21A}" = protocol=6 | dir=out | app=system |
"{B1B1CA28-7005-4895-B8B5-BFB1B3C46DA2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{B3E6D358-7F98-4778-B3D8-7F0B735A3D31}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{BEEAC975-0817-484C-AF46-D7D612A54C6A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{BF6289A7-B331-474F-A370-3787D1FDE6CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C5511FE0-35FC-4391-A406-76BB4E60E1F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C83A7D1B-043B-48D8-97D5-06F01B6EDEC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF377927-43CD-4E66-90FF-1665825B8DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
"{D6580117-5A34-4436-A9D1-8A5200605CA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8C20F36-3CD4-454B-8CA3-5CA080B456B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFEC8CE1-0645-4BF6-8F18-06E9F867B790}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E6794D92-796D-4E2D-A992-7BA6E4F63A8A}" = protocol=17 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
"{EBE27D55-A6F6-4551-A1A0-4EEE9A90A446}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{F4B17C81-98DF-41B8-8352-F27CAA8C1ACF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F5A13A26-5CCA-4373-9668-DE9CABC6FCF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F781D1F4-753F-4817-B317-653CF077A325}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{FB4F562F-5F78-4181-BA91-D281DA9651F6}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
"{FF463651-5654-4515-BD39-062220619B88}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{7902F131-4134-44FD-BA63-8416EFA894D5}C:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{79767DD8-D8CC-42E5-AEF8-27E7D05AB71B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{68F2D9F0-9693-4100-A9C8-BEAA5BF13A0A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C2CBA964-C861-4EFC-B3DC-EBBA2D78A16C}C:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
"{F2A13695-0BD3-47E2-91E0-2F5DB86FA439}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"AVG" = AVG 2012
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 38
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype&#8482; 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBits Magic Desktop" = Magic Desktop
"FileZilla Client" = FileZilla Client 3.5.1
"Google Desktop" = Google Desktop
"Hypercosm Player 5_is1" = Hypercosm Player 3.42
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"UnityWebPlayer" = Unity Web Player (All users)
"Veetle TV" = Veetle TV 0.9.17
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/03/2012 10:59:23 | Computer Name = JoBowman-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 188c Start
Time: 01cd08f7dd5a7ff0 Termination Time: 2669 Application Path: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe Report Id: 0b399a1c-7b42-11e1-a6af-60eb6900c9d5


Error - 31/03/2012 10:59:24 | Computer Name = JoBowman-PC | Source = Application Hang | ID = 1002
Description = The program DllHost.exe version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cb8 Start
Time: 01cd0bfb4704fc4a Termination Time: 3783 Application Path: C:\Windows\SysWOW64\DllHost.exe

Report
Id:

Error - 01/04/2012 15:12:23 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 08/04/2012 14:22:13 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 10/04/2012 09:28:53 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/04/2012 07:49:41 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 15/04/2012 14:02:34 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 15/04/2012 14:12:17 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 22/04/2012 14:01:17 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 24/04/2012 05:01:30 | Computer Name = JoBowman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 11.0.0.4454, time
stamp: 0x4f5ecc44 Faulting module name: mozalloc.dll, version: 11.0.0.4454, time
stamp: 0x4f5eb7fd Exception code: 0x80000003 Fault offset: 0x0000195d Faulting process
id: 0x15cc Faulting application start time: 0x01cd188c09c62e89 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 1475d7c7-8dec-11e1-acda-60eb6900c9d5

[ Hewlett-Packard Events ]
Error - 02/07/2012 01:17:37 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 02/07/2012 01:18:09 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 02/07/2012 01:19:19 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 02/07/2012 01:19:50 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 04/07/2012 01:22:41 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 08/07/2012 14:38:45 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 14/07/2012 06:40:06 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 14/07/2012 06:40:56 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 21/07/2012 06:04:06 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 28/07/2012 06:51:09 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 09/02/2013 04:22:40 | Computer Name = JoBowman-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 09/02/2013 20:55:54 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 10/02/2013 15:52:32 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 10/02/2013 15:52:39 | Computer Name = JoBowman-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/02/2013 05:01:37 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11/02/2013 05:01:46 | Computer Name = JoBowman-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 14/02/2013 10:34:45 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 23/02/2013 04:26:11 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 23/02/2013 04:29:23 | Computer Name = JoBowman-PC | Source = DCOM | ID = 10010
Description =

Error - 23/02/2013 04:31:47 | Computer Name = JoBowman-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >
 

wannabeageek

Malware Specialist
Joined
Nov 11, 2009
Messages
581
Hello Joob,

Thanks for coming back. Please complete the following:

Step 1.
Uninstall Programs
I need you to uninstall some program(s).

  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      Adobe Reader X (10.1.4)
      Java(TM) 6 Update 15 (64-bit)
      Java(TM) SE Development Kit 6 Update 15 (64-bit)
      Java(TM) 6 Update 38
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.




Step 2.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the
    textbox. Do not include the word Code
    Code:
    :commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q= {searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes,DefaultScope = {3B6E301C-C889-4A2C-89C5-D3C55B956210}
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_38)
    O33 - MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\Shell\AutoRun\command - "" = G:\winopen.exe \start.htm
    [2013/02/23 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B411FF63-CD07-428D-90CD-397CA575D391}
    [2013/02/14 10:08:06 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6}
    [2013/02/13 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269}
    [2013/02/13 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB}
    [2013/02/12 22:06:17 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02}
    [2013/02/12 09:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D}
    [2013/02/11 09:04:59 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67}
    [2013/02/10 19:59:04 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009}
    [2013/02/08 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
    [2013/02/08 10:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
    [2013/02/07 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
    [2013/02/07 09:17:01 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
    [2013/02/07 09:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
    [2013/02/06 09:01:13 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
    [2013/02/05 09:19:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
    [2013/02/04 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
    [2013/02/04 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
    [2013/02/03 14:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
    [2013/02/02 10:01:15 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
    [2013/02/01 09:11:52 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
    [2013/01/31 09:58:50 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
    [2013/01/31 09:56:35 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
    [2013/01/31 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
    [2013/01/30 09:08:33 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
    [2013/01/29 20:59:43 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
    [2013/01/29 08:52:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
    [2013/01/28 08:39:03 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
    [2013/01/27 15:30:29 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
    [2013/01/26 14:25:51 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
    [2013/01/25 08:58:15 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
    [2013/01/24 19:37:20 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
    @Alternate Data Stream - 62 bytes -> C:\Users\Jo Bowman\Desktop\DSCF0822.JPG:com.dropbox.attributes
    @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\Hnerfletter.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\Hnerfdesign.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\H report.jpeg:3or4kl4x13tuuug3Byamue2s4b
    
    :Commands
    [EMPTYTEMP]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.
C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 3.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please include in your next reply:

  1. Contents of OTL.txt log
  2. Contents of ESET log.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?

Thanks,
wbg
 

joob

Thread Starter
Joined
Feb 9, 2013
Messages
20
Thanks for the instructions. No problems carrying them out.

I think the PC does seem to be running better after removing the progs you said to uninstall.

Here are the two logs:

OTL log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\ not found.
File G:\winopen.exe \start.htm not found.
C:\Users\Jo Bowman\AppData\Local\{B411FF63-CD07-428D-90CD-397CA575D391} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD} folder moved successfully.
C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED} folder moved successfully.
ADS C:\Users\Jo Bowman\Desktop\DSCF0822.JPG:com.dropbox.attributes deleted successfully.
ADS C:\Users\Jo Bowman\Desktop\Hnerfletter.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Jo Bowman\Desktop\Hnerfdesign.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Jo Bowman\Desktop\H report.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HomeGroupUser$
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jo Bowman
->Temp folder emptied: 1444949600 bytes
->Temporary Internet Files folder emptied: 757501378 bytes
->Java cache emptied: 3379922 bytes
->FireFox cache emptied: 78488178 bytes
->Opera cache emptied: 623013 bytes
->Flash cache emptied: 255037 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 591041490 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67572 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 19658468 bytes

Total Files Cleaned = 2,762.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272013_095542

Files\Folders moved on Reboot...
C:\Users\Jo Bowman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jo Bowman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{31DE0B88-73AB-479A-873C-C136DA79C4F7}.tmp not found!
File\Folder C:\Users\Jo Bowman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{419A536F-813B-49C9-AC9D-C57B19D32D23}.tmp not found!
File\Folder C:\Users\Jo Bowman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8B6F602C-D2B7-45B5-BC5B-69921D54896E}.tmp not found!
C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


ESET Log
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dafb2e243cbf74478a23d0d483eef086
# engine=13251
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-27 03:18:18
# local_time=2013-02-27 03:18:18 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1035 16777213 100 98 24232 50799908 0 0
# compatibility_mode=5893 16776574 100 94 15757876 114443348 0 0
# scanned=262697
# found=0
# cleaned=0
# scan_time=15796
 

wannabeageek

Malware Specialist
Joined
Nov 11, 2009
Messages
581
Greetings Joob,

So far its looking good. Please run OTL again, then Malwarebytes and post the results.

Step 1.
OTL
You should still have this on your Desktop.

  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.




Step 2.
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do the following:

  • Launch the application.
  • One of 2 things will happen:
    • The program will be so outdated that it will automatically invoke a complete re-install; or
    • The program will check, update the database and then run.
    If it does a complete re-install, be sure to follow the prompts.
  • Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




Please include in your next reply:

  1. Contents of OTL.txt
  2. Contents of Extras.txt
  3. Contents of mbam-log-date (time).txt
  4. Any problem executing the instructions?
  5. How is the computer behaving?

Thanks,
wbg
 

joob

Thread Starter
Joined
Feb 9, 2013
Messages
20
Hi wbg

Many thanks. Here are the logs you asked for.
The PC does indeed seem to be booting more quickly and running a little faster.
No problems executing your instructions.
Thanks.


OTL logfile created on: 02/03/2013 19:08:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo Bowman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 44.04% Memory free
5.49 Gb Paging File | 3.11 Gb Available in Paging File | 56.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.48 Gb Total Space | 182.49 Gb Free Space | 64.15% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 2.21 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.87 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: JOBOWMAN-PC | User Name: Jo Bowman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/27 10:11:50 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/02/23 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
PRC - [2013/02/23 08:27:52 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/02/23 08:27:52 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/02/12 09:27:44 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/27 10:11:48 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/23 08:48:22 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/23 08:46:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/23 08:27:53 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/23 08:27:52 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/01/14 07:24:40 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/11 10:24:30 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:24:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/11 10:23:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:23:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:23:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:22:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/05 01:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/09/24 00:50:42 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2010/09/23 22:50:13 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/08/20 19:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 19:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 19:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/08/05 04:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2013/02/27 12:32:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 10:11:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/23 08:27:52 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/23 08:27:53 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/08 12:15:59 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/05 05:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 07:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/22 01:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 13:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=T1ifHWt-20Vz3K58mf4U4m7WwGc?q={searchTerms}
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={594214DD-D9B6-4B60-957B-5BFCD993CF28}&mid=7c26e8835b61c8b241f4d930617def63-5348167602a57f87a8b0ae6f4e9cf1466d299058&lang=en&ds=AVG&pr=fr&d=2012-03-10 00:02:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{B1C5C8A9-7DB3-4B39-9E4E-069EA900D100}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@hypercosm.com/HypercosmPlayer: C:\Program Files (x86)\Hypercosm\Hypercosm Player\components\nphypercosm.dll (Hypercosm, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/02/01 10:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/23 08:30:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 10:11:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/27 10:11:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 10:11:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/27 10:11:30 | 000,000,000 | ---D | M]

[2010/09/24 01:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Extensions
[2010/09/23 23:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/01 10:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions
[2011/06/17 08:13:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/03/01 10:05:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/10 19:37:58 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\firefox@tvunetworks.com
[2013/02/27 10:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/27 10:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/23 08:30:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
[2013/02/27 10:11:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/06/25 12:17:00 | 000,609,328 | ---- | M] (Hypercosm, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\nphypercosm.dll
[2013/02/23 08:31:01 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/14 07:54:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 10:11:47 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1001..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jo Bowman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70D1987D-6908-4004-B0B2-F73269F6ECD8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/13 17:06:10 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 16:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{AF2CAD28-F30D-46B0-A2D3-7F2820E151E0}
[2013/03/01 09:03:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{EA1B6D53-4CF0-4C12-B289-1ECB59B787B4}
[2013/02/28 08:52:48 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/28 08:52:47 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/28 08:52:47 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/28 08:52:46 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/28 08:52:29 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/28 08:52:29 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/28 08:52:19 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/28 08:52:19 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/28 08:52:19 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/28 08:52:19 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/28 08:52:19 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/28 08:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/28 08:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/28 08:52:19 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/28 08:52:19 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/28 08:52:17 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/28 08:52:17 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/28 08:52:16 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/28 08:52:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/28 08:52:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/28 08:52:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/28 08:52:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/28 08:52:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/28 08:52:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/28 08:52:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/28 08:52:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/28 08:52:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/28 08:52:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/28 08:52:12 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/28 08:52:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/28 08:52:12 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/28 08:52:12 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/28 08:52:12 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/28 08:52:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/28 08:52:11 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/28 08:52:11 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/28 08:52:11 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/28 08:52:10 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/28 08:52:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/28 08:52:09 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/28 08:52:09 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/28 08:50:37 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{70D923E1-7E84-4F6C-8936-D25F9BC5A9B0}
[2013/02/27 11:32:18 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/02/27 10:51:33 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Jo Bowman\Desktop\esetsmartinstaller_enu.exe
[2013/02/27 10:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/27 09:55:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/27 08:31:18 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{CAB67E3E-CFB7-48E5-90E5-0172F303BFBF}
[2013/02/26 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{3E4DF413-EF6C-4A5B-8CE7-3FFF84057562}
[2013/02/25 21:22:16 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{EEB38AAB-60F5-4069-84AD-21E203784756}
[2013/02/25 09:14:27 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{5CC80E4A-AB16-41AA-9C13-2966E9AB3EB7}
[2013/02/24 11:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/02/24 11:11:41 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{AEE5AC91-EA1F-4E59-89ED-C453F081BA94}
[2013/02/23 20:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{E4F46742-728A-4782-ADDF-251844FE517B}
[2013/02/23 20:06:07 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/23 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\Programs
[2013/02/23 18:54:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
[2013/02/14 22:30:48 | 000,000,000 | ---D | C] -- C:\FRST
[2013/02/14 22:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/02/14 19:12:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/14 19:12:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/14 19:12:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/14 19:12:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/14 19:12:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/14 19:12:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/14 19:12:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/14 19:12:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/14 19:12:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/14 19:12:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/14 19:12:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/14 19:12:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/14 19:12:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/14 19:12:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/14 19:12:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/13 09:22:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 09:22:19 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 09:22:18 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 09:22:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 09:22:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 09:22:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 09:22:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 09:22:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 09:22:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 09:21:58 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/07 22:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/07 22:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/07 22:58:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/02/07 22:58:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/02/07 22:58:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/07 22:58:50 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/02/07 22:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/02/07 22:58:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/02/07 22:58:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/02/07 22:58:50 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/02/07 22:58:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/02/07 22:58:49 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/07 22:58:49 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/02/07 22:58:49 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/02/07 22:58:49 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/02/07 22:58:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/07 22:58:49 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/02/07 22:58:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/02/07 22:58:49 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/02/07 22:58:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/02/07 22:58:48 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/07 22:58:48 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/07 22:58:47 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/07 22:58:46 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/07 22:57:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/02/07 22:57:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/02/07 22:57:25 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/05 10:55:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/05 10:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/05 10:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/01 10:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[4 C:\Users\Jo Bowman\Desktop\*.tmp files -> C:\Users\Jo Bowman\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/02 19:06:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 19:06:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 19:04:59 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001Core.job
[2013/03/02 19:04:53 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 19:04:30 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001UA.job
[2013/03/02 19:04:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/02 19:04:15 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/02 19:03:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 16:28:53 | 111,726,909 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/02/28 09:23:48 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 12:32:38 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 12:32:38 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/27 12:32:24 | 016,473,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/02/27 10:51:34 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Jo Bowman\Desktop\esetsmartinstaller_enu.exe
[2013/02/27 10:32:57 | 000,002,040 | ---- | M] () -- C:\Users\Jo Bowman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/23 20:01:03 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
[2013/02/23 18:40:39 | 000,587,883 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/02/23 08:27:53 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/23 08:26:54 | 000,416,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/14 19:18:54 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/14 19:18:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/14 19:18:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/07 22:51:06 | 000,001,056 | ---- | M] () -- C:\Users\Jo Bowman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/07 22:50:33 | 000,001,032 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\Dropbox.lnk
[2013/02/05 13:32:42 | 000,178,723 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\writingItalian.pdf
[2013/02/03 14:10:21 | 000,866,251 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\25k-raster-legend.pdf
[4 C:\Users\Jo Bowman\Desktop\*.tmp files -> C:\Users\Jo Bowman\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/05 13:32:40 | 000,178,723 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\writingItalian.pdf
[2013/02/03 14:10:16 | 000,866,251 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\25k-raster-legend.pdf
[2011/01/22 17:36:42 | 000,001,854 | ---- | C] () -- C:\Users\Jo Bowman\AppData\Roaming\GhostObjGAFix.xml
[2011/01/06 18:01:36 | 000,072,080 | ---- | C] () -- C:\Users\Jo Bowman\g2mdlhlpx.exe
[2010/11/27 08:43:17 | 000,002,370 | ---- | C] () -- C:\Users\Jo Bowman\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


OTL Extras logfile created on: 02/03/2013 19:08:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo Bowman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 44.04% Memory free
5.49 Gb Paging File | 3.11 Gb Available in Paging File | 56.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.48 Gb Total Space | 182.49 Gb Free Space | 64.15% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 2.21 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.87 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: JOBOWMAN-PC | User Name: Jo Bowman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F06894-877B-4462-8C15-B273DEEFC520}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{086E8AD9-FCB9-445A-8341-FF250D6CD112}" = rport=138 | protocol=17 | dir=out | app=system |
"{33E8C9B6-A119-41A4-A8CB-BA1D374F60DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46991153-ACAE-4967-890F-8FF56776ABA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{488DEF2F-88CD-4E6A-9402-BAF8251B2E24}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4A340E6F-AD72-4539-88C8-8AAD524DE396}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C630436-6C16-40BD-945A-5610043F4486}" = lport=138 | protocol=17 | dir=in | app=system |
"{6204CA4D-5013-4529-896F-1C63D7DA98BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A13997A-B9FE-4B52-A7F8-844206D0D049}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7F7B5B38-0BA4-4C26-886D-270D40CC530A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7FD38448-7448-4DB7-AAD0-01C46C54296C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87B71137-37A7-4F87-A4C3-869F30D8460F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B731B1F-1369-4269-B37A-0EDE0A247DA0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99D91145-2534-45D5-AA8C-390A12D4CB07}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC766175-61F2-4945-A26C-32E57B2D8D0D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE65802E-FFE7-42DB-A634-016CDE9779A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B79E6967-4955-443F-BF00-314C44233AAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBC350CD-DAE0-4B27-A01B-E1A7BC224CCF}" = rport=139 | protocol=6 | dir=out | app=system |
"{C57A3A73-64B1-47E6-8E60-091A8CB31C01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CCDED883-9060-4BE1-A7F9-3ED55199630E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0791FF6-B500-4E40-8E81-39ACAC81F59B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E455F4EB-A9E5-474F-9F61-75C4D137366E}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0BDC35C-05B2-4F66-9E42-7B5B175C81AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F75EF522-427C-4CB4-9CBA-917F3BDE7E68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FF5A3842-3B7A-40AF-B343-66308D912510}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083B59A4-DA70-4319-B906-6C86232946CF}" = protocol=6 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
"{10F10DB3-51F6-4D23-BAD8-BB180C1B3238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12551D06-E2D6-4235-A7D5-DC450E9E2018}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{1418575D-F3D4-458F-AE09-7DC8D6B2045E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{165546DB-BDB1-4364-AB50-70CABA22A822}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1FB81182-62E3-4CBE-9129-B2F4F6359EC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1FC5B328-0000-4AC4-B486-DD2C8859461F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{273C1677-B85B-4D5B-B79B-ABB1B51A8B42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{2A2ED212-4056-4683-BDAD-FA34F777B7CB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{37A916D3-334F-4127-A92E-7836EE62351B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{44611FDB-BBE2-4B31-B511-32EBD198A291}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{46EABC21-9904-4F99-A92C-E228080D63C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{478102E6-08F3-462C-A205-F70FF7E3236C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{47E0B5C9-154E-4DC4-8D5B-9C6248159F6F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49F6B60A-1B73-446E-A085-DDB996D09E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5EE8FEAB-AAFB-4EEA-BC41-90A7E65AF0A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{605F08B5-3E6D-4372-A897-D88AC54D6498}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{636CC741-2B64-4B48-92C5-7F0436DA49D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{68C9DA72-BF0D-4AEA-87A5-D387C390FA8C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6C6A7E36-91E0-4A5B-8C13-ACF276FA504C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{6F91CD18-B61B-4ED5-9317-F6AE8343A802}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7423406F-2CEA-43C7-AEFC-1A4D0B6073DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{748405CF-7CDB-4D1B-A14B-B91522297C16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{74BF339F-0DCD-4F5F-B8A0-46C1B42A8451}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{8334D303-D609-40EA-9842-DCFC80B4CAF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85B54D38-BA01-454B-B5C3-F891987CC4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{98830A54-98E2-4384-B097-15AD7E0E8C76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9CAF1862-CE9D-4946-A4F9-E8B73C1B970F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F78426A-93CF-4323-AB54-BE96CEC0C9C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6A77267-313C-4ED6-A9DA-1253B574E53B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7D11A65-DF24-4095-BCAE-336A4B5FE070}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A81FE208-1E76-47AF-A5C7-6EAB894CD21A}" = protocol=6 | dir=out | app=system |
"{B1B1CA28-7005-4895-B8B5-BFB1B3C46DA2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{B3E6D358-7F98-4778-B3D8-7F0B735A3D31}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{BEEAC975-0817-484C-AF46-D7D612A54C6A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{BF6289A7-B331-474F-A370-3787D1FDE6CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C5511FE0-35FC-4391-A406-76BB4E60E1F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C83A7D1B-043B-48D8-97D5-06F01B6EDEC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF377927-43CD-4E66-90FF-1665825B8DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
"{D6580117-5A34-4436-A9D1-8A5200605CA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8C20F36-3CD4-454B-8CA3-5CA080B456B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFEC8CE1-0645-4BF6-8F18-06E9F867B790}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E6794D92-796D-4E2D-A992-7BA6E4F63A8A}" = protocol=17 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
"{EBE27D55-A6F6-4551-A1A0-4EEE9A90A446}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{F4B17C81-98DF-41B8-8352-F27CAA8C1ACF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F5A13A26-5CCA-4373-9668-DE9CABC6FCF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F781D1F4-753F-4817-B317-653CF077A325}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{FB4F562F-5F78-4181-BA91-D281DA9651F6}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
"{FF463651-5654-4515-BD39-062220619B88}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{7902F131-4134-44FD-BA63-8416EFA894D5}C:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{79767DD8-D8CC-42E5-AEF8-27E7D05AB71B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{68F2D9F0-9693-4100-A9C8-BEAA5BF13A0A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C2CBA964-C861-4EFC-B3DC-EBBA2D78A16C}C:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
"{F2A13695-0BD3-47E2-91E0-2F5DB86FA439}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"AVG" = AVG 2012
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype&#8482; 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBits Magic Desktop" = Magic Desktop
"FileZilla Client" = FileZilla Client 3.5.1
"Google Desktop" = Google Desktop
"Hypercosm Player 5_is1" = Hypercosm Player 3.42
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"UnityWebPlayer" = Unity Web Player (All users)
"Veetle TV" = Veetle TV 0.9.17
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/03/2012 16:04:16 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 28/03/2012 11:11:24 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 31/03/2012 10:59:23 | Computer Name = JoBowman-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 188c Start
Time: 01cd08f7dd5a7ff0 Termination Time: 2669 Application Path: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe Report Id: 0b399a1c-7b42-11e1-a6af-60eb6900c9d5


Error - 31/03/2012 10:59:24 | Computer Name = JoBowman-PC | Source = Application Hang | ID = 1002
Description = The program DllHost.exe version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cb8 Start
Time: 01cd0bfb4704fc4a Termination Time: 3783 Application Path: C:\Windows\SysWOW64\DllHost.exe

Report
Id:

Error - 01/04/2012 15:12:23 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 08/04/2012 14:22:13 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 10/04/2012 09:28:53 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/04/2012 07:49:41 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 15/04/2012 14:02:34 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

Error - 15/04/2012 14:12:17 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
Description =

[ Hewlett-Packard Events ]
Error - 16/06/2012 06:51:51 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 23/06/2012 08:14:15 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 23/06/2012 08:15:18 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 30/06/2012 05:56:38 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 30/06/2012 05:57:06 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 02/07/2012 01:17:37 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 02/07/2012 01:18:09 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 02/07/2012 01:19:19 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 02/07/2012 01:19:50 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 04/07/2012 01:22:41 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 24/02/2013 02:44:12 | Computer Name = JoBowman-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 24/02/2013 07:36:38 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 24/02/2013 09:03:26 | Computer Name = JoBowman-PC | Source = DCOM | ID = 10010
Description =

Error - 24/02/2013 09:05:15 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 26/02/2013 05:12:29 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 27/02/2013 05:55:42 | Computer Name = JoBowman-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 27/02/2013 06:27:37 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 27/02/2013 08:58:01 | Computer Name = JoBowman-PC | Source = DCOM | ID = 10010
Description =

Error - 27/02/2013 11:44:38 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 28/02/2013 05:23:52 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter


< End of report >

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jo Bowman :: JOBOWMAN-PC [administrator]

02/03/2013 19:43:00
mbam-log-2013-03-02 (19-43-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229776
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

wannabeageek

Malware Specialist
Joined
Nov 11, 2009
Messages
581
Hello joob,

Many thanks. Here are the logs you asked for.
The PC does indeed seem to be booting more quickly and running a little faster.
No problems executing your instructions.
Thanks.
My pleasure. :)


Your latest set of logs appear to be clean! :D

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Clean up with OTL

  • Double-click OTL.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Create a new, clean System Restore point

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm



Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Now we needed to deal with security vulnerabilities
Uninstall HiJackThis

Uninstall Programs
I need you to uninstall some program(s).

  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      HiJackThis
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.




Install Java - Save these files to your Desktop. Then install them one at a time.
Here: Windows Offline (32-bit)
and
Here: Windows Offline (64-bit)

Install Adobe Reader
Here: http://get.adobe.com/reader/
Be sure to UNCHECK the radio box for McAfee Security Scan Plus.
Here are some optional free programs I recommend that could help you improve your computer's security.

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE


MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
 

joob

Thread Starter
Joined
Feb 9, 2013
Messages
20
Hi wannabeageek

I've done all that and will follow the advice for keeping on top of malware in the future.
Thanks so much for your help and the best of luck to you.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top