View Full Version : Computer locked with a FBI warning, cant use it at all
DeeDee12
2013-03-30, 18:53
Hello. I have a laptop that belongs to a friend's son. The laptop will not display anything other than this page that says FBI, please send $500 using a green-dot card to unlock it. I have never seen anything like it before. I have no idea of how to help him. Any and all help will be very much appreciated.
Dakeyras
2013-04-05, 14:16
Hi. :)
Do you still require assistance ?
If so merely acknowledge this post and also inform myself which exact Operating System is in use on the infected machine and do you have a USB type Flash drive we could make use of etc.
DeeDee12
2013-04-05, 15:46
Yes, thank you, I am still in need of help.....the operating system is Windows 7....Yes I do have a flash drive that I can use..
Dakeyras
2013-04-05, 16:17
Acknowledged and you're welcome! :)
Could you inform myself please which type of Windows 7 is in use, as in is it either a 32 Bit or 64 Bit architecture ?
DeeDee12
2013-04-05, 19:28
I have no idea. Can you tell me how to find out?...It just says Windows 7 Home Premium.
Dakeyras
2013-04-05, 21:39
Hi. :)
I have no idea. Can you tell me how to find out?...It just says Windows 7 Home Premium.
OK we will merely have to work around this as with the machine in its current inoperable state we would be unable to find out etc.
Unless any of the identifying stickers/logos on the machine state such and or you have the documentation on hand...
Anyway most vendors tend to ship Windows 7 machines with the 64 Bit version so we will try a 64 Bit based tool first and if it does not run we will know it is 32 Bit and in turn use the appropriate.
Scan with Farbar Recovery Scan Tool:
Please download and save Farbar Recovery Scan Tool 64-Bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) to a Flash/USB drive.
Then insert the Flash/USB drive into the infected machine....
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.
DeeDee12
2013-04-05, 23:06
I am running the tool now ans I also see in the command prompt that it says X:windows\system32...If that helps at all..
The scan is complete now:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 23 days old)
Ran by SYSTEM at 05-04-2013 11:58:30
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [982880 2012-04-14] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a [59224 2011-11-22] (ClearwireCM)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [295072 2012-12-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP [1685792 2012-12-20] (Inbox.com, Inc.)
HKU\Shermqn Cooper\...\Run: [GenieoUpdaterService] "C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [290144 2012-11-26] ()
HKU\Shermqn Cooper\...\Run: [GenieoSystemTray] "C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [526688 2012-11-26] ()
HKU\Shermqn Cooper\...\Run: [Google Update] "C:\Users\Shermqn Cooper\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-11] (Google Inc.)
HKU\Shermqn Cooper\...\Run: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup [103224 2011-09-25] (Linkury)
HKU\Shermqn Cooper\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1652736 2010-04-29] (AWS Convergence Technologies, Inc.)
HKU\Shermqn Cooper\...\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [1179648 2011-10-11] (W3i, LLC)
HKU\Shermqn Cooper\...\Run: [Akamai NetSession Interface] "C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Shermqn Cooper\...\Run: [Conduit] rundll32.exe "C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll",RunNtServiceW [348672 2012-11-18] (The GTK developer community)
HKU\Shermqn Cooper\...\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup [55512 2012-12-14] (Raptr, Inc)
HKU\Shermqn Cooper\...\Policies\system: [DisableRegedit] 0
HKU\Shermqn Cooper\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs [x ] ()
AppInit_DLLs:
IMEO\a.exe: [Debugger] svchost.exe
IMEO\aAvgApi.exe: [Debugger] svchost.exe
IMEO\AAWTray.exe: [Debugger] svchost.exe
IMEO\About.exe: [Debugger] svchost.exe
IMEO\ackwin32.exe: [Debugger] svchost.exe
IMEO\Ad-Aware.exe: [Debugger] svchost.exe
IMEO\adaware.exe: [Debugger] svchost.exe
IMEO\advxdwin.exe: [Debugger] svchost.exe
IMEO\AdwarePrj.exe: [Debugger] svchost.exe
IMEO\agent.exe: [Debugger] svchost.exe
IMEO\agentsvr.exe: [Debugger] svchost.exe
IMEO\agentw.exe: [Debugger] svchost.exe
IMEO\alertsvc.exe: [Debugger] svchost.exe
IMEO\alevir.exe: [Debugger] svchost.exe
IMEO\alogserv.exe: [Debugger] svchost.exe
IMEO\AlphaAV: [Debugger] svchost.exe
IMEO\AlphaAV.exe: [Debugger] svchost.exe
IMEO\AluSchedulerSvc.exe: [Debugger] svchost.exe
IMEO\amon9x.exe: [Debugger] svchost.exe
IMEO\anti-trojan.exe: [Debugger] svchost.exe
IMEO\Anti-Virus Professional.exe: [Debugger] svchost.exe
IMEO\AntispywarXP2009.exe: [Debugger] svchost.exe
IMEO\antivirus.exe: [Debugger] svchost.exe
IMEO\AntivirusPlus: [Debugger] svchost.exe
IMEO\AntivirusPlus.exe: [Debugger] svchost.exe
IMEO\AntivirusPro_2010.exe: [Debugger] svchost.exe
IMEO\AntivirusXP: [Debugger] svchost.exe
IMEO\AntivirusXP.exe: [Debugger] svchost.exe
IMEO\antivirusxppro2009.exe: [Debugger] svchost.exe
IMEO\AntiVirus_Pro.exe: [Debugger] svchost.exe
IMEO\ants.exe: [Debugger] svchost.exe
IMEO\apimonitor.exe: [Debugger] svchost.exe
IMEO\aplica32.exe: [Debugger] svchost.exe
IMEO\apvxdwin.exe: [Debugger] svchost.exe
IMEO\arr.exe: [Debugger] svchost.exe
IMEO\ashAvast.exe: [Debugger] svchost.exe
IMEO\ashBug.exe: [Debugger] svchost.exe
IMEO\ashChest.exe: [Debugger] svchost.exe
IMEO\ashCnsnt.exe: [Debugger] svchost.exe
IMEO\ashDisp.exe: [Debugger] svchost.exe
IMEO\ashLogV.exe: [Debugger] svchost.exe
IMEO\ashMaiSv.exe: [Debugger] svchost.exe
IMEO\ashPopWz.exe: [Debugger] svchost.exe
IMEO\ashQuick.exe: [Debugger] svchost.exe
IMEO\ashServ.exe: [Debugger] svchost.exe
IMEO\ashSimp2.exe: [Debugger] svchost.exe
IMEO\ashSimpl.exe: [Debugger] svchost.exe
IMEO\ashSkPcc.exe: [Debugger] svchost.exe
IMEO\ashSkPck.exe: [Debugger] svchost.exe
IMEO\ashUpd.exe: [Debugger] svchost.exe
IMEO\ashWebSv.exe: [Debugger] svchost.exe
IMEO\aswChLic.exe: [Debugger] svchost.exe
IMEO\aswRegSvr.exe: [Debugger] svchost.exe
IMEO\aswRunDll.exe: [Debugger] svchost.exe
IMEO\aswUpdSv.exe: [Debugger] svchost.exe
IMEO\atcon.exe: [Debugger] svchost.exe
IMEO\atguard.exe: [Debugger] svchost.exe
IMEO\atro55en.exe: [Debugger] svchost.exe
IMEO\atupdater.exe: [Debugger] svchost.exe
IMEO\atwatch.exe: [Debugger] svchost.exe
IMEO\au.exe: [Debugger] svchost.exe
IMEO\aupdate.exe: [Debugger] svchost.exe
IMEO\auto-protect.nav80try.exe: [Debugger] svchost.exe
IMEO\autodown.exe: [Debugger] svchost.exe
IMEO\autotrace.exe: [Debugger] svchost.exe
IMEO\autoupdate.exe: [Debugger] svchost.exe
IMEO\av360.exe: [Debugger] svchost.exe
IMEO\avadmin.exe: [Debugger] svchost.exe
IMEO\avastSvc.exe: [Debugger] svchost.exe
IMEO\avastUI.exe: [Debugger] svchost.exe
IMEO\AVCare.exe: [Debugger] svchost.exe
IMEO\avcenter.exe: [Debugger] svchost.exe
IMEO\avciman.exe: [Debugger] svchost.exe
IMEO\avconfig.exe: [Debugger] svchost.exe
IMEO\avconsol.exe: [Debugger] svchost.exe
IMEO\ave32.exe: [Debugger] svchost.exe
IMEO\AVENGINE.EXE: [Debugger] svchost.exe
IMEO\avgcc32.exe: [Debugger] svchost.exe
IMEO\avgchk.exe: [Debugger] svchost.exe
IMEO\avgcmgr.exe: [Debugger] svchost.exe
IMEO\avgcsrvx.exe: [Debugger] svchost.exe
IMEO\avgctrl.exe: [Debugger] svchost.exe
IMEO\avgdumpx.exe: [Debugger] svchost.exe
IMEO\avgemc.exe: [Debugger] svchost.exe
IMEO\avgiproxy.exe: [Debugger] svchost.exe
IMEO\avgnsx.exe: [Debugger] svchost.exe
IMEO\avgnt.exe: [Debugger] svchost.exe
IMEO\avgrsx.exe: [Debugger] svchost.exe
IMEO\avgscanx.exe: [Debugger] svchost.exe
IMEO\avgserv.exe: [Debugger] svchost.exe
IMEO\avgserv9.exe: [Debugger] svchost.exe
IMEO\avgsrmax.exe: [Debugger] svchost.exe
IMEO\avgtray.exe: [Debugger] svchost.exe
IMEO\avguard.exe: [Debugger] svchost.exe
IMEO\avgui.exe: [Debugger] svchost.exe
IMEO\avgupd.exe: [Debugger] svchost.exe
IMEO\avgw.exe: [Debugger] svchost.exe
IMEO\avgwdsvc.exe: [Debugger] svchost.exe
IMEO\avkpop.exe: [Debugger] svchost.exe
IMEO\avkserv.exe: [Debugger] svchost.exe
IMEO\avkservice.exe: [Debugger] svchost.exe
IMEO\avkwctl9.exe: [Debugger] svchost.exe
IMEO\avltmain.exe: [Debugger] svchost.exe
IMEO\avmailc.exe: [Debugger] svchost.exe
IMEO\avmcdlg.exe: [Debugger] svchost.exe
IMEO\avnotify.exe: [Debugger] svchost.exe
IMEO\avnt.exe: [Debugger] svchost.exe
IMEO\avp32.exe: [Debugger] svchost.exe
IMEO\avpcc.exe: [Debugger] svchost.exe
IMEO\avpdos32.exe: [Debugger] svchost.exe
IMEO\avpm.exe: [Debugger] svchost.exe
IMEO\avptc32.exe: [Debugger] svchost.exe
IMEO\avpupd.exe: [Debugger] svchost.exe
IMEO\avsched32.exe: [Debugger] svchost.exe
IMEO\avshadow.exe: [Debugger] svchost.exe
IMEO\avsynmgr.exe: [Debugger] svchost.exe
IMEO\avupgsvc.exe: [Debugger] svchost.exe
IMEO\AVWEBGRD.EXE: [Debugger] svchost.exe
IMEO\avwin.exe: [Debugger] svchost.exe
IMEO\avwin95.exe: [Debugger] svchost.exe
IMEO\avwinnt.exe: [Debugger] svchost.exe
IMEO\avwsc.exe: [Debugger] svchost.exe
IMEO\avwupd.exe: [Debugger] svchost.exe
IMEO\avwupd32.exe: [Debugger] svchost.exe
IMEO\avwupsrv.exe: [Debugger] svchost.exe
IMEO\avxmonitor9x.exe: [Debugger] svchost.exe
IMEO\avxmonitornt.exe: [Debugger] svchost.exe
IMEO\avxquar.exe: [Debugger] svchost.exe
IMEO\b.exe: [Debugger] svchost.exe
IMEO\backweb.exe: [Debugger] svchost.exe
IMEO\bargains.exe: [Debugger] svchost.exe
IMEO\bdfvcl.exe: [Debugger] svchost.exe
IMEO\bdfvwiz.exe: [Debugger] svchost.exe
IMEO\BDInProcPatch.exe: [Debugger] svchost.exe
IMEO\bdmcon.exe: [Debugger] svchost.exe
IMEO\BDMsnScan.exe: [Debugger] svchost.exe
IMEO\BDSurvey.exe: [Debugger] svchost.exe
IMEO\bd_professional.exe: [Debugger] svchost.exe
IMEO\beagle.exe: [Debugger] svchost.exe
IMEO\belt.exe: [Debugger] svchost.exe
IMEO\bidef.exe: [Debugger] svchost.exe
IMEO\bidserver.exe: [Debugger] svchost.exe
IMEO\bipcp.exe: [Debugger] svchost.exe
IMEO\bipcpevalsetup.exe: [Debugger] svchost.exe
IMEO\bisp.exe: [Debugger] svchost.exe
IMEO\blackd.exe: [Debugger] svchost.exe
IMEO\blackice.exe: [Debugger] svchost.exe
IMEO\blink.exe: [Debugger] svchost.exe
IMEO\blss.exe: [Debugger] svchost.exe
IMEO\bootconf.exe: [Debugger] svchost.exe
IMEO\bootwarn.exe: [Debugger] svchost.exe
IMEO\borg2.exe: [Debugger] svchost.exe
IMEO\bpc.exe: [Debugger] svchost.exe
IMEO\brasil.exe: [Debugger] svchost.exe
IMEO\brastk.exe: [Debugger] svchost.exe
IMEO\brw.exe: [Debugger] svchost.exe
IMEO\bs120.exe: [Debugger] svchost.exe
IMEO\bspatch.exe: [Debugger] svchost.exe
IMEO\bundle.exe: [Debugger] svchost.exe
IMEO\bvt.exe: [Debugger] svchost.exe
IMEO\c.exe: [Debugger] svchost.exe
IMEO\cavscan.exe: [Debugger] svchost.exe
IMEO\ccapp.exe: [Debugger] svchost.exe
IMEO\ccevtmgr.exe: [Debugger] svchost.exe
IMEO\ccpxysvc.exe: [Debugger] svchost.exe
IMEO\ccSvcHst.exe: [Debugger] svchost.exe
IMEO\cdp.exe: [Debugger] svchost.exe
IMEO\cfd.exe: [Debugger] svchost.exe
IMEO\cfgwiz.exe: [Debugger] svchost.exe
IMEO\cfiadmin.exe: [Debugger] svchost.exe
IMEO\cfiaudit.exe: [Debugger] svchost.exe
IMEO\cfinet.exe: [Debugger] svchost.exe
IMEO\cfinet32.exe: [Debugger] svchost.exe
IMEO\cfp.exe: [Debugger] svchost.exe
IMEO\cfpconfg.exe: [Debugger] svchost.exe
IMEO\cfplogvw.exe: [Debugger] svchost.exe
IMEO\cfpupdat.exe: [Debugger] svchost.exe
IMEO\claw95.exe: [Debugger] svchost.exe
IMEO\claw95cf.exe: [Debugger] svchost.exe
IMEO\clean.exe: [Debugger] svchost.exe
IMEO\cleaner.exe: [Debugger] svchost.exe
IMEO\cleaner3.exe: [Debugger] svchost.exe
IMEO\cleanIELow.exe: [Debugger] svchost.exe
IMEO\cleanpc.exe: [Debugger] svchost.exe
IMEO\click.exe: [Debugger] svchost.exe
IMEO\cmd32.exe: [Debugger] svchost.exe
IMEO\cmdagent.exe: [Debugger] svchost.exe
IMEO\cmesys.exe: [Debugger] svchost.exe
IMEO\cmgrdian.exe: [Debugger] svchost.exe
IMEO\cmon016.exe: [Debugger] svchost.exe
IMEO\connectionmonitor.exe: [Debugger] svchost.exe
IMEO\control: [Debugger] svchost.exe
IMEO\cpd.exe: [Debugger] svchost.exe
IMEO\cpf9x206.exe: [Debugger] svchost.exe
IMEO\cpfnt206.exe: [Debugger] svchost.exe
IMEO\crashrep.exe: [Debugger] svchost.exe
IMEO\csc.exe: [Debugger] svchost.exe
IMEO\cssconfg.exe: [Debugger] svchost.exe
IMEO\cssupdat.exe: [Debugger] svchost.exe
IMEO\cssurf.exe: [Debugger] svchost.exe
IMEO\ctrl.exe: [Debugger] svchost.exe
IMEO\cv.exe: [Debugger] svchost.exe
IMEO\cwnb181.exe: [Debugger] svchost.exe
IMEO\cwntdwmo.exe: [Debugger] svchost.exe
IMEO\d.exe: [Debugger] svchost.exe
IMEO\datemanager.exe: [Debugger] svchost.exe
IMEO\dcomx.exe: [Debugger] svchost.exe
IMEO\defalert.exe: [Debugger] svchost.exe
IMEO\defscangui.exe: [Debugger] svchost.exe
IMEO\defwatch.exe: [Debugger] svchost.exe
IMEO\deloeminfs.exe: [Debugger] svchost.exe
IMEO\deputy.exe: [Debugger] svchost.exe
IMEO\divx.exe: [Debugger] svchost.exe
IMEO\dllcache.exe: [Debugger] svchost.exe
IMEO\dllreg.exe: [Debugger] svchost.exe
IMEO\doors.exe: [Debugger] svchost.exe
IMEO\dop.exe: [Debugger] svchost.exe
IMEO\dpf.exe: [Debugger] svchost.exe
IMEO\dpfsetup.exe: [Debugger] svchost.exe
IMEO\dpps2.exe: [Debugger] svchost.exe
IMEO\driverctrl.exe: [Debugger] svchost.exe
IMEO\drwatson.exe: [Debugger] svchost.exe
IMEO\drweb32.exe: [Debugger] svchost.exe
IMEO\drwebupw.exe: [Debugger] svchost.exe
IMEO\dssagent.exe: [Debugger] svchost.exe
IMEO\dvp95.exe: [Debugger] svchost.exe
IMEO\dvp95_0.exe: [Debugger] svchost.exe
IMEO\ecengine.exe: [Debugger] svchost.exe
IMEO\efpeadm.exe: [Debugger] svchost.exe
IMEO\emsw.exe: [Debugger] svchost.exe
IMEO\ent.exe: [Debugger] svchost.exe
IMEO\esafe.exe: [Debugger] svchost.exe
IMEO\escanhnt.exe: [Debugger] svchost.exe
IMEO\escanv95.exe: [Debugger] svchost.exe
IMEO\espwatch.exe: [Debugger] svchost.exe
IMEO\ethereal.exe: [Debugger] svchost.exe
IMEO\etrustcipe.exe: [Debugger] svchost.exe
IMEO\evpn.exe: [Debugger] svchost.exe
IMEO\exantivirus-cnet.exe: [Debugger] svchost.exe
IMEO\exe.avxw.exe: [Debugger] svchost.exe
IMEO\expert.exe: [Debugger] svchost.exe
IMEO\explore.exe: [Debugger] svchost.exe
IMEO\f-agnt95.exe: [Debugger] svchost.exe
IMEO\f-prot.exe: [Debugger] svchost.exe
IMEO\f-prot95.exe: [Debugger] svchost.exe
IMEO\f-stopw.exe: [Debugger] svchost.exe
IMEO\fact.exe: [Debugger] svchost.exe
IMEO\fameh32.exe: [Debugger] svchost.exe
IMEO\fast.exe: [Debugger] svchost.exe
IMEO\fch32.exe: [Debugger] svchost.exe
IMEO\fih32.exe: [Debugger] svchost.exe
IMEO\findviru.exe: [Debugger] svchost.exe
IMEO\firewall.exe: [Debugger] svchost.exe
IMEO\fixcfg.exe: [Debugger] svchost.exe
IMEO\fixfp.exe: [Debugger] svchost.exe
IMEO\fnrb32.exe: [Debugger] svchost.exe
IMEO\fp-win.exe: [Debugger] svchost.exe
IMEO\fp-win_trial.exe: [Debugger] svchost.exe
IMEO\fprot.exe: [Debugger] svchost.exe
IMEO\frmwrk32.exe: [Debugger] svchost.exe
IMEO\frw.exe: [Debugger] svchost.exe
IMEO\fsaa.exe: [Debugger] svchost.exe
IMEO\fsav.exe: [Debugger] svchost.exe
IMEO\fsav32.exe: [Debugger] svchost.exe
IMEO\fsav530stbyb.exe: [Debugger] svchost.exe
IMEO\fsav530wtbyb.exe: [Debugger] svchost.exe
IMEO\fsav95.exe: [Debugger] svchost.exe
IMEO\fsgk32.exe: [Debugger] svchost.exe
IMEO\fsm32.exe: [Debugger] svchost.exe
IMEO\fsma32.exe: [Debugger] svchost.exe
IMEO\fsmb32.exe: [Debugger] svchost.exe
IMEO\gator.exe: [Debugger] svchost.exe
IMEO\gav.exe: [Debugger] svchost.exe
IMEO\gbmenu.exe: [Debugger] svchost.exe
IMEO\gbn976rl.exe: [Debugger] svchost.exe
IMEO\gbpoll.exe: [Debugger] svchost.exe
IMEO\generics.exe: [Debugger] svchost.exe
IMEO\gmt.exe: [Debugger] svchost.exe
IMEO\guard.exe: [Debugger] svchost.exe
IMEO\guarddog.exe: [Debugger] svchost.exe
IMEO\guardgui.exe: [Debugger] svchost.exe
IMEO\hacktracersetup.exe: [Debugger] svchost.exe
IMEO\hbinst.exe: [Debugger] svchost.exe
IMEO\hbsrv.exe: [Debugger] svchost.exe
IMEO\History.exe: [Debugger] svchost.exe
IMEO\homeav2010.exe: [Debugger] svchost.exe
IMEO\hotactio.exe: [Debugger] svchost.exe
IMEO\hotpatch.exe: [Debugger] svchost.exe
IMEO\htlog.exe: [Debugger] svchost.exe
IMEO\htpatch.exe: [Debugger] svchost.exe
IMEO\hwpe.exe: [Debugger] svchost.exe
IMEO\hxdl.exe: [Debugger] svchost.exe
IMEO\hxiul.exe: [Debugger] svchost.exe
IMEO\iamapp.exe: [Debugger] svchost.exe
IMEO\iamserv.exe: [Debugger] svchost.exe
IMEO\iamstats.exe: [Debugger] svchost.exe
IMEO\ibmasn.exe: [Debugger] svchost.exe
IMEO\ibmavsp.exe: [Debugger] svchost.exe
IMEO\icload95.exe: [Debugger] svchost.exe
IMEO\icloadnt.exe: [Debugger] svchost.exe
IMEO\icmon.exe: [Debugger] svchost.exe
IMEO\icsupp95.exe: [Debugger] svchost.exe
IMEO\icsuppnt.exe: [Debugger] svchost.exe
IMEO\Identity.exe: [Debugger] svchost.exe
IMEO\idle.exe: [Debugger] svchost.exe
IMEO\iedll.exe: [Debugger] svchost.exe
IMEO\iedriver.exe: [Debugger] svchost.exe
IMEO\IEShow.exe: [Debugger] svchost.exe
IMEO\iface.exe: [Debugger] svchost.exe
IMEO\ifw2000.exe: [Debugger] svchost.exe
IMEO\inetlnfo.exe: [Debugger] svchost.exe
IMEO\infus.exe: [Debugger] svchost.exe
IMEO\infwin.exe: [Debugger] svchost.exe
IMEO\init.exe: [Debugger] svchost.exe
IMEO\init32.exe : [Debugger] svchost.exe
IMEO\install[1].exe: [Debugger] svchost.exe
IMEO\install[2].exe: [Debugger] svchost.exe
IMEO\install[3].exe: [Debugger] svchost.exe
IMEO\install[4].exe: [Debugger] svchost.exe
IMEO\install[5].exe: [Debugger] svchost.exe
IMEO\intdel.exe: [Debugger] svchost.exe
IMEO\intren.exe: [Debugger] svchost.exe
IMEO\iomon98.exe: [Debugger] svchost.exe
IMEO\istsvc.exe: [Debugger] svchost.exe
IMEO\jammer.exe: [Debugger] svchost.exe
IMEO\jdbgmrg.exe: [Debugger] svchost.exe
IMEO\jedi.exe: [Debugger] svchost.exe
IMEO\JsRcGen.exe: [Debugger] svchost.exe
IMEO\kavlite40eng.exe: [Debugger] svchost.exe
IMEO\kavpers40eng.exe: [Debugger] svchost.exe
IMEO\kavpf.exe: [Debugger] svchost.exe
IMEO\kazza.exe: [Debugger] svchost.exe
IMEO\keenvalue.exe: [Debugger] svchost.exe
IMEO\kerio-pf-213-en-win.exe: [Debugger] svchost.exe
IMEO\kerio-wrl-421-en-win.exe: [Debugger] svchost.exe
IMEO\kerio-wrp-421-en-win.exe: [Debugger] svchost.exe
IMEO\killprocesssetup161.exe: [Debugger] svchost.exe
IMEO\ldnetmon.exe: [Debugger] svchost.exe
IMEO\ldpro.exe: [Debugger] svchost.exe
IMEO\ldpromenu.exe: [Debugger] svchost.exe
IMEO\ldscan.exe: [Debugger] svchost.exe
IMEO\licmgr.exe: [Debugger] svchost.exe
IMEO\lnetinfo.exe: [Debugger] svchost.exe
IMEO\loader.exe: [Debugger] svchost.exe
IMEO\localnet.exe: [Debugger] svchost.exe
IMEO\lockdown.exe: [Debugger] svchost.exe
IMEO\lockdown2000.exe: [Debugger] svchost.exe
IMEO\lookout.exe: [Debugger] svchost.exe
IMEO\lordpe.exe: [Debugger] svchost.exe
IMEO\lsetup.exe: [Debugger] svchost.exe
IMEO\luall.exe: [Debugger] svchost.exe
IMEO\luau.exe: [Debugger] svchost.exe
IMEO\lucomserver.exe: [Debugger] svchost.exe
IMEO\luinit.exe: [Debugger] svchost.exe
IMEO\luspt.exe: [Debugger] svchost.exe
IMEO\MalwareRemoval.exe: [Debugger] svchost.exe
IMEO\mapisvc32.exe: [Debugger] svchost.exe
IMEO\mbam.exe: [Debugger] svchost.exe
IMEO\mbamgui.exe: [Debugger] svchost.exe
IMEO\mbamservice.exe: [Debugger] svchost.exe
IMEO\mcagent.exe: [Debugger] svchost.exe
IMEO\mcmnhdlr.exe: [Debugger] svchost.exe
IMEO\mcmpeng.exe: [Debugger] svchost.exe
IMEO\mcmscsvc.exe: [Debugger] svchost.exe
IMEO\mcnasvc.exe: [Debugger] svchost.exe
IMEO\mcproxy.exe: [Debugger] svchost.exe
IMEO\McSACore.exe: [Debugger] svchost.exe
IMEO\mcshell.exe: [Debugger] svchost.exe
IMEO\mcshield.exe: [Debugger] svchost.exe
IMEO\mcsysmon.exe: [Debugger] svchost.exe
IMEO\mctool.exe: [Debugger] svchost.exe
IMEO\mcupdate.exe: [Debugger] svchost.exe
IMEO\mcvsrte.exe: [Debugger] svchost.exe
IMEO\mcvsshld.exe: [Debugger] svchost.exe
IMEO\md.exe: [Debugger] svchost.exe
IMEO\mfin32.exe: [Debugger] svchost.exe
IMEO\mfw2en.exe: [Debugger] svchost.exe
IMEO\mfweng3.02d30.exe: [Debugger] svchost.exe
IMEO\mgavrtcl.exe: [Debugger] svchost.exe
IMEO\mgavrte.exe: [Debugger] svchost.exe
IMEO\mghtml.exe: [Debugger] svchost.exe
IMEO\mgui.exe: [Debugger] svchost.exe
IMEO\minilog.exe: [Debugger] svchost.exe
IMEO\mmod.exe: [Debugger] svchost.exe
IMEO\monitor.exe: [Debugger] svchost.exe
IMEO\moolive.exe: [Debugger] svchost.exe
IMEO\mostat.exe: [Debugger] svchost.exe
IMEO\mpfagent.exe: [Debugger] svchost.exe
IMEO\mpfservice.exe: [Debugger] svchost.exe
IMEO\MPFSrv.exe: [Debugger] svchost.exe
IMEO\mpftray.exe: [Debugger] svchost.exe
IMEO\mrflux.exe: [Debugger] svchost.exe
IMEO\mrt.exe: [Debugger] svchost.exe
IMEO\msa.exe: [Debugger] svchost.exe
IMEO\msapp.exe: [Debugger] svchost.exe
IMEO\MSASCui.exe: [Debugger] svchost.exe
IMEO\msbb.exe: [Debugger] svchost.exe
IMEO\msblast.exe: [Debugger] svchost.exe
IMEO\mscache.exe: [Debugger] svchost.exe
IMEO\msccn32.exe: [Debugger] svchost.exe
IMEO\mscman.exe: [Debugger] svchost.exe
IMEO\msconfig: [Debugger] svchost.exe
IMEO\msdm.exe: [Debugger] svchost.exe
IMEO\msdos.exe: [Debugger] svchost.exe
IMEO\msiexec16.exe: [Debugger] svchost.exe
IMEO\mslaugh.exe: [Debugger] svchost.exe
IMEO\msmgt.exe: [Debugger] svchost.exe
IMEO\msmsgri32.exe: [Debugger] svchost.exe
IMEO\msseces.exe: [Debugger] svchost.exe
IMEO\mssmmc32.exe: [Debugger] svchost.exe
IMEO\mssys.exe: [Debugger] svchost.exe
IMEO\msvxd.exe: [Debugger] svchost.exe
IMEO\mu0311ad.exe: [Debugger] svchost.exe
IMEO\mwatch.exe: [Debugger] svchost.exe
IMEO\n32scanw.exe: [Debugger] svchost.exe
IMEO\nav.exe: [Debugger] svchost.exe
IMEO\navap.navapsvc.exe: [Debugger] svchost.exe
IMEO\navapsvc.exe: [Debugger] svchost.exe
IMEO\navapw32.exe: [Debugger] svchost.exe
IMEO\navdx.exe: [Debugger] svchost.exe
IMEO\navlu32.exe: [Debugger] svchost.exe
IMEO\navnt.exe: [Debugger] svchost.exe
IMEO\navstub.exe: [Debugger] svchost.exe
IMEO\navw32.exe: [Debugger] svchost.exe
IMEO\navwnt.exe: [Debugger] svchost.exe
IMEO\nc2000.exe: [Debugger] svchost.exe
IMEO\ncinst4.exe: [Debugger] svchost.exe
IMEO\ndd32.exe: [Debugger] svchost.exe
IMEO\neomonitor.exe: [Debugger] svchost.exe
IMEO\neowatchlog.exe: [Debugger] svchost.exe
IMEO\netarmor.exe: [Debugger] svchost.exe
IMEO\netd32.exe: [Debugger] svchost.exe
IMEO\netinfo.exe: [Debugger] svchost.exe
IMEO\netmon.exe: [Debugger] svchost.exe
IMEO\netscanpro.exe: [Debugger] svchost.exe
IMEO\netspyhunter-1.2.exe: [Debugger] svchost.exe
IMEO\netutils.exe: [Debugger] svchost.exe
IMEO\nisserv.exe: [Debugger] svchost.exe
IMEO\nisum.exe: [Debugger] svchost.exe
IMEO\nmain.exe: [Debugger] svchost.exe
IMEO\nod32.exe: [Debugger] svchost.exe
IMEO\normist.exe: [Debugger] svchost.exe
IMEO\norton_internet_secu_3.0_407.exe: [Debugger] svchost.exe
IMEO\notstart.exe: [Debugger] svchost.exe
IMEO\npf40_tw_98_nt_me_2k.exe: [Debugger] svchost.exe
IMEO\npfmessenger.exe: [Debugger] svchost.exe
IMEO\nprotect.exe: [Debugger] svchost.exe
IMEO\npscheck.exe: [Debugger] svchost.exe
IMEO\npssvc.exe: [Debugger] svchost.exe
IMEO\nsched32.exe: [Debugger] svchost.exe
IMEO\nssys32.exe: [Debugger] svchost.exe
IMEO\nstask32.exe: [Debugger] svchost.exe
IMEO\nsupdate.exe: [Debugger] svchost.exe
IMEO\nt.exe: [Debugger] svchost.exe
IMEO\ntrtscan.exe: [Debugger] svchost.exe
IMEO\ntvdm.exe: [Debugger] svchost.exe
IMEO\ntxconfig.exe: [Debugger] svchost.exe
IMEO\nui.exe: [Debugger] svchost.exe
IMEO\nupgrade.exe: [Debugger] svchost.exe
IMEO\nvarch16.exe: [Debugger] svchost.exe
IMEO\nvc95.exe: [Debugger] svchost.exe
IMEO\nvsvc32.exe: [Debugger] svchost.exe
IMEO\nwinst4.exe: [Debugger] svchost.exe
IMEO\nwservice.exe: [Debugger] svchost.exe
IMEO\nwtool16.exe: [Debugger] svchost.exe
IMEO\OAcat.exe: [Debugger] svchost.exe
IMEO\OAhlp.exe: [Debugger] svchost.exe
IMEO\OAReg.exe: [Debugger] svchost.exe
IMEO\oasrv.exe: [Debugger] svchost.exe
IMEO\oaui.exe: [Debugger] svchost.exe
IMEO\oaview.exe: [Debugger] svchost.exe
IMEO\ODSW.exe: [Debugger] svchost.exe
IMEO\ollydbg.exe: [Debugger] svchost.exe
IMEO\onsrvr.exe: [Debugger] svchost.exe
IMEO\optimize.exe: [Debugger] svchost.exe
IMEO\ostronet.exe: [Debugger] svchost.exe
IMEO\otfix.exe: [Debugger] svchost.exe
IMEO\outpost.exe: [Debugger] svchost.exe
IMEO\outpostinstall.exe: [Debugger] svchost.exe
IMEO\outpostproinstall.exe: [Debugger] svchost.exe
IMEO\ozn695m5.exe: [Debugger] svchost.exe
IMEO\padmin.exe: [Debugger] svchost.exe
IMEO\panixk.exe: [Debugger] svchost.exe
IMEO\patch.exe: [Debugger] svchost.exe
IMEO\pav.exe: [Debugger] svchost.exe
IMEO\pavcl.exe: [Debugger] svchost.exe
IMEO\PavFnSvr.exe: [Debugger] svchost.exe
IMEO\pavproxy.exe: [Debugger] svchost.exe
IMEO\pavprsrv.exe: [Debugger] svchost.exe
IMEO\pavsched.exe: [Debugger] svchost.exe
IMEO\pavsrv51.exe: [Debugger] svchost.exe
IMEO\pavw.exe: [Debugger] svchost.exe
IMEO\pc.exe: [Debugger] svchost.exe
IMEO\pccwin98.exe: [Debugger] svchost.exe
IMEO\pcfwallicon.exe: [Debugger] svchost.exe
IMEO\pcip10117_0.exe: [Debugger] svchost.exe
IMEO\pcscan.exe: [Debugger] svchost.exe
IMEO\pctsAuxs.exe: [Debugger] svchost.exe
IMEO\pctsGui.exe: [Debugger] svchost.exe
IMEO\pctsSvc.exe: [Debugger] svchost.exe
IMEO\pctsTray.exe: [Debugger] svchost.exe
IMEO\PC_Antispyware2010.exe: [Debugger] svchost.exe
IMEO\pdfndr.exe: [Debugger] svchost.exe
IMEO\pdsetup.exe: [Debugger] svchost.exe
IMEO\PerAvir.exe: [Debugger] svchost.exe
IMEO\periscope.exe: [Debugger] svchost.exe
IMEO\persfw.exe: [Debugger] svchost.exe
IMEO\personalguard: [Debugger] svchost.exe
IMEO\personalguard.exe: [Debugger] svchost.exe
IMEO\perswf.exe: [Debugger] svchost.exe
IMEO\pf2.exe: [Debugger] svchost.exe
IMEO\pfwadmin.exe: [Debugger] svchost.exe
IMEO\pgmonitr.exe: [Debugger] svchost.exe
IMEO\pingscan.exe: [Debugger] svchost.exe
IMEO\platin.exe: [Debugger] svchost.exe
IMEO\pop3trap.exe: [Debugger] svchost.exe
IMEO\poproxy.exe: [Debugger] svchost.exe
IMEO\popscan.exe: [Debugger] svchost.exe
IMEO\portdetective.exe: [Debugger] svchost.exe
IMEO\portmonitor.exe: [Debugger] svchost.exe
IMEO\powerscan.exe: [Debugger] svchost.exe
IMEO\ppinupdt.exe: [Debugger] svchost.exe
IMEO\pptbc.exe: [Debugger] svchost.exe
IMEO\ppvstop.exe: [Debugger] svchost.exe
IMEO\prizesurfer.exe: [Debugger] svchost.exe
IMEO\prmt.exe: [Debugger] svchost.exe
IMEO\prmvr.exe: [Debugger] svchost.exe
IMEO\procdump.exe: [Debugger] svchost.exe
IMEO\processmonitor.exe: [Debugger] svchost.exe
IMEO\procexplorerv1.0.exe: [Debugger] svchost.exe
IMEO\programauditor.exe: [Debugger] svchost.exe
IMEO\proport.exe: [Debugger] svchost.exe
IMEO\protector.exe: [Debugger] svchost.exe
IMEO\protectx.exe: [Debugger] svchost.exe
IMEO\PSANCU.exe: [Debugger] svchost.exe
IMEO\PSANHost.exe: [Debugger] svchost.exe
IMEO\PSANToManager.exe: [Debugger] svchost.exe
IMEO\PsCtrls.exe: [Debugger] svchost.exe
IMEO\PsImSvc.exe: [Debugger] svchost.exe
IMEO\PskSvc.exe: [Debugger] svchost.exe
IMEO\pspf.exe: [Debugger] svchost.exe
IMEO\PSUNMain.exe: [Debugger] svchost.exe
IMEO\purge.exe: [Debugger] svchost.exe
IMEO\qconsole.exe: [Debugger] svchost.exe
IMEO\qh.exe: [Debugger] svchost.exe
IMEO\qserver.exe: [Debugger] svchost.exe
IMEO\Quick Heal.exe: [Debugger] svchost.exe
IMEO\QuickHealCleaner.exe: [Debugger] svchost.exe
IMEO\rapapp.exe: [Debugger] svchost.exe
IMEO\rav7.exe: [Debugger] svchost.exe
IMEO\rav7win.exe: [Debugger] svchost.exe
IMEO\rav8win32eng.exe: [Debugger] svchost.exe
IMEO\ray.exe: [Debugger] svchost.exe
IMEO\rb32.exe: [Debugger] svchost.exe
IMEO\rcsync.exe: [Debugger] svchost.exe
IMEO\realmon.exe: [Debugger] svchost.exe
IMEO\reged.exe: [Debugger] svchost.exe
IMEO\regedt32.exe: [Debugger] svchost.exe
IMEO\rescue.exe: [Debugger] svchost.exe
IMEO\rescue32.exe: [Debugger] svchost.exe
IMEO\rrguard.exe: [Debugger] svchost.exe
IMEO\rscdwld.exe: [Debugger] svchost.exe
IMEO\rshell.exe: [Debugger] svchost.exe
IMEO\rtvscan.exe: [Debugger] svchost.exe
IMEO\rtvscn95.exe: [Debugger] svchost.exe
IMEO\rulaunch.exe: [Debugger] svchost.exe
IMEO\rwg: [Debugger] svchost.exe
IMEO\rwg.exe: [Debugger] svchost.exe
IMEO\SafetyKeeper.exe: [Debugger] svchost.exe
IMEO\safeweb.exe: [Debugger] svchost.exe
IMEO\sahagent.exe: [Debugger] svchost.exe
IMEO\Save.exe: [Debugger] svchost.exe
IMEO\SaveArmor.exe: [Debugger] svchost.exe
IMEO\SaveDefense.exe: [Debugger] svchost.exe
IMEO\SaveKeep.exe: [Debugger] svchost.exe
IMEO\savenow.exe: [Debugger] svchost.exe
IMEO\sbserv.exe: [Debugger] svchost.exe
IMEO\sc.exe: [Debugger] svchost.exe
IMEO\scam32.exe: [Debugger] svchost.exe
IMEO\scan32.exe: [Debugger] svchost.exe
IMEO\scan95.exe: [Debugger] svchost.exe
IMEO\scanpm.exe: [Debugger] svchost.exe
IMEO\scrscan.exe: [Debugger] svchost.exe
IMEO\Secure Veteran.exe: [Debugger] svchost.exe
IMEO\secureveteran.exe: [Debugger] svchost.exe
IMEO\Security Center.exe: [Debugger] svchost.exe
IMEO\SecurityFighter.exe: [Debugger] svchost.exe
IMEO\securitysoldier.exe: [Debugger] svchost.exe
IMEO\serv95.exe: [Debugger] svchost.exe
IMEO\setloadorder.exe: [Debugger] svchost.exe
IMEO\setupvameeval.exe: [Debugger] svchost.exe
IMEO\setup_flowprotector_us.exe: [Debugger] svchost.exe
IMEO\sgssfw32.exe: [Debugger] svchost.exe
IMEO\sh.exe: [Debugger] svchost.exe
IMEO\shellspyinstall.exe: [Debugger] svchost.exe
IMEO\shield.exe: [Debugger] svchost.exe
IMEO\shn.exe: [Debugger] svchost.exe
IMEO\showbehind.exe: [Debugger] svchost.exe
IMEO\signcheck.exe: [Debugger] svchost.exe
IMEO\smart.exe: [Debugger] svchost.exe
IMEO\smartprotector.exe: [Debugger] svchost.exe
IMEO\smc.exe: [Debugger] svchost.exe
IMEO\smrtdefp.exe: [Debugger] svchost.exe
IMEO\sms.exe: [Debugger] svchost.exe
IMEO\smss32.exe: [Debugger] svchost.exe
IMEO\snetcfg.exe: [Debugger] svchost.exe
IMEO\soap.exe: [Debugger] svchost.exe
IMEO\sofi.exe: [Debugger] svchost.exe
IMEO\SoftSafeness.exe: [Debugger] svchost.exe
IMEO\sperm.exe: [Debugger] svchost.exe
IMEO\spf.exe: [Debugger] svchost.exe
IMEO\sphinx.exe: [Debugger] svchost.exe
IMEO\spoler.exe: [Debugger] svchost.exe
IMEO\spoolcv.exe: [Debugger] svchost.exe
IMEO\spoolsv32.exe: [Debugger] svchost.exe
IMEO\spywarexpguard.exe: [Debugger] svchost.exe
IMEO\spyxx.exe: [Debugger] svchost.exe
IMEO\srexe.exe: [Debugger] svchost.exe
IMEO\srng.exe: [Debugger] svchost.exe
IMEO\ss3edit.exe: [Debugger] svchost.exe
IMEO\ssgrate.exe: [Debugger] svchost.exe
IMEO\ssg_4104.exe: [Debugger] svchost.exe
IMEO\st2.exe: [Debugger] svchost.exe
IMEO\start.exe: [Debugger] svchost.exe
IMEO\stcloader.exe: [Debugger] svchost.exe
IMEO\supftrl.exe: [Debugger] svchost.exe
IMEO\support.exe: [Debugger] svchost.exe
IMEO\supporter5.exe: [Debugger] svchost.exe
IMEO\svc.exe: [Debugger] svchost.exe
IMEO\svchostc.exe: [Debugger] svchost.exe
IMEO\svchosts.exe: [Debugger] svchost.exe
IMEO\svshost.exe: [Debugger] svchost.exe
IMEO\sweep95.exe: [Debugger] svchost.exe
IMEO\sweepnet.sweepsrv.sys.swnetsup.exe: [Debugger] svchost.exe
IMEO\symlcsvc.exe: [Debugger] svchost.exe
IMEO\symproxysvc.exe: [Debugger] svchost.exe
IMEO\symtray.exe: [Debugger] svchost.exe
IMEO\system.exe: [Debugger] svchost.exe
IMEO\system32.exe: [Debugger] svchost.exe
IMEO\sysupd.exe: [Debugger] svchost.exe
IMEO\tapinstall.exe: [Debugger] svchost.exe
IMEO\taumon.exe: [Debugger] svchost.exe
IMEO\tbscan.exe: [Debugger] svchost.exe
IMEO\tc.exe: [Debugger] svchost.exe
IMEO\tca.exe: [Debugger] svchost.exe
IMEO\tcm.exe: [Debugger] svchost.exe
IMEO\tds-3.exe: [Debugger] svchost.exe
IMEO\tds2-98.exe: [Debugger] svchost.exe
IMEO\tds2-nt.exe: [Debugger] svchost.exe
IMEO\teekids.exe: [Debugger] svchost.exe
IMEO\tfak.exe: [Debugger] svchost.exe
IMEO\tfak5.exe: [Debugger] svchost.exe
IMEO\tgbob.exe: [Debugger] svchost.exe
IMEO\titanin.exe: [Debugger] svchost.exe
IMEO\titaninxp.exe: [Debugger] svchost.exe
IMEO\TPSrv.exe: [Debugger] svchost.exe
IMEO\trickler.exe: [Debugger] svchost.exe
IMEO\trjscan.exe: [Debugger] svchost.exe
IMEO\trjsetup.exe: [Debugger] svchost.exe
IMEO\trojantrap3.exe: [Debugger] svchost.exe
IMEO\TrustWarrior.exe: [Debugger] svchost.exe
IMEO\tsadbot.exe: [Debugger] svchost.exe
IMEO\tsc.exe: [Debugger] svchost.exe
IMEO\tvmd.exe: [Debugger] svchost.exe
IMEO\tvtmd.exe: [Debugger] svchost.exe
IMEO\undoboot.exe: [Debugger] svchost.exe
IMEO\updat.exe: [Debugger] svchost.exe
IMEO\upgrad.exe: [Debugger] svchost.exe
IMEO\utpost.exe: [Debugger] svchost.exe
IMEO\vbcmserv.exe: [Debugger] svchost.exe
IMEO\vbcons.exe: [Debugger] svchost.exe
IMEO\vbust.exe: [Debugger] svchost.exe
IMEO\vbwin9x.exe: [Debugger] svchost.exe
IMEO\vbwinntw.exe: [Debugger] svchost.exe
IMEO\vcsetup.exe: [Debugger] svchost.exe
IMEO\vet32.exe: [Debugger] svchost.exe
IMEO\vet95.exe: [Debugger] svchost.exe
IMEO\vettray.exe: [Debugger] svchost.exe
IMEO\vfsetup.exe: [Debugger] svchost.exe
IMEO\vir-help.exe: [Debugger] svchost.exe
IMEO\virusmdpersonalfirewall.exe: [Debugger] svchost.exe
IMEO\VisthAux.exe: [Debugger] svchost.exe
IMEO\VisthLic.exe: [Debugger] svchost.exe
IMEO\VisthUpd.exe: [Debugger] svchost.exe
IMEO\vnlan300.exe: [Debugger] svchost.exe
IMEO\vnpc3000.exe: [Debugger] svchost.exe
IMEO\vpc32.exe: [Debugger] svchost.exe
IMEO\vpc42.exe: [Debugger] svchost.exe
IMEO\vpfw30s.exe: [Debugger] svchost.exe
IMEO\vptray.exe: [Debugger] svchost.exe
IMEO\vscan40.exe: [Debugger] svchost.exe
IMEO\vscenu6.02d30.exe: [Debugger] svchost.exe
IMEO\vsched.exe: [Debugger] svchost.exe
IMEO\vsecomr.exe: [Debugger] svchost.exe
IMEO\vshwin32.exe: [Debugger] svchost.exe
IMEO\vsisetup.exe: [Debugger] svchost.exe
IMEO\vsmain.exe: [Debugger] svchost.exe
IMEO\vsmon.exe: [Debugger] svchost.exe
IMEO\vsstat.exe: [Debugger] svchost.exe
IMEO\vswin9xe.exe: [Debugger] svchost.exe
IMEO\vswinntse.exe: [Debugger] svchost.exe
IMEO\vswinperse.exe: [Debugger] svchost.exe
IMEO\w32dsm89.exe: [Debugger] svchost.exe
IMEO\W3asbas.exe: [Debugger] svchost.exe
IMEO\w9x.exe: [Debugger] svchost.exe
IMEO\watchdog.exe: [Debugger] svchost.exe
IMEO\webdav.exe: [Debugger] svchost.exe
IMEO\WebProxy.exe: [Debugger] svchost.exe
IMEO\webscanx.exe: [Debugger] svchost.exe
IMEO\webtrap.exe: [Debugger] svchost.exe
IMEO\wfindv32.exe: [Debugger] svchost.exe
IMEO\whoswatchingme.exe: [Debugger] svchost.exe
IMEO\wimmun32.exe: [Debugger] svchost.exe
IMEO\win-bugsfix.exe: [Debugger] svchost.exe
IMEO\win32.exe: [Debugger] svchost.exe
IMEO\win32us.exe: [Debugger] svchost.exe
IMEO\winactive.exe: [Debugger] svchost.exe
IMEO\winav.exe: [Debugger] svchost.exe
IMEO\windll32.exe: [Debugger] svchost.exe
IMEO\window.exe: [Debugger] svchost.exe
IMEO\windows Police Pro.exe: [Debugger] svchost.exe
IMEO\windows.exe: [Debugger] svchost.exe
IMEO\wininetd.exe: [Debugger] svchost.exe
IMEO\wininitx.exe: [Debugger] svchost.exe
IMEO\winlogin.exe: [Debugger] svchost.exe
IMEO\winmain.exe: [Debugger] svchost.exe
IMEO\winppr32.exe: [Debugger] svchost.exe
IMEO\winrecon.exe: [Debugger] svchost.exe
IMEO\winservn.exe: [Debugger] svchost.exe
IMEO\winssk32.exe: [Debugger] svchost.exe
IMEO\winstart.exe: [Debugger] svchost.exe
IMEO\winstart001.exe: [Debugger] svchost.exe
IMEO\wintsk32.exe: [Debugger] svchost.exe
IMEO\winupdate.exe: [Debugger] svchost.exe
IMEO\wkufind.exe: [Debugger] svchost.exe
IMEO\wnad.exe: [Debugger] svchost.exe
IMEO\wnt.exe: [Debugger] svchost.exe
IMEO\wradmin.exe: [Debugger] svchost.exe
IMEO\wrctrl.exe: [Debugger] svchost.exe
IMEO\wsbgate.exe: [Debugger] svchost.exe
IMEO\wscfxas.exe: [Debugger] svchost.exe
IMEO\wscfxav.exe: [Debugger] svchost.exe
IMEO\wscfxfw.exe: [Debugger] svchost.exe
IMEO\wsctool.exe: [Debugger] svchost.exe
IMEO\wupdater.exe: [Debugger] svchost.exe
IMEO\wupdt.exe: [Debugger] svchost.exe
IMEO\wyvernworksfirewall.exe: [Debugger] svchost.exe
IMEO\xpdeluxe.exe: [Debugger] svchost.exe
IMEO\xpf202en.exe: [Debugger] svchost.exe
IMEO\xp_antispyware.exe: [Debugger] svchost.exe
IMEO\zapro.exe: [Debugger] svchost.exe
IMEO\zapsetup3001.exe: [Debugger] svchost.exe
IMEO\zatutor.exe: [Debugger] svchost.exe
IMEO\zonalm2601.exe: [Debugger] svchost.exe
IMEO\zonealarm.exe: [Debugger] svchost.exe
IMEO\_avp32.exe: [Debugger] svchost.exe
IMEO\_avpcc.exe: [Debugger] svchost.exe
IMEO\_avpm.exe: [Debugger] svchost.exe
IMEO\~1.exe: [Debugger] svchost.exe
IMEO\~2.exe: [Debugger] svchost.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Shermqn Cooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe ()
==================== Services (Whitelisted) ===================
3 CACLEARWIRE; "C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe" /n "CACLEARWIRE" [124760 2011-11-22] (SmithMicro Inc.)
2 clearwireDeviceDiagnosticsService; "C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe" [407552 2011-03-29] ()
3 CLEARWIRERcAppSvc; "C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" [120664 2011-11-22] (SmithMicro Inc.)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [234776 2012-09-05] (McAfee, Inc.)
2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [38608 2012-11-29] ()
2 SMSI Device Launch Service; "C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe" /n "SMSI Device Launch Service" [108376 2011-11-22] ()
2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2012-04-24] (Wajam)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [x]
==================== Drivers (Whitelisted) =====================
3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [382848 2011-10-17] (Beceem communications pvt ltd.)
3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [60416 2011-10-17] (Beceem communications pvt ltd.)
3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 X6va005; \??\C:\Users\SHERMQ~1\AppData\Local\Temp\005A236.tmp [x]
3 X6va006; \??\C:\Users\SHERMQ~1\AppData\Local\Temp\0064119.tmp [x]
3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-04-05 11:58 - 2013-04-05 11:58 - 00000000 ____D C:\FRST
==================== One Month Modified Files and Folders =======
2013-04-05 11:58 - 2013-04-05 11:58 - 00000000 ____D C:\FRST
2013-04-05 07:25 - 2011-12-26 01:25 - 01432921 ____A C:\Windows\WindowsUpdate.log
2013-04-05 07:24 - 2012-07-10 13:08 - 00000412 ____A C:\Windows\Tasks\ActiveMail Chrome Watcher.job
2013-04-05 07:20 - 2012-02-11 22:09 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001UA.job
2013-04-05 07:08 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-05 07:08 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-05 07:04 - 2009-07-13 21:13 - 00742690 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-05 07:01 - 2012-07-06 13:07 - 00000396 ____A C:\Windows\Tasks\ActiveMail Updater.job
2013-04-05 06:59 - 2012-02-20 05:41 - 00000000 ____D C:\Program Files (x86)\Linkury
2013-04-05 06:58 - 2012-12-30 16:31 - 00113664 ____A (Usip) C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs.exe
2013-04-05 06:58 - 2012-12-30 16:15 - 00113664 ____A (Usip) C:\Users\Shermqn Cooper\AppData\Local\_bd_uylzs.exe
2013-04-05 06:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-05 06:57 - 2009-07-13 20:51 - 00068283 ____A C:\Windows\setupact.log
2013-04-05 06:53 - 2012-12-30 16:15 - 00113664 ____A (Usip) C:\ProgramData\_bd_uylzs.exe
2013-03-11 13:19 - 2012-05-18 13:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-12-14 03:29:51
Restore point made on: 2012-12-20 21:51:52
Restore point made on: 2012-12-22 03:00:58
Restore point made on: 2012-12-25 08:20:13
Restore point made on: 2012-12-29 13:38:29
Restore point made on: 2012-12-31 21:37:38
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3690.91 MB
Available physical RAM: 3016.7 MB
Total Pagefile: 3689.05 MB
Available Pagefile: 3005.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:446.98 GB) (Free:336.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:14.62 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
5 Drive h: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1928 MB 0 B
Partitions of Disk 0:
===============
Disk ID: 27DA6E45
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 446 GB 200 MB
Partition 3 Primary 14 GB 447 GB
Partition 4 Primary 4063 MB 461 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 446 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 14 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy
=========================================================
Partitions of Disk 1:
===============
Disk ID: 00000001
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1928 MB 0 B
==================================================================================
Disk: 1
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 27DA6E45
Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB
Partition 2:
=========
Hex: 007E261907FEFFFF004006000060DF37
Active: NO
Type: 07 (NTFS)
Size: 447 GB
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00A0E53700C0D301
Active: NO
Type: 07 (NTFS)
Size: 15 GB
Partition 4:
=========
Hex: 00FEFFFF0CFEFFFF0060B93930F87E00
Active: NO
Type: 0C
Size: 4 GB
==============================
Partitions of Disk 1:
===============
Disk ID: 6B736964
Partition 1:
=========
Hex: 616E64207468656E2070726573732061
Active: NO
Type: 74
Size: 777 GB
Partition 2:
=========
Hex: 6E79206B65790D0A0000494F20202020
Active: NO
Type: 65
Size: 257 GB
Partition 3:
=========
Hex: 20205359534D53444F53202020535953
Active: NO
Type: 53
Size: 667 GB
Partition 4:
=========
Hex: 7F010041BB0007807E020EE940FF0000
Active: NO
Type: BB
Size: 32 MB
Last Boot: 2013-01-06 11:51
==================== End Of Log =============================
Dakeyras
2013-04-06, 11:54
Hi. :)
Lets proceed as follows shall we...
Custom FRST Script:
Please download the attached fixlist.txt(see below) and save it to your flash drive.
Now please enter System Recovery Options on the infected machine again and then select Command Prompt.
Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file in your next reply
Reboot the machine back into Normal Mode.
Note: This above custom script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Download/Run ComboFix:
Please visit this webpage for download links, and instructions for running the tool:
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html) <-- Click on this link.Please include the C:\ComboFix.txt in your next reply for further review.
Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.
If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a trained Anti-Malware helper.
Next:
When completed the above, please post back the following in the order asked for:
How is the computer performing now, any other symptoms and or problems encountered?
New FRST Log
ComboFix Log.
DeeDee12
2013-04-06, 21:41
Hi...I did as you instructed but nothing is happening..It has been over an hour and the computer just sits. Should there be something to show that it is working?
Dakeyras
2013-04-07, 03:09
Please elaborate for myself...
Do you mean this has occurred after running the Custom FRST Script or ComboFix ? :)
DeeDee12
2013-04-07, 04:26
It happened after running the Custom FRST. I am not sure it even ran. I did as you said, ran the FRST64, the flash drive was in the infected computer, then pressed the Fix button and nothing happened..
Thanks for all your help.
Dakeyras
2013-04-07, 12:06
Hi. :)
Thanks for all your help.
You're welcome!
It happened after running the Custom FRST. I am not sure it even ran. I did as you said, ran the FRST64, the flash drive was in the infected computer, then pressed the Fix button and nothing happened..
OK reboot(restart) the infected machine if you have not already done so and let myself know if still the original problem/symptoms as in the fake screen, the machine is non responsive etc.
Also please check on your flash drive if a notepad file named Fixlog.txt is present, if it is post the contents in your next reply please.
DeeDee12
2013-04-07, 16:50
Hi... I am just now closing everything and rebooting the infected machine..On closing one screen it said "No fixlist.txt found. The fixlist.txt should be made and saved in the same directory the tool is located."
When I rebooted the machine the fake screen is still there..
Also there is a text box on the screen that says "Select a Video Device:".
One other thing I should tell you the touch pad on the infected machine is not working at times I had to connect a mouse.
I then opened the flash drive and found this:
Start
HKU\Shermqn Cooper\...\Run: [Conduit] rundll32.exe "C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll",RunNtServiceW [348672 2012-11-18] (The GTK developer
HKU\Shermqn Cooper\...\Policies\system: [DisableRegedit] 0
HKU\Shermqn Cooper\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs [x ] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [x]
3 X6va005; \??\C:\Users\SHERMQ~1\AppData\Local\Temp\005A236.tmp [x]
3 X6va006; \??\C:\Users\SHERMQ~1\AppData\Local\Temp\0064119.tmp [x]
3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
2013-04-05 06:58 - 2012-12-30 16:31 - 00113664 ____A (Usip) C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs.exe
2013-04-05 06:58 - 2012-12-30 16:15 - 00113664 ____A (Usip) C:\Users\Shermqn Cooper\AppData\Local\_bd_uylzs.exe
2013-04-05 06:53 - 2012-12-30 16:15 - 00113664 ____A (Usip) C:\ProgramData\_bd_uylzs.exe
Startup: C:\Users\Shermqn Cooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe ()
IMEO\a.exe: [Debugger] svchost.exe
IMEO\aAvgApi.exe: [Debugger] svchost.exe
IMEO\AAWTray.exe: [Debugger] svchost.exe
IMEO\About.exe: [Debugger] svchost.exe
IMEO\ackwin32.exe: [Debugger] svchost.exe
IMEO\Ad-Aware.exe: [Debugger] svchost.exe
IMEO\adaware.exe: [Debugger] svchost.exe
IMEO\advxdwin.exe: [Debugger] svchost.exe
IMEO\AdwarePrj.exe: [Debugger] svchost.exe
IMEO\agent.exe: [Debugger] svchost.exe
IMEO\agentsvr.exe: [Debugger] svchost.exe
IMEO\agentw.exe: [Debugger] svchost.exe
IMEO\alertsvc.exe: [Debugger] svchost.exe
IMEO\alevir.exe: [Debugger] svchost.exe
IMEO\alogserv.exe: [Debugger] svchost.exe
IMEO\AlphaAV: [Debugger] svchost.exe
IMEO\AlphaAV.exe: [Debugger] svchost.exe
IMEO\AluSchedulerSvc.exe: [Debugger] svchost.exe
IMEO\amon9x.exe: [Debugger] svchost.exe
IMEO\anti-trojan.exe: [Debugger] svchost.exe
IMEO\Anti-Virus Professional.exe: [Debugger] svchost.exe
IMEO\AntispywarXP2009.exe: [Debugger] svchost.exe
IMEO\antivirus.exe: [Debugger] svchost.exe
IMEO\AntivirusPlus: [Debugger] svchost.exe
IMEO\AntivirusPlus.exe: [Debugger] svchost.exe
IMEO\AntivirusPro_2010.exe: [Debugger] svchost.exe
IMEO\AntivirusXP: [Debugger] svchost.exe
IMEO\AntivirusXP.exe: [Debugger] svchost.exe
IMEO\antivirusxppro2009.exe: [Debugger] svchost.exe
IMEO\AntiVirus_Pro.exe: [Debugger] svchost.exe
IMEO\ants.exe: [Debugger] svchost.exe
IMEO\apimonitor.exe: [Debugger] svchost.exe
IMEO\aplica32.exe: [Debugger] svchost.exe
IMEO\apvxdwin.exe: [Debugger] svchost.exe
IMEO\arr.exe: [Debugger] svchost.exe
IMEO\ashAvast.exe: [Debugger] svchost.exe
IMEO\ashBug.exe: [Debugger] svchost.exe
IMEO\ashChest.exe: [Debugger] svchost.exe
IMEO\ashCnsnt.exe: [Debugger] svchost.exe
IMEO\ashDisp.exe: [Debugger] svchost.exe
IMEO\ashLogV.exe: [Debugger] svchost.exe
IMEO\ashMaiSv.exe: [Debugger] svchost.exe
IMEO\ashPopWz.exe: [Debugger] svchost.exe
IMEO\ashQuick.exe: [Debugger] svchost.exe
IMEO\ashServ.exe: [Debugger] svchost.exe
IMEO\ashSimp2.exe: [Debugger] svchost.exe
IMEO\ashSimpl.exe: [Debugger] svchost.exe
IMEO\ashSkPcc.exe: [Debugger] svchost.exe
IMEO\ashSkPck.exe: [Debugger] svchost.exe
IMEO\ashUpd.exe: [Debugger] svchost.exe
IMEO\ashWebSv.exe: [Debugger] svchost.exe
IMEO\aswChLic.exe: [Debugger] svchost.exe
IMEO\aswRegSvr.exe: [Debugger] svchost.exe
IMEO\aswRunDll.exe: [Debugger] svchost.exe
IMEO\aswUpdSv.exe: [Debugger] svchost.exe
IMEO\atcon.exe: [Debugger] svchost.exe
IMEO\atguard.exe: [Debugger] svchost.exe
IMEO\atro55en.exe: [Debugger] svchost.exe
IMEO\atupdater.exe: [Debugger] svchost.exe
IMEO\atwatch.exe: [Debugger] svchost.exe
IMEO\au.exe: [Debugger] svchost.exe
IMEO\aupdate.exe: [Debugger] svchost.exe
IMEO\auto-protect.nav80try.exe: [Debugger] svchost.exe
IMEO\autodown.exe: [Debugger] svchost.exe
IMEO\autotrace.exe: [Debugger] svchost.exe
IMEO\autoupdate.exe: [Debugger] svchost.exe
IMEO\av360.exe: [Debugger] svchost.exe
IMEO\avadmin.exe: [Debugger] svchost.exe
IMEO\avastSvc.exe: [Debugger] svchost.exe
IMEO\avastUI.exe: [Debugger] svchost.exe
IMEO\AVCare.exe: [Debugger] svchost.exe
IMEO\avcenter.exe: [Debugger] svchost.exe
IMEO\avciman.exe: [Debugger] svchost.exe
IMEO\avconfig.exe: [Debugger] svchost.exe
IMEO\avconsol.exe: [Debugger] svchost.exe
IMEO\ave32.exe: [Debugger] svchost.exe
IMEO\AVENGINE.EXE: [Debugger] svchost.exe
IMEO\avgcc32.exe: [Debugger] svchost.exe
IMEO\avgchk.exe: [Debugger] svchost.exe
IMEO\avgcmgr.exe: [Debugger] svchost.exe
IMEO\avgcsrvx.exe: [Debugger] svchost.exe
IMEO\avgctrl.exe: [Debugger] svchost.exe
IMEO\avgdumpx.exe: [Debugger] svchost.exe
IMEO\avgemc.exe: [Debugger] svchost.exe
IMEO\avgiproxy.exe: [Debugger] svchost.exe
IMEO\avgnsx.exe: [Debugger] svchost.exe
IMEO\avgnt.exe: [Debugger] svchost.exe
IMEO\avgrsx.exe: [Debugger] svchost.exe
IMEO\avgscanx.exe: [Debugger] svchost.exe
IMEO\avgserv.exe: [Debugger] svchost.exe
IMEO\avgserv9.exe: [Debugger] svchost.exe
IMEO\avgsrmax.exe: [Debugger] svchost.exe
IMEO\avgtray.exe: [Debugger] svchost.exe
IMEO\avguard.exe: [Debugger] svchost.exe
IMEO\avgui.exe: [Debugger] svchost.exe
IMEO\avgupd.exe: [Debugger] svchost.exe
IMEO\avgw.exe: [Debugger] svchost.exe
IMEO\avgwdsvc.exe: [Debugger] svchost.exe
IMEO\avkpop.exe: [Debugger] svchost.exe
IMEO\avkserv.exe: [Debugger] svchost.exe
IMEO\avkservice.exe: [Debugger] svchost.exe
IMEO\avkwctl9.exe: [Debugger] svchost.exe
IMEO\avltmain.exe: [Debugger] svchost.exe
IMEO\avmailc.exe: [Debugger] svchost.exe
IMEO\avmcdlg.exe: [Debugger] svchost.exe
IMEO\avnotify.exe: [Debugger] svchost.exe
IMEO\avnt.exe: [Debugger] svchost.exe
IMEO\avp32.exe: [Debugger] svchost.exe
IMEO\avpcc.exe: [Debugger] svchost.exe
IMEO\avpdos32.exe: [Debugger] svchost.exe
IMEO\avpm.exe: [Debugger] svchost.exe
IMEO\avptc32.exe: [Debugger] svchost.exe
IMEO\avpupd.exe: [Debugger] svchost.exe
IMEO\avsched32.exe: [Debugger] svchost.exe
IMEO\avshadow.exe: [Debugger] svchost.exe
IMEO\avsynmgr.exe: [Debugger] svchost.exe
IMEO\avupgsvc.exe: [Debugger] svchost.exe
IMEO\AVWEBGRD.EXE: [Debugger] svchost.exe
IMEO\avwin.exe: [Debugger] svchost.exe
IMEO\avwin95.exe: [Debugger] svchost.exe
IMEO\avwinnt.exe: [Debugger] svchost.exe
IMEO\avwsc.exe: [Debugger] svchost.exe
IMEO\avwupd.exe: [Debugger] svchost.exe
IMEO\avwupd32.exe: [Debugger] svchost.exe
IMEO\avwupsrv.exe: [Debugger] svchost.exe
IMEO\avxmonitor9x.exe: [Debugger] svchost.exe
IMEO\avxmonitornt.exe: [Debugger] svchost.exe
IMEO\avxquar.exe: [Debugger] svchost.exe
IMEO\b.exe: [Debugger] svchost.exe
IMEO\backweb.exe: [Debugger] svchost.exe
IMEO\bargains.exe: [Debugger] svchost.exe
IMEO\bdfvcl.exe: [Debugger] svchost.exe
IMEO\bdfvwiz.exe: [Debugger] svchost.exe
IMEO\BDInProcPatch.exe: [Debugger] svchost.exe
IMEO\bdmcon.exe: [Debugger] svchost.exe
IMEO\BDMsnScan.exe: [Debugger] svchost.exe
IMEO\BDSurvey.exe: [Debugger] svchost.exe
IMEO\bd_professional.exe: [Debugger] svchost.exe
IMEO\beagle.exe: [Debugger] svchost.exe
IMEO\belt.exe: [Debugger] svchost.exe
IMEO\bidef.exe: [Debugger] svchost.exe
IMEO\bidserver.exe: [Debugger] svchost.exe
IMEO\bipcp.exe: [Debugger] svchost.exe
IMEO\bipcpevalsetup.exe: [Debugger] svchost.exe
IMEO\bisp.exe: [Debugger] svchost.exe
IMEO\blackd.exe: [Debugger] svchost.exe
IMEO\blackice.exe: [Debugger] svchost.exe
IMEO\blink.exe: [Debugger] svchost.exe
IMEO\blss.exe: [Debugger] svchost.exe
IMEO\bootconf.exe: [Debugger] svchost.exe
IMEO\bootwarn.exe: [Debugger] svchost.exe
IMEO\borg2.exe: [Debugger] svchost.exe
IMEO\bpc.exe: [Debugger] svchost.exe
IMEO\brasil.exe: [Debugger] svchost.exe
IMEO\brastk.exe: [Debugger] svchost.exe
IMEO\brw.exe: [Debugger] svchost.exe
IMEO\bs120.exe: [Debugger] svchost.exe
IMEO\bspatch.exe: [Debugger] svchost.exe
IMEO\bundle.exe: [Debugger] svchost.exe
IMEO\bvt.exe: [Debugger] svchost.exe
IMEO\c.exe: [Debugger] svchost.exe
IMEO\cavscan.exe: [Debugger] svchost.exe
IMEO\ccapp.exe: [Debugger] svchost.exe
IMEO\ccevtmgr.exe: [Debugger] svchost.exe
IMEO\ccpxysvc.exe: [Debugger] svchost.exe
IMEO\ccSvcHst.exe: [Debugger] svchost.exe
IMEO\cdp.exe: [Debugger] svchost.exe
IMEO\cfd.exe: [Debugger] svchost.exe
IMEO\cfgwiz.exe: [Debugger] svchost.exe
IMEO\cfiadmin.exe: [Debugger] svchost.exe
IMEO\cfiaudit.exe: [Debugger] svchost.exe
IMEO\cfinet.exe: [Debugger] svchost.exe
IMEO\cfinet32.exe: [Debugger] svchost.exe
IMEO\cfp.exe: [Debugger] svchost.exe
IMEO\cfpconfg.exe: [Debugger] svchost.exe
IMEO\cfplogvw.exe: [Debugger] svchost.exe
IMEO\cfpupdat.exe: [Debugger] svchost.exe
IMEO\claw95.exe: [Debugger] svchost.exe
IMEO\claw95cf.exe: [Debugger] svchost.exe
IMEO\clean.exe: [Debugger] svchost.exe
IMEO\cleaner.exe: [Debugger] svchost.exe
IMEO\cleaner3.exe: [Debugger] svchost.exe
IMEO\cleanIELow.exe: [Debugger] svchost.exe
IMEO\cleanpc.exe: [Debugger] svchost.exe
IMEO\click.exe: [Debugger] svchost.exe
IMEO\cmd32.exe: [Debugger] svchost.exe
IMEO\cmdagent.exe: [Debugger] svchost.exe
IMEO\cmesys.exe: [Debugger] svchost.exe
IMEO\cmgrdian.exe: [Debugger] svchost.exe
IMEO\cmon016.exe: [Debugger] svchost.exe
IMEO\connectionmonitor.exe: [Debugger] svchost.exe
IMEO\control: [Debugger] svchost.exe
IMEO\cpd.exe: [Debugger] svchost.exe
IMEO\cpf9x206.exe: [Debugger] svchost.exe
IMEO\cpfnt206.exe: [Debugger] svchost.exe
IMEO\crashrep.exe: [Debugger] svchost.exe
IMEO\csc.exe: [Debugger] svchost.exe
IMEO\cssconfg.exe: [Debugger] svchost.exe
IMEO\cssupdat.exe: [Debugger] svchost.exe
IMEO\cssurf.exe: [Debugger] svchost.exe
IMEO\ctrl.exe: [Debugger] svchost.exe
IMEO\cv.exe: [Debugger] svchost.exe
IMEO\cwnb181.exe: [Debugger] svchost.exe
IMEO\cwntdwmo.exe: [Debugger] svchost.exe
IMEO\d.exe: [Debugger] svchost.exe
IMEO\datemanager.exe: [Debugger] svchost.exe
IMEO\dcomx.exe: [Debugger] svchost.exe
IMEO\defalert.exe: [Debugger] svchost.exe
IMEO\defscangui.exe: [Debugger] svchost.exe
IMEO\defwatch.exe: [Debugger] svchost.exe
IMEO\deloeminfs.exe: [Debugger] svchost.exe
IMEO\deputy.exe: [Debugger] svchost.exe
IMEO\divx.exe: [Debugger] svchost.exe
IMEO\dllcache.exe: [Debugger] svchost.exe
IMEO\dllreg.exe: [Debugger] svchost.exe
IMEO\doors.exe: [Debugger] svchost.exe
IMEO\dop.exe: [Debugger] svchost.exe
IMEO\dpf.exe: [Debugger] svchost.exe
IMEO\dpfsetup.exe: [Debugger] svchost.exe
IMEO\dpps2.exe: [Debugger] svchost.exe
IMEO\driverctrl.exe: [Debugger] svchost.exe
IMEO\drwatson.exe: [Debugger] svchost.exe
IMEO\drweb32.exe: [Debugger] svchost.exe
IMEO\drwebupw.exe: [Debugger] svchost.exe
IMEO\dssagent.exe: [Debugger] svchost.exe
IMEO\dvp95.exe: [Debugger] svchost.exe
IMEO\dvp95_0.exe: [Debugger] svchost.exe
IMEO\ecengine.exe: [Debugger] svchost.exe
IMEO\efpeadm.exe: [Debugger] svchost.exe
IMEO\emsw.exe: [Debugger] svchost.exe
IMEO\ent.exe: [Debugger] svchost.exe
IMEO\esafe.exe: [Debugger] svchost.exe
IMEO\escanhnt.exe: [Debugger] svchost.exe
IMEO\escanv95.exe: [Debugger] svchost.exe
IMEO\espwatch.exe: [Debugger] svchost.exe
IMEO\ethereal.exe: [Debugger] svchost.exe
IMEO\etrustcipe.exe: [Debugger] svchost.exe
IMEO\evpn.exe: [Debugger] svchost.exe
IMEO\exantivirus-cnet.exe: [Debugger] svchost.exe
IMEO\exe.avxw.exe: [Debugger] svchost.exe
IMEO\expert.exe: [Debugger] svchost.exe
IMEO\explore.exe: [Debugger] svchost.exe
IMEO\f-agnt95.exe: [Debugger] svchost.exe
IMEO\f-prot.exe: [Debugger] svchost.exe
IMEO\f-prot95.exe: [Debugger] svchost.exe
IMEO\f-stopw.exe: [Debugger] svchost.exe
IMEO\fact.exe: [Debugger] svchost.exe
IMEO\fameh32.exe: [Debugger] svchost.exe
IMEO\fast.exe: [Debugger] svchost.exe
IMEO\fch32.exe: [Debugger] svchost.exe
IMEO\fih32.exe: [Debugger] svchost.exe
IMEO\findviru.exe: [Debugger] svchost.exe
IMEO\firewall.exe: [Debugger] svchost.exe
IMEO\fixcfg.exe: [Debugger] svchost.exe
IMEO\fixfp.exe: [Debugger] svchost.exe
IMEO\fnrb32.exe: [Debugger] svchost.exe
IMEO\fp-win.exe: [Debugger] svchost.exe
IMEO\fp-win_trial.exe: [Debugger] svchost.exe
IMEO\fprot.exe: [Debugger] svchost.exe
IMEO\frmwrk32.exe: [Debugger] svchost.exe
IMEO\frw.exe: [Debugger] svchost.exe
IMEO\fsaa.exe: [Debugger] svchost.exe
IMEO\fsav.exe: [Debugger] svchost.exe
IMEO\fsav32.exe: [Debugger] svchost.exe
IMEO\fsav530stbyb.exe: [Debugger] svchost.exe
IMEO\fsav530wtbyb.exe: [Debugger] svchost.exe
IMEO\fsav95.exe: [Debugger] svchost.exe
IMEO\fsgk32.exe: [Debugger] svchost.exe
IMEO\fsm32.exe: [Debugger] svchost.exe
IMEO\fsma32.exe: [Debugger] svchost.exe
IMEO\fsmb32.exe: [Debugger] svchost.exe
IMEO\gator.exe: [Debugger] svchost.exe
IMEO\gav.exe: [Debugger] svchost.exe
IMEO\gbmenu.exe: [Debugger] svchost.exe
IMEO\gbn976rl.exe: [Debugger] svchost.exe
IMEO\gbpoll.exe: [Debugger] svchost.exe
IMEO\generics.exe: [Debugger] svchost.exe
IMEO\gmt.exe: [Debugger] svchost.exe
IMEO\guard.exe: [Debugger] svchost.exe
IMEO\guarddog.exe: [Debugger] svchost.exe
IMEO\guardgui.exe: [Debugger] svchost.exe
IMEO\hacktracersetup.exe: [Debugger] svchost.exe
IMEO\hbinst.exe: [Debugger] svchost.exe
IMEO\hbsrv.exe: [Debugger] svchost.exe
IMEO\History.exe: [Debugger] svchost.exe
IMEO\homeav2010.exe: [Debugger] svchost.exe
IMEO\hotactio.exe: [Debugger] svchost.exe
IMEO\hotpatch.exe: [Debugger] svchost.exe
IMEO\htlog.exe: [Debugger] svchost.exe
IMEO\htpatch.exe: [Debugger] svchost.exe
IMEO\hwpe.exe: [Debugger] svchost.exe
IMEO\hxdl.exe: [Debugger] svchost.exe
IMEO\hxiul.exe: [Debugger] svchost.exe
IMEO\iamapp.exe: [Debugger] svchost.exe
IMEO\iamserv.exe: [Debugger] svchost.exe
IMEO\iamstats.exe: [Debugger] svchost.exe
IMEO\ibmasn.exe: [Debugger] svchost.exe
IMEO\ibmavsp.exe: [Debugger] svchost.exe
IMEO\icload95.exe: [Debugger] svchost.exe
IMEO\icloadnt.exe: [Debugger] svchost.exe
IMEO\icmon.exe: [Debugger] svchost.exe
IMEO\icsupp95.exe: [Debugger] svchost.exe
IMEO\icsuppnt.exe: [Debugger] svchost.exe
IMEO\Identity.exe: [Debugger] svchost.exe
IMEO\idle.exe: [Debugger] svchost.exe
IMEO\iedll.exe: [Debugger] svchost.exe
IMEO\iedriver.exe: [Debugger] svchost.exe
IMEO\IEShow.exe: [Debugger] svchost.exe
IMEO\iface.exe: [Debugger] svchost.exe
IMEO\ifw2000.exe: [Debugger] svchost.exe
IMEO\inetlnfo.exe: [Debugger] svchost.exe
IMEO\infus.exe: [Debugger] svchost.exe
IMEO\infwin.exe: [Debugger] svchost.exe
IMEO\init.exe: [Debugger] svchost.exe
IMEO\init32.exe : [Debugger] svchost.exe
IMEO\install[1].exe: [Debugger] svchost.exe
IMEO\install[2].exe: [Debugger] svchost.exe
IMEO\install[3].exe: [Debugger] svchost.exe
IMEO\install[4].exe: [Debugger] svchost.exe
IMEO\install[5].exe: [Debugger] svchost.exe
IMEO\intdel.exe: [Debugger] svchost.exe
IMEO\intren.exe: [Debugger] svchost.exe
IMEO\iomon98.exe: [Debugger] svchost.exe
IMEO\istsvc.exe: [Debugger] svchost.exe
IMEO\jammer.exe: [Debugger] svchost.exe
IMEO\jdbgmrg.exe: [Debugger] svchost.exe
IMEO\jedi.exe: [Debugger] svchost.exe
IMEO\JsRcGen.exe: [Debugger] svchost.exe
IMEO\kavlite40eng.exe: [Debugger] svchost.exe
IMEO\kavpers40eng.exe: [Debugger] svchost.exe
IMEO\kavpf.exe: [Debugger] svchost.exe
IMEO\kazza.exe: [Debugger] svchost.exe
IMEO\keenvalue.exe: [Debugger] svchost.exe
IMEO\kerio-pf-213-en-win.exe: [Debugger] svchost.exe
IMEO\kerio-wrl-421-en-win.exe: [Debugger] svchost.exe
IMEO\kerio-wrp-421-en-win.exe: [Debugger] svchost.exe
IMEO\killprocesssetup161.exe: [Debugger] svchost.exe
IMEO\ldnetmon.exe: [Debugger] svchost.exe
IMEO\ldpro.exe: [Debugger] svchost.exe
IMEO\ldpromenu.exe: [Debugger] svchost.exe
IMEO\ldscan.exe: [Debugger] svchost.exe
IMEO\licmgr.exe: [Debugger] svchost.exe
IMEO\lnetinfo.exe: [Debugger] svchost.exe
IMEO\loader.exe: [Debugger] svchost.exe
IMEO\localnet.exe: [Debugger] svchost.exe
IMEO\lockdown.exe: [Debugger] svchost.exe
IMEO\lockdown2000.exe: [Debugger] svchost.exe
IMEO\lookout.exe: [Debugger] svchost.exe
IMEO\lordpe.exe: [Debugger] svchost.exe
IMEO\lsetup.exe: [Debugger] svchost.exe
IMEO\luall.exe: [Debugger] svchost.exe
IMEO\luau.exe: [Debugger] svchost.exe
IMEO\lucomserver.exe: [Debugger] svchost.exe
IMEO\luinit.exe: [Debugger] svchost.exe
IMEO\luspt.exe: [Debugger] svchost.exe
IMEO\MalwareRemoval.exe: [Debugger] svchost.exe
IMEO\mapisvc32.exe: [Debugger] svchost.exe
IMEO\mbam.exe: [Debugger] svchost.exe
IMEO\mbamgui.exe: [Debugger] svchost.exe
IMEO\mbamservice.exe: [Debugger] svchost.exe
IMEO\mcagent.exe: [Debugger] svchost.exe
IMEO\mcmnhdlr.exe: [Debugger] svchost.exe
IMEO\mcmpeng.exe: [Debugger] svchost.exe
IMEO\mcmscsvc.exe: [Debugger] svchost.exe
IMEO\mcnasvc.exe: [Debugger] svchost.exe
IMEO\mcproxy.exe: [Debugger] svchost.exe
IMEO\McSACore.exe: [Debugger] svchost.exe
IMEO\mcshell.exe: [Debugger] svchost.exe
IMEO\mcshield.exe: [Debugger] svchost.exe
IMEO\mcsysmon.exe: [Debugger] svchost.exe
IMEO\mctool.exe: [Debugger] svchost.exe
IMEO\mcupdate.exe: [Debugger] svchost.exe
IMEO\mcvsrte.exe: [Debugger] svchost.exe
IMEO\mcvsshld.exe: [Debugger] svchost.exe
IMEO\md.exe: [Debugger] svchost.exe
IMEO\mfin32.exe: [Debugger] svchost.exe
IMEO\mfw2en.exe: [Debugger] svchost.exe
IMEO\mfweng3.02d30.exe: [Debugger] svchost.exe
IMEO\mgavrtcl.exe: [Debugger] svchost.exe
IMEO\mgavrte.exe: [Debugger] svchost.exe
IMEO\mghtml.exe: [Debugger] svchost.exe
IMEO\mgui.exe: [Debugger] svchost.exe
IMEO\minilog.exe: [Debugger] svchost.exe
IMEO\mmod.exe: [Debugger] svchost.exe
IMEO\monitor.exe: [Debugger] svchost.exe
IMEO\moolive.exe: [Debugger] svchost.exe
IMEO\mostat.exe: [Debugger] svchost.exe
IMEO\mpfagent.exe: [Debugger] svchost.exe
IMEO\mpfservice.exe: [Debugger] svchost.exe
IMEO\MPFSrv.exe: [Debugger] svchost.exe
IMEO\mpftray.exe: [Debugger] svchost.exe
IMEO\mrflux.exe: [Debugger] svchost.exe
IMEO\mrt.exe: [Debugger] svchost.exe
IMEO\msa.exe: [Debugger] svchost.exe
IMEO\msapp.exe: [Debugger] svchost.exe
IMEO\MSASCui.exe: [Debugger] svchost.exe
IMEO\msbb.exe: [Debugger] svchost.exe
IMEO\msblast.exe: [Debugger] svchost.exe
IMEO\mscache.exe: [Debugger] svchost.exe
IMEO\msccn32.exe: [Debugger] svchost.exe
IMEO\mscman.exe: [Debugger] svchost.exe
IMEO\msconfig: [Debugger] svchost.exe
IMEO\msdm.exe: [Debugger] svchost.exe
IMEO\msdos.exe: [Debugger] svchost.exe
IMEO\msiexec16.exe: [Debugger] svchost.exe
IMEO\mslaugh.exe: [Debugger] svchost.exe
IMEO\msmgt.exe: [Debugger] svchost.exe
IMEO\msmsgri32.exe: [Debugger] svchost.exe
IMEO\msseces.exe: [Debugger] svchost.exe
IMEO\mssmmc32.exe: [Debugger] svchost.exe
IMEO\mssys.exe: [Debugger] svchost.exe
IMEO\msvxd.exe: [Debugger] svchost.exe
IMEO\mu0311ad.exe: [Debugger] svchost.exe
IMEO\mwatch.exe: [Debugger] svchost.exe
IMEO\n32scanw.exe: [Debugger] svchost.exe
IMEO\nav.exe: [Debugger] svchost.exe
IMEO\navap.navapsvc.exe: [Debugger] svchost.exe
IMEO\navapsvc.exe: [Debugger] svchost.exe
IMEO\navapw32.exe: [Debugger] svchost.exe
IMEO\navdx.exe: [Debugger] svchost.exe
IMEO\navlu32.exe: [Debugger] svchost.exe
IMEO\navnt.exe: [Debugger] svchost.exe
IMEO\navstub.exe: [Debugger] svchost.exe
IMEO\navw32.exe: [Debugger] svchost.exe
IMEO\navwnt.exe: [Debugger] svchost.exe
IMEO\nc2000.exe: [Debugger] svchost.exe
IMEO\ncinst4.exe: [Debugger] svchost.exe
IMEO\ndd32.exe: [Debugger] svchost.exe
IMEO\neomonitor.exe: [Debugger] svchost.exe
IMEO\neowatchlog.exe: [Debugger] svchost.exe
IMEO\netarmor.exe: [Debugger] svchost.exe
IMEO\netd32.exe: [Debugger] svchost.exe
IMEO\netinfo.exe: [Debugger] svchost.exe
IMEO\netmon.exe: [Debugger] svchost.exe
IMEO\netscanpro.exe: [Debugger] svchost.exe
IMEO\netspyhunter-1.2.exe: [Debugger] svchost.exe
IMEO\netutils.exe: [Debugger] svchost.exe
IMEO\nisserv.exe: [Debugger] svchost.exe
IMEO\nisum.exe: [Debugger] svchost.exe
IMEO\nmain.exe: [Debugger] svchost.exe
IMEO\nod32.exe: [Debugger] svchost.exe
IMEO\normist.exe: [Debugger] svchost.exe
IMEO\norton_internet_secu_3.0_407.exe: [Debugger] svchost.exe
IMEO\notstart.exe: [Debugger] svchost.exe
IMEO\npf40_tw_98_nt_me_2k.exe: [Debugger] svchost.exe
IMEO\npfmessenger.exe: [Debugger] svchost.exe
IMEO\nprotect.exe: [Debugger] svchost.exe
IMEO\npscheck.exe: [Debugger] svchost.exe
IMEO\npssvc.exe: [Debugger] svchost.exe
IMEO\nsched32.exe: [Debugger] svchost.exe
IMEO\nssys32.exe: [Debugger] svchost.exe
IMEO\nstask32.exe: [Debugger] svchost.exe
IMEO\nsupdate.exe: [Debugger] svchost.exe
IMEO\nt.exe: [Debugger] svchost.exe
IMEO\ntrtscan.exe: [Debugger] svchost.exe
IMEO\ntvdm.exe: [Debugger] svchost.exe
IMEO\ntxconfig.exe: [Debugger] svchost.exe
IMEO\nui.exe: [Debugger] svchost.exe
IMEO\nupgrade.exe: [Debugger] svchost.exe
IMEO\nvarch16.exe: [Debugger] svchost.exe
IMEO\nvc95.exe: [Debugger] svchost.exe
IMEO\nvsvc32.exe: [Debugger] svchost.exe
IMEO\nwinst4.exe: [Debugger] svchost.exe
IMEO\nwservice.exe: [Debugger] svchost.exe
IMEO\nwtool16.exe: [Debugger] svchost.exe
IMEO\OAcat.exe: [Debugger] svchost.exe
IMEO\OAhlp.exe: [Debugger] svchost.exe
IMEO\OAReg.exe: [Debugger] svchost.exe
IMEO\oasrv.exe: [Debugger] svchost.exe
IMEO\oaui.exe: [Debugger] svchost.exe
IMEO\oaview.exe: [Debugger] svchost.exe
IMEO\ODSW.exe: [Debugger] svchost.exe
IMEO\ollydbg.exe: [Debugger] svchost.exe
IMEO\onsrvr.exe: [Debugger] svchost.exe
IMEO\optimize.exe: [Debugger] svchost.exe
IMEO\ostronet.exe: [Debugger] svchost.exe
IMEO\otfix.exe: [Debugger] svchost.exe
IMEO\outpost.exe: [Debugger] svchost.exe
IMEO\outpostinstall.exe: [Debugger] svchost.exe
IMEO\outpostproinstall.exe: [Debugger] svchost.exe
IMEO\ozn695m5.exe: [Debugger] svchost.exe
IMEO\padmin.exe: [Debugger] svchost.exe
IMEO\panixk.exe: [Debugger] svchost.exe
IMEO\patch.exe: [Debugger] svchost.exe
IMEO\pav.exe: [Debugger] svchost.exe
IMEO\pavcl.exe: [Debugger] svchost.exe
IMEO\PavFnSvr.exe: [Debugger] svchost.exe
IMEO\pavproxy.exe: [Debugger] svchost.exe
IMEO\pavprsrv.exe: [Debugger] svchost.exe
IMEO\pavsched.exe: [Debugger] svchost.exe
IMEO\pavsrv51.exe: [Debugger] svchost.exe
IMEO\pavw.exe: [Debugger] svchost.exe
IMEO\pc.exe: [Debugger] svchost.exe
IMEO\pccwin98.exe: [Debugger] svchost.exe
IMEO\pcfwallicon.exe: [Debugger] svchost.exe
IMEO\pcip10117_0.exe: [Debugger] svchost.exe
IMEO\pcscan.exe: [Debugger] svchost.exe
IMEO\pctsAuxs.exe: [Debugger] svchost.exe
IMEO\pctsGui.exe: [Debugger] svchost.exe
IMEO\pctsSvc.exe: [Debugger] svchost.exe
IMEO\pctsTray.exe: [Debugger] svchost.exe
IMEO\PC_Antispyware2010.exe: [Debugger] svchost.exe
IMEO\pdfndr.exe: [Debugger] svchost.exe
IMEO\pdsetup.exe: [Debugger] svchost.exe
IMEO\PerAvir.exe: [Debugger] svchost.exe
IMEO\periscope.exe: [Debugger] svchost.exe
IMEO\persfw.exe: [Debugger] svchost.exe
IMEO\personalguard: [Debugger] svchost.exe
IMEO\personalguard.exe: [Debugger] svchost.exe
IMEO\perswf.exe: [Debugger] svchost.exe
IMEO\pf2.exe: [Debugger] svchost.exe
IMEO\pfwadmin.exe: [Debugger] svchost.exe
IMEO\pgmonitr.exe: [Debugger] svchost.exe
IMEO\pingscan.exe: [Debugger] svchost.exe
IMEO\platin.exe: [Debugger] svchost.exe
IMEO\pop3trap.exe: [Debugger] svchost.exe
IMEO\poproxy.exe: [Debugger] svchost.exe
IMEO\popscan.exe: [Debugger] svchost.exe
IMEO\portdetective.exe: [Debugger] svchost.exe
IMEO\portmonitor.exe: [Debugger] svchost.exe
IMEO\powerscan.exe: [Debugger] svchost.exe
IMEO\ppinupdt.exe: [Debugger] svchost.exe
IMEO\pptbc.exe: [Debugger] svchost.exe
IMEO\ppvstop.exe: [Debugger] svchost.exe
IMEO\prizesurfer.exe: [Debugger] svchost.exe
IMEO\prmt.exe: [Debugger] svchost.exe
IMEO\prmvr.exe: [Debugger] svchost.exe
IMEO\procdump.exe: [Debugger] svchost.exe
IMEO\processmonitor.exe: [Debugger] svchost.exe
IMEO\procexplorerv1.0.exe: [Debugger] svchost.exe
IMEO\programauditor.exe: [Debugger] svchost.exe
IMEO\proport.exe: [Debugger] svchost.exe
IMEO\protector.exe: [Debugger] svchost.exe
IMEO\protectx.exe: [Debugger] svchost.exe
IMEO\PSANCU.exe: [Debugger] svchost.exe
IMEO\PSANHost.exe: [Debugger] svchost.exe
IMEO\PSANToManager.exe: [Debugger] svchost.exe
IMEO\PsCtrls.exe: [Debugger] svchost.exe
IMEO\PsImSvc.exe: [Debugger] svchost.exe
IMEO\PskSvc.exe: [Debugger] svchost.exe
IMEO\pspf.exe: [Debugger] svchost.exe
IMEO\PSUNMain.exe: [Debugger] svchost.exe
IMEO\purge.exe: [Debugger] svchost.exe
IMEO\qconsole.exe: [Debugger] svchost.exe
IMEO\qh.exe: [Debugger] svchost.exe
IMEO\qserver.exe: [Debugger] svchost.exe
IMEO\Quick Heal.exe: [Debugger] svchost.exe
IMEO\QuickHealCleaner.exe: [Debugger] svchost.exe
IMEO\rapapp.exe: [Debugger] svchost.exe
IMEO\rav7.exe: [Debugger] svchost.exe
IMEO\rav7win.exe: [Debugger] svchost.exe
IMEO\rav8win32eng.exe: [Debugger] svchost.exe
IMEO\ray.exe: [Debugger] svchost.exe
IMEO\rb32.exe: [Debugger] svchost.exe
IMEO\rcsync.exe: [Debugger] svchost.exe
IMEO\realmon.exe: [Debugger] svchost.exe
IMEO\reged.exe: [Debugger] svchost.exe
IMEO\regedt32.exe: [Debugger] svchost.exe
IMEO\rescue.exe: [Debugger] svchost.exe
IMEO\rescue32.exe: [Debugger] svchost.exe
IMEO\rrguard.exe: [Debugger] svchost.exe
IMEO\rscdwld.exe: [Debugger] svchost.exe
IMEO\rshell.exe: [Debugger] svchost.exe
IMEO\rtvscan.exe: [Debugger] svchost.exe
IMEO\rtvscn95.exe: [Debugger] svchost.exe
IMEO\rulaunch.exe: [Debugger] svchost.exe
IMEO\rwg: [Debugger] svchost.exe
IMEO\rwg.exe: [Debugger] svchost.exe
IMEO\SafetyKeeper.exe: [Debugger] svchost.exe
IMEO\safeweb.exe: [Debugger] svchost.exe
IMEO\sahagent.exe: [Debugger] svchost.exe
IMEO\Save.exe: [Debugger] svchost.exe
IMEO\SaveArmor.exe: [Debugger] svchost.exe
IMEO\SaveDefense.exe: [Debugger] svchost.exe
IMEO\SaveKeep.exe: [Debugger] svchost.exe
IMEO\savenow.exe: [Debugger] svchost.exe
IMEO\sbserv.exe: [Debugger] svchost.exe
IMEO\sc.exe: [Debugger] svchost.exe
IMEO\scam32.exe: [Debugger] svchost.exe
IMEO\scan32.exe: [Debugger] svchost.exe
IMEO\scan95.exe: [Debugger] svchost.exe
IMEO\scanpm.exe: [Debugger] svchost.exe
IMEO\scrscan.exe: [Debugger] svchost.exe
IMEO\Secure Veteran.exe: [Debugger] svchost.exe
IMEO\secureveteran.exe: [Debugger] svchost.exe
IMEO\Security Center.exe: [Debugger] svchost.exe
IMEO\SecurityFighter.exe: [Debugger] svchost.exe
IMEO\securitysoldier.exe: [Debugger] svchost.exe
IMEO\serv95.exe: [Debugger] svchost.exe
IMEO\setloadorder.exe: [Debugger] svchost.exe
IMEO\setupvameeval.exe: [Debugger] svchost.exe
IMEO\setup_flowprotector_us.exe: [Debugger] svchost.exe
IMEO\sgssfw32.exe: [Debugger] svchost.exe
IMEO\sh.exe: [Debugger] svchost.exe
IMEO\shellspyinstall.exe: [Debugger] svchost.exe
IMEO\shield.exe: [Debugger] svchost.exe
IMEO\shn.exe: [Debugger] svchost.exe
IMEO\showbehind.exe: [Debugger] svchost.exe
IMEO\signcheck.exe: [Debugger] svchost.exe
IMEO\smart.exe: [Debugger] svchost.exe
IMEO\smartprotector.exe: [Debugger] svchost.exe
IMEO\smc.exe: [Debugger] svchost.exe
IMEO\smrtdefp.exe: [Debugger] svchost.exe
IMEO\sms.exe: [Debugger] svchost.exe
IMEO\smss32.exe: [Debugger] svchost.exe
IMEO\snetcfg.exe: [Debugger] svchost.exe
IMEO\soap.exe: [Debugger] svchost.exe
IMEO\sofi.exe: [Debugger] svchost.exe
IMEO\SoftSafeness.exe: [Debugger] svchost.exe
IMEO\sperm.exe: [Debugger] svchost.exe
IMEO\spf.exe: [Debugger] svchost.exe
IMEO\sphinx.exe: [Debugger] svchost.exe
IMEO\spoler.exe: [Debugger] svchost.exe
IMEO\spoolcv.exe: [Debugger] svchost.exe
IMEO\spoolsv32.exe: [Debugger] svchost.exe
IMEO\spywarexpguard.exe: [Debugger] svchost.exe
IMEO\spyxx.exe: [Debugger] svchost.exe
IMEO\srexe.exe: [Debugger] svchost.exe
IMEO\srng.exe: [Debugger] svchost.exe
IMEO\ss3edit.exe: [Debugger] svchost.exe
IMEO\ssgrate.exe: [Debugger] svchost.exe
IMEO\ssg_4104.exe: [Debugger] svchost.exe
IMEO\st2.exe: [Debugger] svchost.exe
IMEO\start.exe: [Debugger] svchost.exe
IMEO\stcloader.exe: [Debugger] svchost.exe
IMEO\supftrl.exe: [Debugger] svchost.exe
IMEO\support.exe: [Debugger] svchost.exe
IMEO\supporter5.exe: [Debugger] svchost.exe
IMEO\svc.exe: [Debugger] svchost.exe
IMEO\svchostc.exe: [Debugger] svchost.exe
IMEO\svchosts.exe: [Debugger] svchost.exe
IMEO\svshost.exe: [Debugger] svchost.exe
IMEO\sweep95.exe: [Debugger] svchost.exe
IMEO\sweepnet.sweepsrv.sys.swnetsup.exe: [Debugger] svchost.exe
IMEO\symlcsvc.exe: [Debugger] svchost.exe
IMEO\symproxysvc.exe: [Debugger] svchost.exe
IMEO\symtray.exe: [Debugger] svchost.exe
IMEO\system.exe: [Debugger] svchost.exe
IMEO\system32.exe: [Debugger] svchost.exe
IMEO\sysupd.exe: [Debugger] svchost.exe
IMEO\tapinstall.exe: [Debugger] svchost.exe
IMEO\taumon.exe: [Debugger] svchost.exe
IMEO\tbscan.exe: [Debugger] svchost.exe
IMEO\tc.exe: [Debugger] svchost.exe
IMEO\tca.exe: [Debugger] svchost.exe
IMEO\tcm.exe: [Debugger] svchost.exe
IMEO\tds-3.exe: [Debugger] svchost.exe
IMEO\tds2-98.exe: [Debugger] svchost.exe
IMEO\tds2-nt.exe: [Debugger] svchost.exe
IMEO\teekids.exe: [Debugger] svchost.exe
IMEO\tfak.exe: [Debugger] svchost.exe
IMEO\tfak5.exe: [Debugger] svchost.exe
IMEO\tgbob.exe: [Debugger] svchost.exe
IMEO\titanin.exe: [Debugger] svchost.exe
IMEO\titaninxp.exe: [Debugger] svchost.exe
IMEO\TPSrv.exe: [Debugger] svchost.exe
IMEO\trickler.exe: [Debugger] svchost.exe
IMEO\trjscan.exe: [Debugger] svchost.exe
IMEO\trjsetup.exe: [Debugger] svchost.exe
IMEO\trojantrap3.exe: [Debugger] svchost.exe
IMEO\TrustWarrior.exe: [Debugger] svchost.exe
IMEO\tsadbot.exe: [Debugger] svchost.exe
IMEO\tsc.exe: [Debugger] svchost.exe
IMEO\tvmd.exe: [Debugger] svchost.exe
IMEO\tvtmd.exe: [Debugger] svchost.exe
IMEO\undoboot.exe: [Debugger] svchost.exe
IMEO\updat.exe: [Debugger] svchost.exe
IMEO\upgrad.exe: [Debugger] svchost.exe
IMEO\utpost.exe: [Debugger] svchost.exe
IMEO\vbcmserv.exe: [Debugger] svchost.exe
IMEO\vbcons.exe: [Debugger] svchost.exe
IMEO\vbust.exe: [Debugger] svchost.exe
IMEO\vbwin9x.exe: [Debugger] svchost.exe
IMEO\vbwinntw.exe: [Debugger] svchost.exe
IMEO\vcsetup.exe: [Debugger] svchost.exe
IMEO\vet32.exe: [Debugger] svchost.exe
IMEO\vet95.exe: [Debugger] svchost.exe
IMEO\vettray.exe: [Debugger] svchost.exe
IMEO\vfsetup.exe: [Debugger] svchost.exe
IMEO\vir-help.exe: [Debugger] svchost.exe
IMEO\virusmdpersonalfirewall.exe: [Debugger] svchost.exe
IMEO\VisthAux.exe: [Debugger] svchost.exe
IMEO\VisthLic.exe: [Debugger] svchost.exe
IMEO\VisthUpd.exe: [Debugger] svchost.exe
IMEO\vnlan300.exe: [Debugger] svchost.exe
IMEO\vnpc3000.exe: [Debugger] svchost.exe
IMEO\vpc32.exe: [Debugger] svchost.exe
IMEO\vpc42.exe: [Debugger] svchost.exe
IMEO\vpfw30s.exe: [Debugger] svchost.exe
IMEO\vptray.exe: [Debugger] svchost.exe
IMEO\vscan40.exe: [Debugger] svchost.exe
IMEO\vscenu6.02d30.exe: [Debugger] svchost.exe
IMEO\vsched.exe: [Debugger] svchost.exe
IMEO\vsecomr.exe: [Debugger] svchost.exe
IMEO\vshwin32.exe: [Debugger] svchost.exe
IMEO\vsisetup.exe: [Debugger] svchost.exe
IMEO\vsmain.exe: [Debugger] svchost.exe
IMEO\vsmon.exe: [Debugger] svchost.exe
IMEO\vsstat.exe: [Debugger] svchost.exe
IMEO\vswin9xe.exe: [Debugger] svchost.exe
IMEO\vswinntse.exe: [Debugger] svchost.exe
IMEO\vswinperse.exe: [Debugger] svchost.exe
IMEO\w32dsm89.exe: [Debugger] svchost.exe
IMEO\W3asbas.exe: [Debugger] svchost.exe
IMEO\w9x.exe: [Debugger] svchost.exe
IMEO\watchdog.exe: [Debugger] svchost.exe
IMEO\webdav.exe: [Debugger] svchost.exe
IMEO\WebProxy.exe: [Debugger] svchost.exe
IMEO\webscanx.exe: [Debugger] svchost.exe
IMEO\webtrap.exe: [Debugger] svchost.exe
IMEO\wfindv32.exe: [Debugger] svchost.exe
IMEO\whoswatchingme.exe: [Debugger] svchost.exe
IMEO\wimmun32.exe: [Debugger] svchost.exe
IMEO\win-bugsfix.exe: [Debugger] svchost.exe
IMEO\win32.exe: [Debugger] svchost.exe
IMEO\win32us.exe: [Debugger] svchost.exe
IMEO\winactive.exe: [Debugger] svchost.exe
IMEO\winav.exe: [Debugger] svchost.exe
IMEO\windll32.exe: [Debugger] svchost.exe
IMEO\window.exe: [Debugger] svchost.exe
IMEO\windows Police Pro.exe: [Debugger] svchost.exe
IMEO\windows.exe: [Debugger] svchost.exe
IMEO\wininetd.exe: [Debugger] svchost.exe
IMEO\wininitx.exe: [Debugger] svchost.exe
IMEO\winlogin.exe: [Debugger] svchost.exe
IMEO\winmain.exe: [Debugger] svchost.exe
IMEO\winppr32.exe: [Debugger] svchost.exe
IMEO\winrecon.exe: [Debugger] svchost.exe
IMEO\winservn.exe: [Debugger] svchost.exe
IMEO\winssk32.exe: [Debugger] svchost.exe
IMEO\winstart.exe: [Debugger] svchost.exe
IMEO\winstart001.exe: [Debugger] svchost.exe
IMEO\wintsk32.exe: [Debugger] svchost.exe
IMEO\winupdate.exe: [Debugger] svchost.exe
IMEO\wkufind.exe: [Debugger] svchost.exe
IMEO\wnad.exe: [Debugger] svchost.exe
IMEO\wnt.exe: [Debugger] svchost.exe
IMEO\wradmin.exe: [Debugger] svchost.exe
IMEO\wrctrl.exe: [Debugger] svchost.exe
IMEO\wsbgate.exe: [Debugger] svchost.exe
IMEO\wscfxas.exe: [Debugger] svchost.exe
IMEO\wscfxav.exe: [Debugger] svchost.exe
IMEO\wscfxfw.exe: [Debugger] svchost.exe
IMEO\wsctool.exe: [Debugger] svchost.exe
IMEO\wupdater.exe: [Debugger] svchost.exe
IMEO\wupdt.exe: [Debugger] svchost.exe
IMEO\wyvernworksfirewall.exe: [Debugger] svchost.exe
IMEO\xpdeluxe.exe: [Debugger] svchost.exe
IMEO\xpf202en.exe: [Debugger] svchost.exe
IMEO\xp_antispyware.exe: [Debugger] svchost.exe
IMEO\zapro.exe: [Debugger] svchost.exe
IMEO\zapsetup3001.exe: [Debugger] svchost.exe
IMEO\zatutor.exe: [Debugger] svchost.exe
IMEO\zonalm2601.exe: [Debugger] svchost.exe
IMEO\zonealarm.exe: [Debugger] svchost.exe
IMEO\_avp32.exe: [Debugger] svchost.exe
IMEO\_avpcc.exe: [Debugger] svchost.exe
IMEO\_avpm.exe: [Debugger] svchost.exe
IMEO\~1.exe: [Debugger] svchost.exe
IMEO\~2.exe: [Debugger] svchost.exe
End
Dakeyras
2013-04-07, 21:42
Hi. :)
When I rebooted the machine the fake screen is still there..
Also there is a text box on the screen that says "Select a Video Device:".
One other thing I should tell you the touch pad on the infected machine is not working at times I had to connect a mouse.
Acknowledged...
On closing one screen it said "No fixlist.txt found. The fixlist.txt should be made and saved in the same directory the tool is located."
OK we will take a slightly different approach with regard to running the Custom FRST Script and just that for now as follows...
Custom FRST Script:
Please empty your flash-drive as in delete everything that may be on it apart from frst64.exe.
Open notepad (Start >> All Programs >> Accessories >> Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Start
HKU\Shermqn Cooper\...\Run: [Conduit] rundll32.exe "C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll",RunNtServiceW [348672 2012-11-18] (The GTK developer
HKU\Shermqn Cooper\...\Policies\system: [DisableRegedit] 0
HKU\Shermqn Cooper\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs [x ] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [x]
3 X6va005; \??\C:\Users\SHERMQ~1\AppData\Local\Temp\005A236.tmp [x]
3 X6va006; \??\C:\Users\SHERMQ~1\AppData\Local\Temp\0064119.tmp [x]
3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
2013-04-05 06:58 - 2012-12-30 16:31 - 00113664 ____A (Usip) C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs.exe
2013-04-05 06:58 - 2012-12-30 16:15 - 00113664 ____A (Usip) C:\Users\Shermqn Cooper\AppData\Local\_bd_uylzs.exe
2013-04-05 06:53 - 2012-12-30 16:15 - 00113664 ____A (Usip) C:\ProgramData\_bd_uylzs.exe
Startup: C:\Users\Shermqn Cooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe ()
IMEO\a.exe: [Debugger] svchost.exe
IMEO\aAvgApi.exe: [Debugger] svchost.exe
IMEO\AAWTray.exe: [Debugger] svchost.exe
IMEO\About.exe: [Debugger] svchost.exe
IMEO\ackwin32.exe: [Debugger] svchost.exe
IMEO\Ad-Aware.exe: [Debugger] svchost.exe
IMEO\adaware.exe: [Debugger] svchost.exe
IMEO\advxdwin.exe: [Debugger] svchost.exe
IMEO\AdwarePrj.exe: [Debugger] svchost.exe
IMEO\agent.exe: [Debugger] svchost.exe
IMEO\agentsvr.exe: [Debugger] svchost.exe
IMEO\agentw.exe: [Debugger] svchost.exe
IMEO\alertsvc.exe: [Debugger] svchost.exe
IMEO\alevir.exe: [Debugger] svchost.exe
IMEO\alogserv.exe: [Debugger] svchost.exe
IMEO\AlphaAV: [Debugger] svchost.exe
IMEO\AlphaAV.exe: [Debugger] svchost.exe
IMEO\AluSchedulerSvc.exe: [Debugger] svchost.exe
IMEO\amon9x.exe: [Debugger] svchost.exe
IMEO\anti-trojan.exe: [Debugger] svchost.exe
IMEO\Anti-Virus Professional.exe: [Debugger] svchost.exe
IMEO\AntispywarXP2009.exe: [Debugger] svchost.exe
IMEO\antivirus.exe: [Debugger] svchost.exe
IMEO\AntivirusPlus: [Debugger] svchost.exe
IMEO\AntivirusPlus.exe: [Debugger] svchost.exe
IMEO\AntivirusPro_2010.exe: [Debugger] svchost.exe
IMEO\AntivirusXP: [Debugger] svchost.exe
IMEO\AntivirusXP.exe: [Debugger] svchost.exe
IMEO\antivirusxppro2009.exe: [Debugger] svchost.exe
IMEO\AntiVirus_Pro.exe: [Debugger] svchost.exe
IMEO\ants.exe: [Debugger] svchost.exe
IMEO\apimonitor.exe: [Debugger] svchost.exe
IMEO\aplica32.exe: [Debugger] svchost.exe
IMEO\apvxdwin.exe: [Debugger] svchost.exe
IMEO\arr.exe: [Debugger] svchost.exe
IMEO\ashAvast.exe: [Debugger] svchost.exe
IMEO\ashBug.exe: [Debugger] svchost.exe
IMEO\ashChest.exe: [Debugger] svchost.exe
IMEO\ashCnsnt.exe: [Debugger] svchost.exe
IMEO\ashDisp.exe: [Debugger] svchost.exe
IMEO\ashLogV.exe: [Debugger] svchost.exe
IMEO\ashMaiSv.exe: [Debugger] svchost.exe
IMEO\ashPopWz.exe: [Debugger] svchost.exe
IMEO\ashQuick.exe: [Debugger] svchost.exe
IMEO\ashServ.exe: [Debugger] svchost.exe
IMEO\ashSimp2.exe: [Debugger] svchost.exe
IMEO\ashSimpl.exe: [Debugger] svchost.exe
IMEO\ashSkPcc.exe: [Debugger] svchost.exe
IMEO\ashSkPck.exe: [Debugger] svchost.exe
IMEO\ashUpd.exe: [Debugger] svchost.exe
IMEO\ashWebSv.exe: [Debugger] svchost.exe
IMEO\aswChLic.exe: [Debugger] svchost.exe
IMEO\aswRegSvr.exe: [Debugger] svchost.exe
IMEO\aswRunDll.exe: [Debugger] svchost.exe
IMEO\aswUpdSv.exe: [Debugger] svchost.exe
IMEO\atcon.exe: [Debugger] svchost.exe
IMEO\atguard.exe: [Debugger] svchost.exe
IMEO\atro55en.exe: [Debugger] svchost.exe
IMEO\atupdater.exe: [Debugger] svchost.exe
IMEO\atwatch.exe: [Debugger] svchost.exe
IMEO\au.exe: [Debugger] svchost.exe
IMEO\aupdate.exe: [Debugger] svchost.exe
IMEO\auto-protect.nav80try.exe: [Debugger] svchost.exe
IMEO\autodown.exe: [Debugger] svchost.exe
IMEO\autotrace.exe: [Debugger] svchost.exe
IMEO\autoupdate.exe: [Debugger] svchost.exe
IMEO\av360.exe: [Debugger] svchost.exe
IMEO\avadmin.exe: [Debugger] svchost.exe
IMEO\avastSvc.exe: [Debugger] svchost.exe
IMEO\avastUI.exe: [Debugger] svchost.exe
IMEO\AVCare.exe: [Debugger] svchost.exe
IMEO\avcenter.exe: [Debugger] svchost.exe
IMEO\avciman.exe: [Debugger] svchost.exe
IMEO\avconfig.exe: [Debugger] svchost.exe
IMEO\avconsol.exe: [Debugger] svchost.exe
IMEO\ave32.exe: [Debugger] svchost.exe
IMEO\AVENGINE.EXE: [Debugger] svchost.exe
IMEO\avgcc32.exe: [Debugger] svchost.exe
IMEO\avgchk.exe: [Debugger] svchost.exe
IMEO\avgcmgr.exe: [Debugger] svchost.exe
IMEO\avgcsrvx.exe: [Debugger] svchost.exe
IMEO\avgctrl.exe: [Debugger] svchost.exe
IMEO\avgdumpx.exe: [Debugger] svchost.exe
IMEO\avgemc.exe: [Debugger] svchost.exe
IMEO\avgiproxy.exe: [Debugger] svchost.exe
IMEO\avgnsx.exe: [Debugger] svchost.exe
IMEO\avgnt.exe: [Debugger] svchost.exe
IMEO\avgrsx.exe: [Debugger] svchost.exe
IMEO\avgscanx.exe: [Debugger] svchost.exe
IMEO\avgserv.exe: [Debugger] svchost.exe
IMEO\avgserv9.exe: [Debugger] svchost.exe
IMEO\avgsrmax.exe: [Debugger] svchost.exe
IMEO\avgtray.exe: [Debugger] svchost.exe
IMEO\avguard.exe: [Debugger] svchost.exe
IMEO\avgui.exe: [Debugger] svchost.exe
IMEO\avgupd.exe: [Debugger] svchost.exe
IMEO\avgw.exe: [Debugger] svchost.exe
IMEO\avgwdsvc.exe: [Debugger] svchost.exe
IMEO\avkpop.exe: [Debugger] svchost.exe
IMEO\avkserv.exe: [Debugger] svchost.exe
IMEO\avkservice.exe: [Debugger] svchost.exe
IMEO\avkwctl9.exe: [Debugger] svchost.exe
IMEO\avltmain.exe: [Debugger] svchost.exe
IMEO\avmailc.exe: [Debugger] svchost.exe
IMEO\avmcdlg.exe: [Debugger] svchost.exe
IMEO\avnotify.exe: [Debugger] svchost.exe
IMEO\avnt.exe: [Debugger] svchost.exe
IMEO\avp32.exe: [Debugger] svchost.exe
IMEO\avpcc.exe: [Debugger] svchost.exe
IMEO\avpdos32.exe: [Debugger] svchost.exe
IMEO\avpm.exe: [Debugger] svchost.exe
IMEO\avptc32.exe: [Debugger] svchost.exe
IMEO\avpupd.exe: [Debugger] svchost.exe
IMEO\avsched32.exe: [Debugger] svchost.exe
IMEO\avshadow.exe: [Debugger] svchost.exe
IMEO\avsynmgr.exe: [Debugger] svchost.exe
IMEO\avupgsvc.exe: [Debugger] svchost.exe
IMEO\AVWEBGRD.EXE: [Debugger] svchost.exe
IMEO\avwin.exe: [Debugger] svchost.exe
IMEO\avwin95.exe: [Debugger] svchost.exe
IMEO\avwinnt.exe: [Debugger] svchost.exe
IMEO\avwsc.exe: [Debugger] svchost.exe
IMEO\avwupd.exe: [Debugger] svchost.exe
IMEO\avwupd32.exe: [Debugger] svchost.exe
IMEO\avwupsrv.exe: [Debugger] svchost.exe
IMEO\avxmonitor9x.exe: [Debugger] svchost.exe
IMEO\avxmonitornt.exe: [Debugger] svchost.exe
IMEO\avxquar.exe: [Debugger] svchost.exe
IMEO\b.exe: [Debugger] svchost.exe
IMEO\backweb.exe: [Debugger] svchost.exe
IMEO\bargains.exe: [Debugger] svchost.exe
IMEO\bdfvcl.exe: [Debugger] svchost.exe
IMEO\bdfvwiz.exe: [Debugger] svchost.exe
IMEO\BDInProcPatch.exe: [Debugger] svchost.exe
IMEO\bdmcon.exe: [Debugger] svchost.exe
IMEO\BDMsnScan.exe: [Debugger] svchost.exe
IMEO\BDSurvey.exe: [Debugger] svchost.exe
IMEO\bd_professional.exe: [Debugger] svchost.exe
IMEO\beagle.exe: [Debugger] svchost.exe
IMEO\belt.exe: [Debugger] svchost.exe
IMEO\bidef.exe: [Debugger] svchost.exe
IMEO\bidserver.exe: [Debugger] svchost.exe
IMEO\bipcp.exe: [Debugger] svchost.exe
IMEO\bipcpevalsetup.exe: [Debugger] svchost.exe
IMEO\bisp.exe: [Debugger] svchost.exe
IMEO\blackd.exe: [Debugger] svchost.exe
IMEO\blackice.exe: [Debugger] svchost.exe
IMEO\blink.exe: [Debugger] svchost.exe
IMEO\blss.exe: [Debugger] svchost.exe
IMEO\bootconf.exe: [Debugger] svchost.exe
IMEO\bootwarn.exe: [Debugger] svchost.exe
IMEO\borg2.exe: [Debugger] svchost.exe
IMEO\bpc.exe: [Debugger] svchost.exe
IMEO\brasil.exe: [Debugger] svchost.exe
IMEO\brastk.exe: [Debugger] svchost.exe
IMEO\brw.exe: [Debugger] svchost.exe
IMEO\bs120.exe: [Debugger] svchost.exe
IMEO\bspatch.exe: [Debugger] svchost.exe
IMEO\bundle.exe: [Debugger] svchost.exe
IMEO\bvt.exe: [Debugger] svchost.exe
IMEO\c.exe: [Debugger] svchost.exe
IMEO\cavscan.exe: [Debugger] svchost.exe
IMEO\ccapp.exe: [Debugger] svchost.exe
IMEO\ccevtmgr.exe: [Debugger] svchost.exe
IMEO\ccpxysvc.exe: [Debugger] svchost.exe
IMEO\ccSvcHst.exe: [Debugger] svchost.exe
IMEO\cdp.exe: [Debugger] svchost.exe
IMEO\cfd.exe: [Debugger] svchost.exe
IMEO\cfgwiz.exe: [Debugger] svchost.exe
IMEO\cfiadmin.exe: [Debugger] svchost.exe
IMEO\cfiaudit.exe: [Debugger] svchost.exe
IMEO\cfinet.exe: [Debugger] svchost.exe
IMEO\cfinet32.exe: [Debugger] svchost.exe
IMEO\cfp.exe: [Debugger] svchost.exe
IMEO\cfpconfg.exe: [Debugger] svchost.exe
IMEO\cfplogvw.exe: [Debugger] svchost.exe
IMEO\cfpupdat.exe: [Debugger] svchost.exe
IMEO\claw95.exe: [Debugger] svchost.exe
IMEO\claw95cf.exe: [Debugger] svchost.exe
IMEO\clean.exe: [Debugger] svchost.exe
IMEO\cleaner.exe: [Debugger] svchost.exe
IMEO\cleaner3.exe: [Debugger] svchost.exe
IMEO\cleanIELow.exe: [Debugger] svchost.exe
IMEO\cleanpc.exe: [Debugger] svchost.exe
IMEO\click.exe: [Debugger] svchost.exe
IMEO\cmd32.exe: [Debugger] svchost.exe
IMEO\cmdagent.exe: [Debugger] svchost.exe
IMEO\cmesys.exe: [Debugger] svchost.exe
IMEO\cmgrdian.exe: [Debugger] svchost.exe
IMEO\cmon016.exe: [Debugger] svchost.exe
IMEO\connectionmonitor.exe: [Debugger] svchost.exe
IMEO\control: [Debugger] svchost.exe
IMEO\cpd.exe: [Debugger] svchost.exe
IMEO\cpf9x206.exe: [Debugger] svchost.exe
IMEO\cpfnt206.exe: [Debugger] svchost.exe
IMEO\crashrep.exe: [Debugger] svchost.exe
IMEO\csc.exe: [Debugger] svchost.exe
IMEO\cssconfg.exe: [Debugger] svchost.exe
IMEO\cssupdat.exe: [Debugger] svchost.exe
IMEO\cssurf.exe: [Debugger] svchost.exe
IMEO\ctrl.exe: [Debugger] svchost.exe
IMEO\cv.exe: [Debugger] svchost.exe
IMEO\cwnb181.exe: [Debugger] svchost.exe
IMEO\cwntdwmo.exe: [Debugger] svchost.exe
IMEO\d.exe: [Debugger] svchost.exe
IMEO\datemanager.exe: [Debugger] svchost.exe
IMEO\dcomx.exe: [Debugger] svchost.exe
IMEO\defalert.exe: [Debugger] svchost.exe
IMEO\defscangui.exe: [Debugger] svchost.exe
IMEO\defwatch.exe: [Debugger] svchost.exe
IMEO\deloeminfs.exe: [Debugger] svchost.exe
IMEO\deputy.exe: [Debugger] svchost.exe
IMEO\divx.exe: [Debugger] svchost.exe
IMEO\dllcache.exe: [Debugger] svchost.exe
IMEO\dllreg.exe: [Debugger] svchost.exe
IMEO\doors.exe: [Debugger] svchost.exe
IMEO\dop.exe: [Debugger] svchost.exe
IMEO\dpf.exe: [Debugger] svchost.exe
IMEO\dpfsetup.exe: [Debugger] svchost.exe
IMEO\dpps2.exe: [Debugger] svchost.exe
IMEO\driverctrl.exe: [Debugger] svchost.exe
IMEO\drwatson.exe: [Debugger] svchost.exe
IMEO\drweb32.exe: [Debugger] svchost.exe
IMEO\drwebupw.exe: [Debugger] svchost.exe
IMEO\dssagent.exe: [Debugger] svchost.exe
IMEO\dvp95.exe: [Debugger] svchost.exe
IMEO\dvp95_0.exe: [Debugger] svchost.exe
IMEO\ecengine.exe: [Debugger] svchost.exe
IMEO\efpeadm.exe: [Debugger] svchost.exe
IMEO\emsw.exe: [Debugger] svchost.exe
IMEO\ent.exe: [Debugger] svchost.exe
IMEO\esafe.exe: [Debugger] svchost.exe
IMEO\escanhnt.exe: [Debugger] svchost.exe
IMEO\escanv95.exe: [Debugger] svchost.exe
IMEO\espwatch.exe: [Debugger] svchost.exe
IMEO\ethereal.exe: [Debugger] svchost.exe
IMEO\etrustcipe.exe: [Debugger] svchost.exe
IMEO\evpn.exe: [Debugger] svchost.exe
IMEO\exantivirus-cnet.exe: [Debugger] svchost.exe
IMEO\exe.avxw.exe: [Debugger] svchost.exe
IMEO\expert.exe: [Debugger] svchost.exe
IMEO\explore.exe: [Debugger] svchost.exe
IMEO\f-agnt95.exe: [Debugger] svchost.exe
IMEO\f-prot.exe: [Debugger] svchost.exe
IMEO\f-prot95.exe: [Debugger] svchost.exe
IMEO\f-stopw.exe: [Debugger] svchost.exe
IMEO\fact.exe: [Debugger] svchost.exe
IMEO\fameh32.exe: [Debugger] svchost.exe
IMEO\fast.exe: [Debugger] svchost.exe
IMEO\fch32.exe: [Debugger] svchost.exe
IMEO\fih32.exe: [Debugger] svchost.exe
IMEO\findviru.exe: [Debugger] svchost.exe
IMEO\firewall.exe: [Debugger] svchost.exe
IMEO\fixcfg.exe: [Debugger] svchost.exe
IMEO\fixfp.exe: [Debugger] svchost.exe
IMEO\fnrb32.exe: [Debugger] svchost.exe
IMEO\fp-win.exe: [Debugger] svchost.exe
IMEO\fp-win_trial.exe: [Debugger] svchost.exe
IMEO\fprot.exe: [Debugger] svchost.exe
IMEO\frmwrk32.exe: [Debugger] svchost.exe
IMEO\frw.exe: [Debugger] svchost.exe
IMEO\fsaa.exe: [Debugger] svchost.exe
IMEO\fsav.exe: [Debugger] svchost.exe
IMEO\fsav32.exe: [Debugger] svchost.exe
IMEO\fsav530stbyb.exe: [Debugger] svchost.exe
IMEO\fsav530wtbyb.exe: [Debugger] svchost.exe
IMEO\fsav95.exe: [Debugger] svchost.exe
IMEO\fsgk32.exe: [Debugger] svchost.exe
IMEO\fsm32.exe: [Debugger] svchost.exe
IMEO\fsma32.exe: [Debugger] svchost.exe
IMEO\fsmb32.exe: [Debugger] svchost.exe
IMEO\gator.exe: [Debugger] svchost.exe
IMEO\gav.exe: [Debugger] svchost.exe
IMEO\gbmenu.exe: [Debugger] svchost.exe
IMEO\gbn976rl.exe: [Debugger] svchost.exe
IMEO\gbpoll.exe: [Debugger] svchost.exe
IMEO\generics.exe: [Debugger] svchost.exe
IMEO\gmt.exe: [Debugger] svchost.exe
IMEO\guard.exe: [Debugger] svchost.exe
IMEO\guarddog.exe: [Debugger] svchost.exe
IMEO\guardgui.exe: [Debugger] svchost.exe
IMEO\hacktracersetup.exe: [Debugger] svchost.exe
IMEO\hbinst.exe: [Debugger] svchost.exe
IMEO\hbsrv.exe: [Debugger] svchost.exe
IMEO\History.exe: [Debugger] svchost.exe
IMEO\homeav2010.exe: [Debugger] svchost.exe
IMEO\hotactio.exe: [Debugger] svchost.exe
IMEO\hotpatch.exe: [Debugger] svchost.exe
IMEO\htlog.exe: [Debugger] svchost.exe
IMEO\htpatch.exe: [Debugger] svchost.exe
IMEO\hwpe.exe: [Debugger] svchost.exe
IMEO\hxdl.exe: [Debugger] svchost.exe
IMEO\hxiul.exe: [Debugger] svchost.exe
IMEO\iamapp.exe: [Debugger] svchost.exe
IMEO\iamserv.exe: [Debugger] svchost.exe
IMEO\iamstats.exe: [Debugger] svchost.exe
IMEO\ibmasn.exe: [Debugger] svchost.exe
IMEO\ibmavsp.exe: [Debugger] svchost.exe
IMEO\icload95.exe: [Debugger] svchost.exe
IMEO\icloadnt.exe: [Debugger] svchost.exe
IMEO\icmon.exe: [Debugger] svchost.exe
IMEO\icsupp95.exe: [Debugger] svchost.exe
IMEO\icsuppnt.exe: [Debugger] svchost.exe
IMEO\Identity.exe: [Debugger] svchost.exe
IMEO\idle.exe: [Debugger] svchost.exe
IMEO\iedll.exe: [Debugger] svchost.exe
IMEO\iedriver.exe: [Debugger] svchost.exe
IMEO\IEShow.exe: [Debugger] svchost.exe
IMEO\iface.exe: [Debugger] svchost.exe
IMEO\ifw2000.exe: [Debugger] svchost.exe
IMEO\inetlnfo.exe: [Debugger] svchost.exe
IMEO\infus.exe: [Debugger] svchost.exe
IMEO\infwin.exe: [Debugger] svchost.exe
IMEO\init.exe: [Debugger] svchost.exe
IMEO\init32.exe : [Debugger] svchost.exe
IMEO\install[1].exe: [Debugger] svchost.exe
IMEO\install[2].exe: [Debugger] svchost.exe
IMEO\install[3].exe: [Debugger] svchost.exe
IMEO\install[4].exe: [Debugger] svchost.exe
IMEO\install[5].exe: [Debugger] svchost.exe
IMEO\intdel.exe: [Debugger] svchost.exe
IMEO\intren.exe: [Debugger] svchost.exe
IMEO\iomon98.exe: [Debugger] svchost.exe
IMEO\istsvc.exe: [Debugger] svchost.exe
IMEO\jammer.exe: [Debugger] svchost.exe
IMEO\jdbgmrg.exe: [Debugger] svchost.exe
IMEO\jedi.exe: [Debugger] svchost.exe
IMEO\JsRcGen.exe: [Debugger] svchost.exe
IMEO\kavlite40eng.exe: [Debugger] svchost.exe
IMEO\kavpers40eng.exe: [Debugger] svchost.exe
IMEO\kavpf.exe: [Debugger] svchost.exe
IMEO\kazza.exe: [Debugger] svchost.exe
IMEO\keenvalue.exe: [Debugger] svchost.exe
IMEO\kerio-pf-213-en-win.exe: [Debugger] svchost.exe
IMEO\kerio-wrl-421-en-win.exe: [Debugger] svchost.exe
IMEO\kerio-wrp-421-en-win.exe: [Debugger] svchost.exe
IMEO\killprocesssetup161.exe: [Debugger] svchost.exe
IMEO\ldnetmon.exe: [Debugger] svchost.exe
IMEO\ldpro.exe: [Debugger] svchost.exe
IMEO\ldpromenu.exe: [Debugger] svchost.exe
IMEO\ldscan.exe: [Debugger] svchost.exe
IMEO\licmgr.exe: [Debugger] svchost.exe
IMEO\lnetinfo.exe: [Debugger] svchost.exe
IMEO\loader.exe: [Debugger] svchost.exe
IMEO\localnet.exe: [Debugger] svchost.exe
IMEO\lockdown.exe: [Debugger] svchost.exe
IMEO\lockdown2000.exe: [Debugger] svchost.exe
IMEO\lookout.exe: [Debugger] svchost.exe
IMEO\lordpe.exe: [Debugger] svchost.exe
IMEO\lsetup.exe: [Debugger] svchost.exe
IMEO\luall.exe: [Debugger] svchost.exe
IMEO\luau.exe: [Debugger] svchost.exe
IMEO\lucomserver.exe: [Debugger] svchost.exe
IMEO\luinit.exe: [Debugger] svchost.exe
IMEO\luspt.exe: [Debugger] svchost.exe
IMEO\MalwareRemoval.exe: [Debugger] svchost.exe
IMEO\mapisvc32.exe: [Debugger] svchost.exe
IMEO\mbam.exe: [Debugger] svchost.exe
IMEO\mbamgui.exe: [Debugger] svchost.exe
IMEO\mbamservice.exe: [Debugger] svchost.exe
IMEO\mcagent.exe: [Debugger] svchost.exe
IMEO\mcmnhdlr.exe: [Debugger] svchost.exe
IMEO\mcmpeng.exe: [Debugger] svchost.exe
IMEO\mcmscsvc.exe: [Debugger] svchost.exe
IMEO\mcnasvc.exe: [Debugger] svchost.exe
IMEO\mcproxy.exe: [Debugger] svchost.exe
IMEO\McSACore.exe: [Debugger] svchost.exe
IMEO\mcshell.exe: [Debugger] svchost.exe
IMEO\mcshield.exe: [Debugger] svchost.exe
IMEO\mcsysmon.exe: [Debugger] svchost.exe
IMEO\mctool.exe: [Debugger] svchost.exe
IMEO\mcupdate.exe: [Debugger] svchost.exe
IMEO\mcvsrte.exe: [Debugger] svchost.exe
IMEO\mcvsshld.exe: [Debugger] svchost.exe
IMEO\md.exe: [Debugger] svchost.exe
IMEO\mfin32.exe: [Debugger] svchost.exe
IMEO\mfw2en.exe: [Debugger] svchost.exe
IMEO\mfweng3.02d30.exe: [Debugger] svchost.exe
IMEO\mgavrtcl.exe: [Debugger] svchost.exe
IMEO\mgavrte.exe: [Debugger] svchost.exe
IMEO\mghtml.exe: [Debugger] svchost.exe
IMEO\mgui.exe: [Debugger] svchost.exe
IMEO\minilog.exe: [Debugger] svchost.exe
IMEO\mmod.exe: [Debugger] svchost.exe
IMEO\monitor.exe: [Debugger] svchost.exe
IMEO\moolive.exe: [Debugger] svchost.exe
IMEO\mostat.exe: [Debugger] svchost.exe
IMEO\mpfagent.exe: [Debugger] svchost.exe
IMEO\mpfservice.exe: [Debugger] svchost.exe
IMEO\MPFSrv.exe: [Debugger] svchost.exe
IMEO\mpftray.exe: [Debugger] svchost.exe
IMEO\mrflux.exe: [Debugger] svchost.exe
IMEO\mrt.exe: [Debugger] svchost.exe
IMEO\msa.exe: [Debugger] svchost.exe
IMEO\msapp.exe: [Debugger] svchost.exe
IMEO\MSASCui.exe: [Debugger] svchost.exe
IMEO\msbb.exe: [Debugger] svchost.exe
IMEO\msblast.exe: [Debugger] svchost.exe
IMEO\mscache.exe: [Debugger] svchost.exe
IMEO\msccn32.exe: [Debugger] svchost.exe
IMEO\mscman.exe: [Debugger] svchost.exe
IMEO\msconfig: [Debugger] svchost.exe
IMEO\msdm.exe: [Debugger] svchost.exe
IMEO\msdos.exe: [Debugger] svchost.exe
IMEO\msiexec16.exe: [Debugger] svchost.exe
IMEO\mslaugh.exe: [Debugger] svchost.exe
IMEO\msmgt.exe: [Debugger] svchost.exe
IMEO\msmsgri32.exe: [Debugger] svchost.exe
IMEO\msseces.exe: [Debugger] svchost.exe
IMEO\mssmmc32.exe: [Debugger] svchost.exe
IMEO\mssys.exe: [Debugger] svchost.exe
IMEO\msvxd.exe: [Debugger] svchost.exe
IMEO\mu0311ad.exe: [Debugger] svchost.exe
IMEO\mwatch.exe: [Debugger] svchost.exe
IMEO\n32scanw.exe: [Debugger] svchost.exe
IMEO\nav.exe: [Debugger] svchost.exe
IMEO\navap.navapsvc.exe: [Debugger] svchost.exe
IMEO\navapsvc.exe: [Debugger] svchost.exe
IMEO\navapw32.exe: [Debugger] svchost.exe
IMEO\navdx.exe: [Debugger] svchost.exe
IMEO\navlu32.exe: [Debugger] svchost.exe
IMEO\navnt.exe: [Debugger] svchost.exe
IMEO\navstub.exe: [Debugger] svchost.exe
IMEO\navw32.exe: [Debugger] svchost.exe
IMEO\navwnt.exe: [Debugger] svchost.exe
IMEO\nc2000.exe: [Debugger] svchost.exe
IMEO\ncinst4.exe: [Debugger] svchost.exe
IMEO\ndd32.exe: [Debugger] svchost.exe
IMEO\neomonitor.exe: [Debugger] svchost.exe
IMEO\neowatchlog.exe: [Debugger] svchost.exe
IMEO\netarmor.exe: [Debugger] svchost.exe
IMEO\netd32.exe: [Debugger] svchost.exe
IMEO\netinfo.exe: [Debugger] svchost.exe
IMEO\netmon.exe: [Debugger] svchost.exe
IMEO\netscanpro.exe: [Debugger] svchost.exe
IMEO\netspyhunter-1.2.exe: [Debugger] svchost.exe
IMEO\netutils.exe: [Debugger] svchost.exe
IMEO\nisserv.exe: [Debugger] svchost.exe
IMEO\nisum.exe: [Debugger] svchost.exe
IMEO\nmain.exe: [Debugger] svchost.exe
IMEO\nod32.exe: [Debugger] svchost.exe
IMEO\normist.exe: [Debugger] svchost.exe
IMEO\norton_internet_secu_3.0_407.exe: [Debugger] svchost.exe
IMEO\notstart.exe: [Debugger] svchost.exe
IMEO\npf40_tw_98_nt_me_2k.exe: [Debugger] svchost.exe
IMEO\npfmessenger.exe: [Debugger] svchost.exe
IMEO\nprotect.exe: [Debugger] svchost.exe
IMEO\npscheck.exe: [Debugger] svchost.exe
IMEO\npssvc.exe: [Debugger] svchost.exe
IMEO\nsched32.exe: [Debugger] svchost.exe
IMEO\nssys32.exe: [Debugger] svchost.exe
IMEO\nstask32.exe: [Debugger] svchost.exe
IMEO\nsupdate.exe: [Debugger] svchost.exe
IMEO\nt.exe: [Debugger] svchost.exe
IMEO\ntrtscan.exe: [Debugger] svchost.exe
IMEO\ntvdm.exe: [Debugger] svchost.exe
IMEO\ntxconfig.exe: [Debugger] svchost.exe
IMEO\nui.exe: [Debugger] svchost.exe
IMEO\nupgrade.exe: [Debugger] svchost.exe
IMEO\nvarch16.exe: [Debugger] svchost.exe
IMEO\nvc95.exe: [Debugger] svchost.exe
IMEO\nvsvc32.exe: [Debugger] svchost.exe
IMEO\nwinst4.exe: [Debugger] svchost.exe
IMEO\nwservice.exe: [Debugger] svchost.exe
IMEO\nwtool16.exe: [Debugger] svchost.exe
IMEO\OAcat.exe: [Debugger] svchost.exe
IMEO\OAhlp.exe: [Debugger] svchost.exe
IMEO\OAReg.exe: [Debugger] svchost.exe
IMEO\oasrv.exe: [Debugger] svchost.exe
IMEO\oaui.exe: [Debugger] svchost.exe
IMEO\oaview.exe: [Debugger] svchost.exe
IMEO\ODSW.exe: [Debugger] svchost.exe
IMEO\ollydbg.exe: [Debugger] svchost.exe
IMEO\onsrvr.exe: [Debugger] svchost.exe
IMEO\optimize.exe: [Debugger] svchost.exe
IMEO\ostronet.exe: [Debugger] svchost.exe
IMEO\otfix.exe: [Debugger] svchost.exe
IMEO\outpost.exe: [Debugger] svchost.exe
IMEO\outpostinstall.exe: [Debugger] svchost.exe
IMEO\outpostproinstall.exe: [Debugger] svchost.exe
IMEO\ozn695m5.exe: [Debugger] svchost.exe
IMEO\padmin.exe: [Debugger] svchost.exe
IMEO\panixk.exe: [Debugger] svchost.exe
IMEO\patch.exe: [Debugger] svchost.exe
IMEO\pav.exe: [Debugger] svchost.exe
IMEO\pavcl.exe: [Debugger] svchost.exe
IMEO\PavFnSvr.exe: [Debugger] svchost.exe
IMEO\pavproxy.exe: [Debugger] svchost.exe
IMEO\pavprsrv.exe: [Debugger] svchost.exe
IMEO\pavsched.exe: [Debugger] svchost.exe
IMEO\pavsrv51.exe: [Debugger] svchost.exe
IMEO\pavw.exe: [Debugger] svchost.exe
IMEO\pc.exe: [Debugger] svchost.exe
IMEO\pccwin98.exe: [Debugger] svchost.exe
IMEO\pcfwallicon.exe: [Debugger] svchost.exe
IMEO\pcip10117_0.exe: [Debugger] svchost.exe
IMEO\pcscan.exe: [Debugger] svchost.exe
IMEO\pctsAuxs.exe: [Debugger] svchost.exe
IMEO\pctsGui.exe: [Debugger] svchost.exe
IMEO\pctsSvc.exe: [Debugger] svchost.exe
IMEO\pctsTray.exe: [Debugger] svchost.exe
IMEO\PC_Antispyware2010.exe: [Debugger] svchost.exe
IMEO\pdfndr.exe: [Debugger] svchost.exe
IMEO\pdsetup.exe: [Debugger] svchost.exe
IMEO\PerAvir.exe: [Debugger] svchost.exe
IMEO\periscope.exe: [Debugger] svchost.exe
IMEO\persfw.exe: [Debugger] svchost.exe
IMEO\personalguard: [Debugger] svchost.exe
IMEO\personalguard.exe: [Debugger] svchost.exe
IMEO\perswf.exe: [Debugger] svchost.exe
IMEO\pf2.exe: [Debugger] svchost.exe
IMEO\pfwadmin.exe: [Debugger] svchost.exe
IMEO\pgmonitr.exe: [Debugger] svchost.exe
IMEO\pingscan.exe: [Debugger] svchost.exe
IMEO\platin.exe: [Debugger] svchost.exe
IMEO\pop3trap.exe: [Debugger] svchost.exe
IMEO\poproxy.exe: [Debugger] svchost.exe
IMEO\popscan.exe: [Debugger] svchost.exe
IMEO\portdetective.exe: [Debugger] svchost.exe
IMEO\portmonitor.exe: [Debugger] svchost.exe
IMEO\powerscan.exe: [Debugger] svchost.exe
IMEO\ppinupdt.exe: [Debugger] svchost.exe
IMEO\pptbc.exe: [Debugger] svchost.exe
IMEO\ppvstop.exe: [Debugger] svchost.exe
IMEO\prizesurfer.exe: [Debugger] svchost.exe
IMEO\prmt.exe: [Debugger] svchost.exe
IMEO\prmvr.exe: [Debugger] svchost.exe
IMEO\procdump.exe: [Debugger] svchost.exe
IMEO\processmonitor.exe: [Debugger] svchost.exe
IMEO\procexplorerv1.0.exe: [Debugger] svchost.exe
IMEO\programauditor.exe: [Debugger] svchost.exe
IMEO\proport.exe: [Debugger] svchost.exe
IMEO\protector.exe: [Debugger] svchost.exe
IMEO\protectx.exe: [Debugger] svchost.exe
IMEO\PSANCU.exe: [Debugger] svchost.exe
IMEO\PSANHost.exe: [Debugger] svchost.exe
IMEO\PSANToManager.exe: [Debugger] svchost.exe
IMEO\PsCtrls.exe: [Debugger] svchost.exe
IMEO\PsImSvc.exe: [Debugger] svchost.exe
IMEO\PskSvc.exe: [Debugger] svchost.exe
IMEO\pspf.exe: [Debugger] svchost.exe
IMEO\PSUNMain.exe: [Debugger] svchost.exe
IMEO\purge.exe: [Debugger] svchost.exe
IMEO\qconsole.exe: [Debugger] svchost.exe
IMEO\qh.exe: [Debugger] svchost.exe
IMEO\qserver.exe: [Debugger] svchost.exe
IMEO\Quick Heal.exe: [Debugger] svchost.exe
IMEO\QuickHealCleaner.exe: [Debugger] svchost.exe
IMEO\rapapp.exe: [Debugger] svchost.exe
IMEO\rav7.exe: [Debugger] svchost.exe
IMEO\rav7win.exe: [Debugger] svchost.exe
IMEO\rav8win32eng.exe: [Debugger] svchost.exe
IMEO\ray.exe: [Debugger] svchost.exe
IMEO\rb32.exe: [Debugger] svchost.exe
IMEO\rcsync.exe: [Debugger] svchost.exe
IMEO\realmon.exe: [Debugger] svchost.exe
IMEO\reged.exe: [Debugger] svchost.exe
IMEO\regedt32.exe: [Debugger] svchost.exe
IMEO\rescue.exe: [Debugger] svchost.exe
IMEO\rescue32.exe: [Debugger] svchost.exe
IMEO\rrguard.exe: [Debugger] svchost.exe
IMEO\rscdwld.exe: [Debugger] svchost.exe
IMEO\rshell.exe: [Debugger] svchost.exe
IMEO\rtvscan.exe: [Debugger] svchost.exe
IMEO\rtvscn95.exe: [Debugger] svchost.exe
IMEO\rulaunch.exe: [Debugger] svchost.exe
IMEO\rwg: [Debugger] svchost.exe
IMEO\rwg.exe: [Debugger] svchost.exe
IMEO\SafetyKeeper.exe: [Debugger] svchost.exe
IMEO\safeweb.exe: [Debugger] svchost.exe
IMEO\sahagent.exe: [Debugger] svchost.exe
IMEO\Save.exe: [Debugger] svchost.exe
IMEO\SaveArmor.exe: [Debugger] svchost.exe
IMEO\SaveDefense.exe: [Debugger] svchost.exe
IMEO\SaveKeep.exe: [Debugger] svchost.exe
IMEO\savenow.exe: [Debugger] svchost.exe
IMEO\sbserv.exe: [Debugger] svchost.exe
IMEO\sc.exe: [Debugger] svchost.exe
IMEO\scam32.exe: [Debugger] svchost.exe
IMEO\scan32.exe: [Debugger] svchost.exe
IMEO\scan95.exe: [Debugger] svchost.exe
IMEO\scanpm.exe: [Debugger] svchost.exe
IMEO\scrscan.exe: [Debugger] svchost.exe
IMEO\Secure Veteran.exe: [Debugger] svchost.exe
IMEO\secureveteran.exe: [Debugger] svchost.exe
IMEO\Security Center.exe: [Debugger] svchost.exe
IMEO\SecurityFighter.exe: [Debugger] svchost.exe
IMEO\securitysoldier.exe: [Debugger] svchost.exe
IMEO\serv95.exe: [Debugger] svchost.exe
IMEO\setloadorder.exe: [Debugger] svchost.exe
IMEO\setupvameeval.exe: [Debugger] svchost.exe
IMEO\setup_flowprotector_us.exe: [Debugger] svchost.exe
IMEO\sgssfw32.exe: [Debugger] svchost.exe
IMEO\sh.exe: [Debugger] svchost.exe
IMEO\shellspyinstall.exe: [Debugger] svchost.exe
IMEO\shield.exe: [Debugger] svchost.exe
IMEO\shn.exe: [Debugger] svchost.exe
IMEO\showbehind.exe: [Debugger] svchost.exe
IMEO\signcheck.exe: [Debugger] svchost.exe
IMEO\smart.exe: [Debugger] svchost.exe
IMEO\smartprotector.exe: [Debugger] svchost.exe
IMEO\smc.exe: [Debugger] svchost.exe
IMEO\smrtdefp.exe: [Debugger] svchost.exe
IMEO\sms.exe: [Debugger] svchost.exe
IMEO\smss32.exe: [Debugger] svchost.exe
IMEO\snetcfg.exe: [Debugger] svchost.exe
IMEO\soap.exe: [Debugger] svchost.exe
IMEO\sofi.exe: [Debugger] svchost.exe
IMEO\SoftSafeness.exe: [Debugger] svchost.exe
IMEO\sperm.exe: [Debugger] svchost.exe
IMEO\spf.exe: [Debugger] svchost.exe
IMEO\sphinx.exe: [Debugger] svchost.exe
IMEO\spoler.exe: [Debugger] svchost.exe
IMEO\spoolcv.exe: [Debugger] svchost.exe
IMEO\spoolsv32.exe: [Debugger] svchost.exe
IMEO\spywarexpguard.exe: [Debugger] svchost.exe
IMEO\spyxx.exe: [Debugger] svchost.exe
IMEO\srexe.exe: [Debugger] svchost.exe
IMEO\srng.exe: [Debugger] svchost.exe
IMEO\ss3edit.exe: [Debugger] svchost.exe
IMEO\ssgrate.exe: [Debugger] svchost.exe
IMEO\ssg_4104.exe: [Debugger] svchost.exe
IMEO\st2.exe: [Debugger] svchost.exe
IMEO\start.exe: [Debugger] svchost.exe
IMEO\stcloader.exe: [Debugger] svchost.exe
IMEO\supftrl.exe: [Debugger] svchost.exe
IMEO\support.exe: [Debugger] svchost.exe
IMEO\supporter5.exe: [Debugger] svchost.exe
IMEO\svc.exe: [Debugger] svchost.exe
IMEO\svchostc.exe: [Debugger] svchost.exe
IMEO\svchosts.exe: [Debugger] svchost.exe
IMEO\svshost.exe: [Debugger] svchost.exe
IMEO\sweep95.exe: [Debugger] svchost.exe
IMEO\sweepnet.sweepsrv.sys.swnetsup.exe: [Debugger] svchost.exe
IMEO\symlcsvc.exe: [Debugger] svchost.exe
IMEO\symproxysvc.exe: [Debugger] svchost.exe
IMEO\symtray.exe: [Debugger] svchost.exe
IMEO\system.exe: [Debugger] svchost.exe
IMEO\system32.exe: [Debugger] svchost.exe
IMEO\sysupd.exe: [Debugger] svchost.exe
IMEO\tapinstall.exe: [Debugger] svchost.exe
IMEO\taumon.exe: [Debugger] svchost.exe
IMEO\tbscan.exe: [Debugger] svchost.exe
IMEO\tc.exe: [Debugger] svchost.exe
IMEO\tca.exe: [Debugger] svchost.exe
IMEO\tcm.exe: [Debugger] svchost.exe
IMEO\tds-3.exe: [Debugger] svchost.exe
IMEO\tds2-98.exe: [Debugger] svchost.exe
IMEO\tds2-nt.exe: [Debugger] svchost.exe
IMEO\teekids.exe: [Debugger] svchost.exe
IMEO\tfak.exe: [Debugger] svchost.exe
IMEO\tfak5.exe: [Debugger] svchost.exe
IMEO\tgbob.exe: [Debugger] svchost.exe
IMEO\titanin.exe: [Debugger] svchost.exe
IMEO\titaninxp.exe: [Debugger] svchost.exe
IMEO\TPSrv.exe: [Debugger] svchost.exe
IMEO\trickler.exe: [Debugger] svchost.exe
IMEO\trjscan.exe: [Debugger] svchost.exe
IMEO\trjsetup.exe: [Debugger] svchost.exe
IMEO\trojantrap3.exe: [Debugger] svchost.exe
IMEO\TrustWarrior.exe: [Debugger] svchost.exe
IMEO\tsadbot.exe: [Debugger] svchost.exe
IMEO\tsc.exe: [Debugger] svchost.exe
IMEO\tvmd.exe: [Debugger] svchost.exe
IMEO\tvtmd.exe: [Debugger] svchost.exe
IMEO\undoboot.exe: [Debugger] svchost.exe
IMEO\updat.exe: [Debugger] svchost.exe
IMEO\upgrad.exe: [Debugger] svchost.exe
IMEO\utpost.exe: [Debugger] svchost.exe
IMEO\vbcmserv.exe: [Debugger] svchost.exe
IMEO\vbcons.exe: [Debugger] svchost.exe
IMEO\vbust.exe: [Debugger] svchost.exe
IMEO\vbwin9x.exe: [Debugger] svchost.exe
IMEO\vbwinntw.exe: [Debugger] svchost.exe
IMEO\vcsetup.exe: [Debugger] svchost.exe
IMEO\vet32.exe: [Debugger] svchost.exe
IMEO\vet95.exe: [Debugger] svchost.exe
IMEO\vettray.exe: [Debugger] svchost.exe
IMEO\vfsetup.exe: [Debugger] svchost.exe
IMEO\vir-help.exe: [Debugger] svchost.exe
IMEO\virusmdpersonalfirewall.exe: [Debugger] svchost.exe
IMEO\VisthAux.exe: [Debugger] svchost.exe
IMEO\VisthLic.exe: [Debugger] svchost.exe
IMEO\VisthUpd.exe: [Debugger] svchost.exe
IMEO\vnlan300.exe: [Debugger] svchost.exe
IMEO\vnpc3000.exe: [Debugger] svchost.exe
IMEO\vpc32.exe: [Debugger] svchost.exe
IMEO\vpc42.exe: [Debugger] svchost.exe
IMEO\vpfw30s.exe: [Debugger] svchost.exe
IMEO\vptray.exe: [Debugger] svchost.exe
IMEO\vscan40.exe: [Debugger] svchost.exe
IMEO\vscenu6.02d30.exe: [Debugger] svchost.exe
IMEO\vsched.exe: [Debugger] svchost.exe
IMEO\vsecomr.exe: [Debugger] svchost.exe
IMEO\vshwin32.exe: [Debugger] svchost.exe
IMEO\vsisetup.exe: [Debugger] svchost.exe
IMEO\vsmain.exe: [Debugger] svchost.exe
IMEO\vsmon.exe: [Debugger] svchost.exe
IMEO\vsstat.exe: [Debugger] svchost.exe
IMEO\vswin9xe.exe: [Debugger] svchost.exe
IMEO\vswinntse.exe: [Debugger] svchost.exe
IMEO\vswinperse.exe: [Debugger] svchost.exe
IMEO\w32dsm89.exe: [Debugger] svchost.exe
IMEO\W3asbas.exe: [Debugger] svchost.exe
IMEO\w9x.exe: [Debugger] svchost.exe
IMEO\watchdog.exe: [Debugger] svchost.exe
IMEO\webdav.exe: [Debugger] svchost.exe
IMEO\WebProxy.exe: [Debugger] svchost.exe
IMEO\webscanx.exe: [Debugger] svchost.exe
IMEO\webtrap.exe: [Debugger] svchost.exe
IMEO\wfindv32.exe: [Debugger] svchost.exe
IMEO\whoswatchingme.exe: [Debugger] svchost.exe
IMEO\wimmun32.exe: [Debugger] svchost.exe
IMEO\win-bugsfix.exe: [Debugger] svchost.exe
IMEO\win32.exe: [Debugger] svchost.exe
IMEO\win32us.exe: [Debugger] svchost.exe
IMEO\winactive.exe: [Debugger] svchost.exe
IMEO\winav.exe: [Debugger] svchost.exe
IMEO\windll32.exe: [Debugger] svchost.exe
IMEO\window.exe: [Debugger] svchost.exe
IMEO\windows Police Pro.exe: [Debugger] svchost.exe
IMEO\windows.exe: [Debugger] svchost.exe
IMEO\wininetd.exe: [Debugger] svchost.exe
IMEO\wininitx.exe: [Debugger] svchost.exe
IMEO\winlogin.exe: [Debugger] svchost.exe
IMEO\winmain.exe: [Debugger] svchost.exe
IMEO\winppr32.exe: [Debugger] svchost.exe
IMEO\winrecon.exe: [Debugger] svchost.exe
IMEO\winservn.exe: [Debugger] svchost.exe
IMEO\winssk32.exe: [Debugger] svchost.exe
IMEO\winstart.exe: [Debugger] svchost.exe
IMEO\winstart001.exe: [Debugger] svchost.exe
IMEO\wintsk32.exe: [Debugger] svchost.exe
IMEO\winupdate.exe: [Debugger] svchost.exe
IMEO\wkufind.exe: [Debugger] svchost.exe
IMEO\wnad.exe: [Debugger] svchost.exe
IMEO\wnt.exe: [Debugger] svchost.exe
IMEO\wradmin.exe: [Debugger] svchost.exe
IMEO\wrctrl.exe: [Debugger] svchost.exe
IMEO\wsbgate.exe: [Debugger] svchost.exe
IMEO\wscfxas.exe: [Debugger] svchost.exe
IMEO\wscfxav.exe: [Debugger] svchost.exe
IMEO\wscfxfw.exe: [Debugger] svchost.exe
IMEO\wsctool.exe: [Debugger] svchost.exe
IMEO\wupdater.exe: [Debugger] svchost.exe
IMEO\wupdt.exe: [Debugger] svchost.exe
IMEO\wyvernworksfirewall.exe: [Debugger] svchost.exe
IMEO\xpdeluxe.exe: [Debugger] svchost.exe
IMEO\xpf202en.exe: [Debugger] svchost.exe
IMEO\xp_antispyware.exe: [Debugger] svchost.exe
IMEO\zapro.exe: [Debugger] svchost.exe
IMEO\zapsetup3001.exe: [Debugger] svchost.exe
IMEO\zatutor.exe: [Debugger] svchost.exe
IMEO\zonalm2601.exe: [Debugger] svchost.exe
IMEO\zonealarm.exe: [Debugger] svchost.exe
IMEO\_avp32.exe: [Debugger] svchost.exe
IMEO\_avpcc.exe: [Debugger] svchost.exe
IMEO\_avpm.exe: [Debugger] svchost.exe
IMEO\~1.exe: [Debugger] svchost.exe
IMEO\~2.exe: [Debugger] svchost.exe
End
Save it on the flashdrive as fixlist.txt
Now please enter System Recovery Options then select Command Prompt.
Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file in your next reply
Reboot your machine back into Normal Mode.
Note: This above custom script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
DeeDee12
2013-04-07, 22:55
Ok!:thanks: The fix worked, and the computer booted up properly.
Here is the log from the flash drive. I will have to do it in 2 posts because it is too long.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-07 11:38:44 Run:1
Running from H:\
==============================================
HKEY_USERS\Shermqn Cooper\Software\Microsoft\Windows\CurrentVersion\Run\\Conduit Value deleted successfully.
HKEY_USERS\Shermqn Cooper\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegedit Value deleted successfully.
HKEY_USERS\Shermqn Cooper\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .
AVGIDSAgent service deleted successfully.
X6va005 service deleted successfully.
X6va006 service deleted successfully.
X6va009 service deleted successfully.
X6va011 service deleted successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs.exe moved successfully.
C:\Users\Shermqn Cooper\AppData\Local\_bd_uylzs.exe moved successfully.
C:\ProgramData\_bd_uylzs.exe moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk moved successfully.
C:\Program Files (x86)\fliptoast\fliptoast.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\a.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\About.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\au.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avastSvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avastUI.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avshadow.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\b.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\c.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\click.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\control Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cpf9x206.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\d.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\History.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\init.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\install[1].exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\install[2].exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\install[3].exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\install[4].exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\install[5].exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion
DeeDee12
2013-04-07, 22:56
\Image File Execution Options\mbamgui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcmpeng.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\md.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mrt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msconfig Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\personalguard Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rwg Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\start.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\support.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\system.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\window.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe Key deleted successfully.
==== End of Fixlog ====
Dakeyras
2013-04-08, 11:42
Hi. :)
Ok!:thanks: The fix worked, and the computer booted up properly.
Good...
OK we are going to take a slightly different approach again to what I had planned originally and it would best to limit online activity with the machine for the time being also.
All of the below can now be done on the infected machine, any problems downloading anything merely stop what you are doing and inform myself please.
Malwarebytes Anti-Malware:
Please download the installer for Malwarebytes' Anti-Malware (http://downloads.malwarebytes.org/mbam-download-standalone-random.php) to the desktop.
Note: The installer will be randomly named, say for example something like 549od2jqai.exe
Right-click on the randomly named exe file and select Run as Administrator, then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Scan with OTL:
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to the Desktop.
Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).
Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Under the Custom Scan/Fixes box cut & paste this in:-
netsvcs
baseservices
%systemdrive%\*.exe
/md5start
services.*
iastor.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CreateRestorePoint
Now click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.
Next:
When completed the above, please post back the following in the order asked for:
How is the computer performing now, any further symptoms and or problems encountered?
Malwarebytes' Anti-Malware Log.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
DeeDee12
2013-04-08, 16:32
Each time I try the download, Malwarebytes, I get this message:
Download error
C:\Users\Shermqm Cooper\Downloads\yl74m858lo.exe.part could not be saved, because the source file could not be read.
Dakeyras
2013-04-08, 16:39
Hi. :)
Are you using Mozilla Firefox to download ? If so use Internet Explorer instead and we can address the Mozilla Firefox issue later on.
DeeDee12
2013-04-08, 17:02
Yes I am using Firefox. I will try IE now...Thank you.
Dakeyras
2013-04-08, 17:24
Acknowledged. :)
DeeDee12
2013-04-08, 19:29
The computer seems to be running very good although I dont know much about this laptop because it is not mine:laugh:. I just cant seen to log into the Spybot forums on it, says I am using the wrong password. I have just been putting the logs on the flash drive and posting them back here. I am downloading all the links with the laptop and it seems to working good.. :thanks:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.08.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shermqn Cooper :: BLACKLIGHT [administrator]
4/8/2013 8:28:52 AM
mbam-log-2013-04-08 (08-28-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228617
Time elapsed: 6 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 50
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FUNMOODS (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Data: "C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\uninstall.exe" -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 21
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA\bin (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0 (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA\data (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA\bin (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA\bin\1.0.8.0 (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA\data (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16 (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh (PUP.FunMoods) -> Quarantined and deleted successfully.
Files Detected: 37
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\Temp\0.11911199028694852 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\Temp\0.7053937961021689 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\Temp\CX3vP20.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\Temp\is135653842\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\Temp\Temp1_setup.zip\setup.exe (Trojan.FakeAlert.SFXGen3) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_hpk.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA\bin\1.0.8.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA\data\VidShakeSA_hpk.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\Local\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Shermqn Cooper\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
(end)
DeeDee12
2013-04-08, 19:56
OTL logfile created on: 4/8/2013 9:23:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.60 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 61.58% Memory free
7.21 Gb Paging File | 5.59 Gb Available in Paging File | 77.54% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.98 Gb Total Space | 335.36 Gb Free Space | 75.03% Space Free | Partition Type: NTFS
Drive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.32% Space Free | Partition Type: FAT32
Drive G: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.92% Space Free | Partition Type: FAT
Computer Name: BLACKLIGHT | User Name: Shermqn Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/04/08 09:18:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
PRC - [2013/02/10 07:04:46 | 000,289,632 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
PRC - [2013/02/10 07:04:28 | 000,526,688 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
PRC - [2012/12/20 18:07:15 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/20 07:20:12 | 001,685,792 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
PRC - [2012/12/14 11:40:12 | 000,064,728 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr.exe
PRC - [2012/12/14 11:40:12 | 000,046,296 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr_im.exe
PRC - [2012/11/29 21:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/08 14:37:54 | 000,552,816 | ---- | M] (ActivePath Ltd.) -- C:\ProgramData\ActivePath\ActiveMail\UpdateClient.exe
PRC - [2012/10/09 11:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/05 08:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/07/07 19:01:47 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2012/04/24 10:39:58 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/04/14 04:29:50 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/11/22 12:37:48 | 000,108,376 | ---- | M] () -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/25 13:59:18 | 000,103,224 | ---- | M] (Linkury) -- C:\Program Files (x86)\Linkury\Linkury.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 02:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 18:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/29 14:10:00 | 000,407,552 | ---- | M] () -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 16:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/04/29 10:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/10 07:04:46 | 000,289,632 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
MOD - [2013/02/10 07:04:28 | 000,526,688 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
MOD - [2012/11/17 06:31:59 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/16 14:26:49 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll
MOD - [2012/11/16 14:26:25 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll
MOD - [2012/11/16 14:26:23 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/16 14:26:22 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/16 14:24:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 14:23:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 14:22:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 14:21:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 14:21:54 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 14:20:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/27 00:53:18 | 002,717,595 | ---- | M] () -- C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
MOD - [2012/06/22 14:59:52 | 000,313,856 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
MOD - [2012/06/22 14:55:58 | 000,494,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
MOD - [2012/06/22 14:53:22 | 005,812,736 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
MOD - [2012/06/22 14:39:06 | 001,662,464 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
MOD - [2012/06/22 14:24:28 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\Raptr\sip.pyd
MOD - [2012/04/14 04:29:50 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/02/20 06:41:51 | 000,904,704 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012/02/11 23:11:32 | 000,541,696 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
MOD - [2012/02/06 13:28:48 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
MOD - [2012/02/06 13:28:42 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
MOD - [2012/02/06 13:28:34 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2011/09/25 13:58:20 | 000,330,040 | ---- | M] () -- C:\Program Files (x86)\Linkury\Linkury.Resources.FilesManager.dll
MOD - [2011/09/25 13:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Linkury\Linkury.GUI.Docking.dll
MOD - [2011/09/25 13:58:06 | 000,046,904 | ---- | M] () -- C:\Program Files (x86)\Linkury\MACTrackBarLib.dll
MOD - [2011/09/08 16:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files (x86)\Raptr\liboscar.dll
MOD - [2011/09/08 16:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files (x86)\Raptr\libjabber.dll
MOD - [2011/09/08 16:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files (x86)\Raptr\libymsg.dll
MOD - [2011/09/08 16:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libaim.dll
MOD - [2011/09/08 16:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libicq.dll
MOD - [2011/09/08 16:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libirc.dll
MOD - [2011/09/08 16:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
MOD - [2011/09/08 16:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
MOD - [2011/09/08 16:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl.dll
MOD - [2011/09/08 16:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libmsn.dll
MOD - [2011/09/08 16:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
MOD - [2011/09/08 16:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
MOD - [2011/05/10 12:01:42 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
MOD - [2011/02/15 11:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Raptr\libxml2-2.dll
MOD - [2011/02/15 11:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Raptr\sqlite3.dll
MOD - [2010/11/22 16:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Raptr\zlib1.dll
MOD - [2010/11/22 15:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32gui.pyd
MOD - [2010/11/22 15:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32file.pyd
MOD - [2010/11/22 15:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32api.pyd
MOD - [2010/11/22 15:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32process.pyd
MOD - [2010/11/22 15:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\Raptr\gobject._gobject.pyd
MOD - [2010/11/22 15:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\pywintypes26.dll
MOD - [2010/11/22 15:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\Raptr\PIL._imaging.pyd
MOD - [2010/11/22 15:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ssl.pyd
MOD - [2010/11/22 15:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\unicodedata.pyd
MOD - [2010/11/22 15:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files (x86)\Raptr\_hashlib.pyd
MOD - [2010/11/22 15:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Raptr\pyexpat.pyd
MOD - [2010/11/22 15:56:02 | 000,124,928 | ---- | M] () -- C:\Program Files (x86)\Raptr\_elementtree.pyd
MOD - [2010/11/22 15:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ctypes.pyd
MOD - [2010/11/22 15:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Raptr\_sqlite3.pyd
MOD - [2010/11/22 15:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Raptr\_socket.pyd
MOD - [2010/11/22 15:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Raptr\winsound.pyd
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
========== Services (SafeList) ==========
SRV:[b]64bit: - [2011/07/06 00:08:26 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/05 12:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 18:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/08 07:43:45 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/05 08:49:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/05 08:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/24 10:39:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2011/11/22 12:37:54 | 000,120,664 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
SRV - [2011/11/22 12:37:48 | 000,124,760 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe -- (CACLEARWIRE)
SRV - [2011/11/22 12:37:48 | 000,108,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/29 14:10:00 | 000,407,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe -- (clearwireDeviceDiagnosticsService)
SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/27 16:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/15 00:53:02 | 001,813,056 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/10/17 11:05:46 | 000,382,848 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2011/10/17 11:03:20 | 000,060,416 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/08 21:00:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/08 21:00:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/07/06 00:50:28 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 23:32:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/09 19:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/16 03:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 03:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/05 00:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/15 11:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 17:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/05 07:55:24 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80105&lng=en
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=010712_4&babsrc=SP_ss&mntrId=4afc2073000000000000001d8808afeb
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte-fa-v/search/redirect/?type=default&user_id=17a036fa-d899-4f09-bd6e-fb491e92a77b&query={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9D46A67F-FD08-470F-BA0F-EA3F86DD15FF}&mid=4486b519b82147d08c9735581d12137f-746d1d20158756819f8f4b41c87d4f9210d62fb5&lang=en&ds=AVG&pr=pr&d=2012-04-14 04:29:51&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120206,17118,0,18,0
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80105&lng=en
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:1.4.2
FF - prefs.js..extensions.enabledAddons: yaoigcfkgt%40yaoigcfkgt.org:2.5
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=400&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/02/05 07:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/14 04:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/10 18:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/20 18:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 08:49:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.1\FF [2012/02/24 20:03:15 | 000,000,000 | ---D | M]
[2012/12/29 14:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Extensions
[2013/04/08 06:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions
[2012/11/13 20:31:57 | 000,000,000 | ---D | M] (WhiteSmoke US New) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
[2012/11/13 20:31:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/13 20:31:55 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013/04/08 06:15:37 | 000,000,000 | ---D | M] (ActiveMail) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\activemail@activepath.com
[2012/11/13 20:31:57 | 000,000,000 | ---D | M] (DealCabby) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\dealcabby@jetpack
[2012/12/20 18:05:53 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com
[2013/04/08 06:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\staged
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults
[2012/11/10 05:33:07 | 000,022,426 | ---- | M] () (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\extensions\addon@defaulttab.com.xpi
[2012/10/24 12:12:42 | 000,054,396 | ---- | M] () (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\extensions\pricepeep@getpricepeep.com.xpi
[1636/09/03 16:54:34 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\extensions\yaoigcfkgt@yaoigcfkgt.org.xpi
[2013/04/08 06:15:37 | 000,053,939 | ---- | M] () (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\extensions\staged\pricepeep@getpricepeep.com.xpi
[2012/07/12 12:05:14 | 000,001,301 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\searchplugins\my-homepage.xml
[2013/04/08 06:07:26 | 000,002,025 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\searchplugins\search-here.xml
[2012/11/11 04:33:56 | 000,002,687 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\searchplugins\Search_Results.xml
[2012/11/11 05:32:50 | 000,001,064 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\searchplugins\whitesmoke-us-new-customized-web-search.xml
[2012/12/29 14:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/20 18:08:17 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/12/05 08:49:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/10 08:01:14 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/11 04:33:56 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search? p={searchTerms}&ei=UTF-8&fr=w3is&type=
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpcciokmdkojnfcdidadlpakopjjmaig\2.3.15.10_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekjmomebeenmcaidoolfdgmhljcegdjg\1.1_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.17.33_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenicmgjbmpgagkhghjmkikfoljdcbhi\4.0_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdibpcceojcijhomkdgiffflkgngmapf\2.6.430_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.17.57_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
DeeDee12
2013-04-08, 20:02
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Shermqn Cooper\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (My Personal Homepage) - {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll ()
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Shermqn Cooper\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.3\PriceGongIE.dll (PriceGong)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [Conduit] C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll (The GTK developer community)
O4 - HKU\S-1-5-18..\Run: [Conduit] C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll (The GTK developer community)
O4 - HKU\S-1-5-19..\Run: [Conduit] C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll (The GTK developer community)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Conduit] C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll (The GTK developer community)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Akamai NetSession Interface] C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [GenieoSystemTray] C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [GenieoUpdaterService] C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe (Linkury)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Ranges: Range1 ( in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26AE02A1-4B39-46A9-89C7-F777F66FFCFD}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51AE88A-6CA5-4D53-803F-A6EF3053E57E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/04/08 09:18:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
[2013/04/08 07:21:56 | 000,000,000 | ---D | C] -- C:\Users\Shermqn Cooper\AppData\Roaming\Malwarebytes
[2013/04/08 07:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/08 07:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 07:21:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/08 07:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/08 07:20:08 | 000,000,000 | ---D | C] -- C:\Users\Shermqn Cooper\AppData\Local\Programs
[2013/04/05 12:58:19 | 000,000,000 | ---D | C] -- C:\FRST
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/08 09:29:00 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2013/04/08 09:27:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001UA.job
[2013/04/08 09:18:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
[2013/04/08 09:04:41 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 09:04:40 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 09:04:34 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shermqn Cooper.job
[2013/04/08 09:00:56 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job
[2013/04/08 08:59:00 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shermqn Cooper.job
[2013/04/08 08:56:42 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shermqn Cooper.job
[2013/04/08 08:56:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/08 08:56:36 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/08 08:53:25 | 000,742,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/08 08:53:25 | 000,636,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/08 08:53:25 | 000,110,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/08 08:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/08 07:43:43 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/08 07:43:43 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/08 07:21:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 07:00:53 | 000,000,000 | ---- | M] () -- C:\END
[2013/04/08 07:00:14 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForShermqn Cooper.job
[2013/04/08 06:27:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001Core.job
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/08 07:21:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 07:01:02 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shermqn Cooper.job
[2013/04/08 07:01:00 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shermqn Cooper.job
[2013/04/08 07:00:49 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shermqn Cooper.job
[2013/04/07 14:11:52 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForShermqn Cooper.job
[2012/08/20 18:29:04 | 000,000,238 | ---- | C] () -- C:\Windows\SysWow64\initparams.ini
[2012/06/30 09:52:44 | 000,007,680 | ---- | C] () -- C:\Users\Shermqn Cooper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/13 21:56:05 | 000,001,199 | ---- | C] () -- C:\Users\Shermqn Cooper\AppData\Roaming\result.db
[2012/04/13 21:34:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/02 17:01:47 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/02 18:34:26 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/26 02:33:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/05 12:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/13 08:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 20:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/01 22:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 21:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/08/08 20:54:51 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %systemdrive%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/08/08 20:55:39 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/08/08 20:55:39 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/08/08 20:55:39 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/08/08 20:55:39 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/08/08 20:55:39 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/08/08 20:55:39 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.ASFX >
[2012/07/27 13:52:04 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012/07/27 13:52:04 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012/07/27 13:51:54 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/07/27 13:51:50 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012/07/27 13:51:52 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012/07/27 13:51:52 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/07/27 13:51:56 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012/07/27 13:51:58 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012/07/27 13:51:42 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2012/07/27 13:51:56 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012/07/27 13:51:40 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/07/27 13:52:02 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012/07/27 13:51:38 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/07/27 13:51:50 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012/07/27 13:51:40 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2012/07/27 13:52:06 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012/07/27 13:51:56 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012/07/27 13:52:06 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012/07/27 13:52:08 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012/07/27 13:51:46 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2012/07/27 13:52:00 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012/07/27 13:51:44 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2012/07/27 13:52:00 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2012/07/27 13:51:48 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012/07/27 13:51:46 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012/07/27 13:51:44 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
< MD5 for: SERVICES.CFG >
[2010/11/15 21:02:22 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 00:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 00:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2010/11/21 00:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 00:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 00:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 00:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< End of report >
DeeDee12
2013-04-08, 20:22
OTL Extras logfile created on: 4/8/2013 9:23:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.60 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 61.58% Memory free
7.21 Gb Paging File | 5.59 Gb Available in Paging File | 77.54% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.98 Gb Total Space | 335.36 Gb Free Space | 75.03% Space Free | Partition Type: NTFS
Drive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.32% Space Free | Partition Type: FAT32
Drive G: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.92% Space Free | Partition Type: FAT
Computer Name: BLACKLIGHT | User Name: Shermqn Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012BF0CC-8FDE-41C8-B536-649D5D597E84}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{06D64F51-1E72-4DB9-93ED-2BBE70544A51}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0C24E3C0-42D3-4C3C-BA78-D5FB4C23F609}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{139CBFB8-09B4-4E29-93A1-9924EC2CA558}" = rport=139 | protocol=6 | dir=out | app=system |
"{22401E4F-F701-4E68-A6DE-F5967EEC4077}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{273F8F88-CE92-41DE-ADAB-6E34D0B4D0AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C411930-0A90-4E70-9240-01CB7430E26A}" = rport=138 | protocol=17 | dir=out | app=system |
"{43537A8F-4DF7-474D-9C8A-45ADC629D7E7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{43C6B14F-82F1-4DE8-8F79-918F7FF275FC}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{46B6B15A-D8E1-4BB1-98F8-74BE7574E9CA}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{47896614-B55F-4877-967B-D66079483538}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56060FC6-DF95-4B00-8DB1-80AAE6C8B7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{56640BE7-472F-4831-9E89-4C34C96BE302}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{572083BB-0A59-4D1A-8F49-AF7855463D86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{636D125D-23F6-4E13-9E07-06D3861AF527}" = lport=139 | protocol=6 | dir=in | app=system |
"{8A850C59-DD46-46CE-B7C7-E2A5E3C14E26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FBFCDF9-2461-4AB7-896F-F935699C9D46}" = lport=49327 | protocol=6 | dir=in | name=akamai netsession interface |
"{97975213-29EF-4A24-B7D6-1367EC51BD48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98D81E01-EB8A-408B-BAE5-746CAE85D9B4}" = rport=137 | protocol=17 | dir=out | app=system |
"{9C8B1C37-5D98-451A-BCFB-BFA11D357048}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB412721-BDFF-4771-842B-749E243F843B}" = lport=49465 | protocol=6 | dir=in | name=akamai netsession interface |
"{ABB6DEFD-22C3-4FA1-8665-4DF97610809F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B910A31C-4FC1-4624-8483-128D5F5635C9}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3EF2A7E-7B55-4E1B-A053-65608A425983}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7693C70-C656-4E18-BC67-173A516895AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFA5C070-6468-4454-BC4B-C0B64E70852C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1F27763-DF9C-4163-A671-FBA89D6CB209}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{E6AAD82A-2806-424A-B259-B7417BB4D4DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA89690C-BF1D-4CB2-9910-301C0C56D4D7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F76CAFDD-38F6-4457-B49A-4166677D97C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{FFCCCD19-4CC6-4349-B53A-FEB4B200EAE5}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0413EF14-47E8-48EC-AE2B-86E6FA88B3E2}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{12AF40C0-5FA1-4A38-9EE0-83A535AA5578}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{2084043C-411C-46FD-A0A6-4E2C1F6B3F25}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{2520B914-6504-47E7-A090-757E8740E293}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{26AF4343-08B1-4497-BE4A-A9654F6B6362}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2FECD046-7D9D-4E9C-9BFE-0A209F275AF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30A5F8E5-D1F4-444E-A1EC-F7D92CC18720}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{3DBBE193-DDA1-4B92-95DB-445F34A9171D}" = protocol=6 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{49CDFB03-9D6A-448D-ABCF-D2FF3961674A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5239B7FB-95C6-4018-BA16-CF5FAC2839BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53D0F711-5858-49A4-A527-EC688C6F67EE}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{54CCCA38-D7E7-4D81-9854-12D847C36FCA}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{5600D688-2958-4455-A49F-609597C38AFB}" = protocol=6 | dir=in | app=c:\program files (x86)\shopping4causes shopping plugin\troubleshooter.exe |
"{63753786-C804-4771-9BB4-E306B0427618}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63782F92-E203-4EE9-B990-A3C481F0B356}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{69CADD58-5C56-4F82-9124-EF7C9D5A6FEE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A252317-E553-45FB-84B7-1F910676E366}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6B83C7B4-B6A0-4ED9-AE2C-B5643A6CF64A}" = protocol=6 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{6C6807B4-185B-422E-A435-074805F3C9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{7059C0E3-C716-4955-8741-4D339D51803D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{7889874D-907F-40BE-B6F7-4FDC0145F70D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7DE7AE0D-5753-43C6-A9EA-277380F6F5C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EDD9459-BDA8-40D7-B842-01D6754EB3A1}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{86749E67-75B1-4246-B279-E16F027EE6E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8716ACE4-C5AB-45E2-9DF1-E8E7F9B49485}" = protocol=17 | dir=in | app=c:\program files (x86)\shopping4causes shopping plugin\troubleshooter.exe |
"{8C8F244B-3084-4F0A-944A-3EAF976A9929}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8F294A91-13E3-4B3A-A9AE-1A53F2CD620E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{92589284-1F64-4BE9-BB82-449013434DF5}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{937FA555-FCDB-4756-8912-60684AEC3A59}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{95E304DF-D0DB-49A3-AD4D-0750D04A5655}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9704FB59-BCB5-4D71-BEB4-32CBBBB36129}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{970592CF-3DEC-4F44-B858-55C9C142E814}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{9D72FE1F-3A24-4742-8AF6-FC6A83FDE496}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{A59823BB-724A-4037-A0D2-F9B637F7CD33}" = protocol=17 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{A7FAF874-FA19-4C85-99AF-F8BF467A7326}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{BC62CE25-8573-4863-B0C1-A7E8FC24DC22}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C82858E8-3EB2-4214-8C33-2F37649F6DED}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{CBE0CCA7-6B8F-456E-AB95-2E004B5E2746}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0A7EF9F-2BC2-40DC-935A-46E1D4D8FBEC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D0DC73E3-63D5-4762-99A8-814D75E8C3C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2E25034-8BEE-44C8-A27A-C7A47A55A732}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D76806D8-A1A2-49CA-985F-03A5D539F592}" = protocol=6 | dir=out | app=system |
"{DE285E3A-923A-4EA7-BE84-60787402F40D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2057B91-07E7-4C01-A525-91B01EF17014}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F0913FFB-8437-401F-8F4C-E941667B4359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F36AAD3A-FAA3-4492-B3E0-707B03EFBD79}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{006F5E5F-102C-42E8-BC52-A5D8C0FBEFC3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{12D5171C-4845-4E56-8CC0-9BFDF5010F3B}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{5255B3FC-0D24-4B53-A9A4-F4EA243306AD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{69FB3D7F-7B46-4CDD-8B6F-C089C371617C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B6E2AB3E-FD89-4CB9-87D2-39B23B3A58BB}C:\users\shermqn cooper\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\shermqn cooper\appdata\local\akamai\netsession_win.exe |
"TCP Query User{BB731BAA-1BEC-487A-960A-26319A5B2FE1}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{D933328E-4CFD-434E-94DB-1FCE88171D2E}C:\program files (x86)\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"UDP Query User{2D70D231-1D9B-439C-A0F5-80AE13555AD3}C:\program files (x86)\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"UDP Query User{2F5458E0-E7E4-4824-BDC8-932A35287FEF}C:\users\shermqn cooper\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\shermqn cooper\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7762A128-73C5-45E7-A602-AB79E819CF39}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{869EDEC9-84F7-469D-BE97-6CC4CD4D3ACA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B67525B5-8862-4558-9B49-5EBA3FCF0B83}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C6850828-56BC-4433-833A-92D6AB9CD147}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{F27AA1CA-4EFB-4CDF-9832-3C60D0CCC87E}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{781337AB-FB90-466A-B06A-46F112C95D54}" = CLEAR Connection Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
"{DC3381CB-10D4-431D-B9B3-7DB84B00645F}" = FreePriceAlerts 2.3.5
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{075A14EB-B72E-4193-1870-967EF65800AC}" = FlipToast
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E42A955-54D0-49CB-9ABA-78B506F88436}" = ActiveMail
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German
"{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English
"{23538B53-1A87-4728-AC4B-869345AA067D}" = Community Smartbar
"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = Rusty Hearts PWE
"{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0
"{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common
"{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech
"{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
"{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian
"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
"{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1" = Elsword version 1.27
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
"Chica Password Manager_is1" = Chica Password Manager 1.10.0.6
"com.w3i.FlipToast" = FlipToast
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PriceGong" = PriceGong 2.5.3
"Raptr" = Raptr
"RealPlayer 16.0" = RealPlayer
"RumbleFighter" = Rumble Fighter
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Wajam" = Wajam
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-01f56657-a518-46da-9f3a-13869c14972c" = Slingo Supreme
"WTA-028cb45d-88b7-4a73-8972-bebd772e305d" = Governor of Poker 2 Premium Edition
"WTA-15853f67-ff9a-43d4-82ba-1020d0af056d" = Zuma Deluxe
"WTA-1bbf1ab4-860c-40d7-97a4-daffc14d1793" = Blackhawk Striker 2
"WTA-2a780506-d4a6-4222-b135-b13fbe04a5af" = Vacation Quest - The Hawaiian Islands
"WTA-2f1fea9a-1a16-4f47-9cf1-caafccca18f6" = Namco All-Stars: PAC-MAN
"WTA-38df255c-c0d6-4d6e-a761-fd76bdb3c8eb" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-3ea4045b-7a72-42af-9e9c-86545de43de6" = Farm Frenzy
"WTA-3f5344f6-9073-4d79-9f91-6249c52089f4" = Mah Jong Medley
"WTA-3fbd1b6a-cb28-40a2-bcb3-083a95a731f0" = Plants vs. Zombies - Game of the Year
"WTA-4233f013-469f-483b-a117-49e9327ddb66" = Blasterball 3
"WTA-543c2727-a0b9-4621-9ec3-f9752f315510" = Poker Superstars III
"WTA-56f0f831-0d10-43ac-adb6-8dc06426619d" = Bounce Symphony
"WTA-7497ca49-a35f-41db-bb98-3591103c404e" = Chronicles of Albian
"WTA-76cb86aa-d32e-465b-9201-60601d184921" = Polar Bowler
"WTA-8367bcac-d225-41b5-8475-3f2573051da4" = Polar Golfer
"WTA-8898f13a-b6de-4c19-84d4-d1bee1dceacf" = Mystery of Mortlake Mansion
"WTA-8bfb1ab2-9994-44c9-a4e6-4fd5a92a5aff" = Penguins!
"WTA-9fc0e47b-e236-4584-a199-b32a4a9a9fda" = Cradle of Rome 2
"WTA-a307b701-1b38-4efe-b1ce-a986a50f5eb1" = Cake Mania
"WTA-acded29b-e906-4839-8ece-fa7b19aaf0ab" = Virtual Villagers 5 - New Believers
"WTA-ba152df7-7dc1-4e98-b67f-fc9888b85353" = FATE
"WTA-cc128f2b-21e9-4403-9aa8-46b3e4ac752f" = Chuzzle Deluxe
"WTA-e50c5ace-1225-4b32-a336-a5887a8876f9" = Agatha Christie - Peril at End House
"WTA-f6fc44d2-2ce2-4682-a2cb-02954a585536" = Bejeweled 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"genieo" = Genieo
"Google Chrome" = Google Chrome
"RewardsArcadeSuite" = RewardsArcadeSuite
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/8/2012 12:20:31 PM | Computer Name = blacklight | Source = Linkury | ID = 6352
Description =
Error - 9/8/2012 12:20:37 PM | Computer Name = blacklight | Source = Linkury | ID = 100
Description =
Error - 9/8/2012 12:20:37 PM | Computer Name = blacklight | Source = Linkury | ID = 6352
Description =
Error - 9/9/2012 2:48:55 PM | Computer Name = blacklight | Source = WinMgmt | ID = 10
Description =
Error - 9/9/2012 2:49:32 PM | Computer Name = blacklight | Source = Linkury | ID = 100
Description =
Error - 9/9/2012 2:49:32 PM | Computer Name = blacklight | Source = Linkury | ID = 6352
Description =
Error - 9/9/2012 2:49:32 PM | Computer Name = blacklight | Source = Linkury | ID = 100
Description = Timestamp: 9/9/2012 6:49:32 PM Message: HandlingInstanceID: 369029bc-821c-4f6c-b5d4-26076f7d3112
An
exception of type 'System.Collections.Generic.KeyNotFoundException' occurred and
was caught. -----------------------------------------------------------------------------------------------
09/09/2012
11:49:32 Type : System.Collections.Generic.KeyNotFoundException, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089 Message : The given key was not
present in the dictionary. Source : mscorlib Help link : Data : System.Collections.ListDictionaryInternal
TargetSite
: Void ThrowKeyNotFoundException() Stack Trace : at System.ThrowHelper.ThrowKeyNotFoundException()
at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at Linkury.Infrastructure.Core.Manager..ctor()
Additional
Info: MachineName : BLACKLIGHT TimeStamp : 9/9/2012 6:49:32 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: Linkury.exe ThreadIdentity : WindowsIdentity : blacklight\Shermqn Cooper Category:
General Priority: 0 EventId: 100 Severity: Error Title:Enterprise Library Exception
Handling Machine: BLACKLIGHT Application Domain: Linkury.exe Process Id: 3724 Process
Name: C:\Program Files (x86)\Linkury\Linkury.exe Win32 Thread Id: 3728 Thread Name:
Extended Properties: <Error: property not found>
Error - 9/9/2012 2:49:32 PM | Computer Name = blacklight | Source = Linkury | ID = 6352
Description =
Error - 9/9/2012 2:49:33 PM | Computer Name = blacklight | Source = Linkury | ID = 100
Description =
Error - 9/9/2012 2:49:33 PM | Computer Name = blacklight | Source = Linkury | ID = 6352
Description =
[ Hewlett-Packard Events ]
Error - 11/9/2012 4:25:26 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/14/2012 12:23:12 AM | Computer Name = blacklight | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Could not load file or assembly '0 bytes loaded from System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' or one of its dependencies. An attempt was made
to load a program with an incorrect format. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
en-US RAM: 3690 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)
Error - 11/14/2012 12:23:49 AM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/15/2012 12:53:15 AM | Computer Name = blacklight | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Could not load file or assembly '0 bytes loaded from System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' or one of its dependencies. An attempt was made
to load a program with an incorrect format. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
en-US RAM: 3690 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)
Error - 11/15/2012 12:53:41 AM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/16/2012 4:12:28 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()
at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()
at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3690
Ram
Utilization: 70 TargetSite: Void loadXML()
Error - 11/16/2012 4:13:01 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/16/2012 4:13:41 PM | Computer Name = blacklight | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Could not load file or assembly '0 bytes loaded from System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' or one of its dependencies. An attempt was made
to load a program with an incorrect format. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
en-US RAM: 3690 Ram Utilization: 70 TargetSite: Void UpdateDetail(System.String)
Error - 11/16/2012 4:15:12 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/17/2012 11:40:35 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3690
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
[ HP Software Framework Events ]
Error - 11/14/2012 12:23:03 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:03.268|000007BC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:21 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:21.569|00001690|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:25 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:25.732|000017F0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:33 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:33.438|00000F2C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:37 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:37.123|0000142C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:45 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:45.194|00001268|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/15/2012 12:53:29 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/14 20:53:29.358|00001F4C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/15/2012 12:53:35 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/14 20:53:35.884|00001B4C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/16/2012 4:14:27 PM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/16 12:14:27.464|000046B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/16/2012 4:14:54 PM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/16 12:14:54.903|00004774|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 4/5/2013 10:57:43 AM | Computer Name = blacklight | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.
Error - 4/7/2013 8:33:14 AM | Computer Name = blacklight | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.
Error - 4/7/2013 10:20:09 PM | Computer Name = blacklight | Source = DCOM | ID = 10010
Description =
Error - 4/8/2013 9:21:22 AM | Computer Name = blacklight | Source = BROWSER | ID = 8032
Description =
Error - 4/8/2013 9:34:23 AM | Computer Name = blacklight | Source = DCOM | ID = 10010
Description =
Error - 4/8/2013 10:27:05 AM | Computer Name = blacklight | Source = BROWSER | ID = 8032
Description =
Error - 4/8/2013 11:51:12 AM | Computer Name = blacklight | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 4/8/2013 11:51:13 AM | Computer Name = blacklight | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 4/8/2013 11:55:50 AM | Computer Name = blacklight | Source = DCOM | ID = 10010
Description =
Error - 4/8/2013 12:23:10 PM | Computer Name = blacklight | Source = BROWSER | ID = 8032
Description =
< End of report >
Dakeyras
2013-04-09, 12:38
Hi. :)
The computer seems to be running very good although I dont know much about this laptop because it is not mine:laugh:.
Ok fair play.
I just cant seen to log into the Spybot forums on it, says I am using the wrong password. I have just been putting the logs on the flash drive and posting them back here. I am downloading all the links with the laptop and it seems to working good.. :thanks:
That is most likely due to the infections that have been/are still present, so by all means do keep using the machine for any downloads I may advise/request etc...
However with regard to transferring the logs via your flash drive, this is fine but to err on the side of caution could you inform myself please which operating system is in use on your machine using to post ?
Reason being it would be prudent to secure both the flash drive and your machine so no infections are spread to it from the infected machine. Please do not be alarmed by this and merely view it as myself erring on the side of caution, as the machine we have been working on is still quite badly infected overall and it appears there is no actual active Anti-Virus software either but we can address that in due course. As I mentioned in a prior post do limit online activity with the infected machine until the time I advise otherwise please.
Next:
On the infected machine carry out the following please...
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to the desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).
Next:
Let myself know when completed the above and inform myself which operating system is in use on your machine and we will then go from there, thank you.
DeeDee12
2013-04-09, 16:35
Thanks so much for all your help and concern. I don't want this to happen to my machine. I am using Windows XP Service Pack 3 Media Center Edition. My machine is an old HP but it works fine for me. I dont know much about computers, wish I had learned:sad:
I have downloaded and ran the back-up program. I did not see where to click "run as an administrator", program seems to have just started. Maybe I missed something somewhere but it ran and backed-up fine I believe. I checked to see if the back-up file was located on hard-drive C, and it is there.
DeeDee12
2013-04-09, 16:42
I forgot to tell you every time I go to shut the infected machine down it wants to download a lot of updates. It seems that maybe it had been awhile since he was able to use the laptop. I have not allowed it to load anything as yet. It seems to be some MS and Java updates. This kid has what seems to be a lot of garbage on this machine that open up when you start the computer, but that is just my opinion.
Dakeyras
2013-04-09, 17:47
Hi. :)
Thanks so much for all your help and concern. I don't want this to happen to my machine. I am using Windows XP Service Pack 3 Media Center Edition. My machine is an old HP but it works fine for me. I dont know much about computers, wish I had learned:sad:
Acknowledged and with regard to your knowledge about computers, do not be too harsh on yourself...you are doing just fine.
I have downloaded and ran the back-up program. I did not see where to click "run as an administrator", program seems to have just started. Maybe I missed something somewhere but it ran and backed-up fine I believe. I checked to see if the back-up file was located on hard-drive C, and it is there.
Good.
I forgot to tell you every time I go to shut the infected machine down it wants to download a lot of updates. It seems that maybe it had been awhile since he was able to use the laptop. I have not allowed it to load anything as yet. It seems to be some MS and Java updates
OK just ignore any updates for now and malware has very likely hindered such in the past anyway and the remaining still might make the situation worse.
This kid has what seems to be a lot of garbage on this machine that open up when you start the computer, but that is just my opinion.
Aye I concur there is plenty of dross installed but we will be addressing some shortly and the rest in due course.
Next:
Using your XP SP3 machine...
Please download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your desktop.
Double click on Flash_Disinfector.exe to run it.
You will be prompted to plug in your flash drive. Plug it in.
Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Next:
The below is to be done on the infected machine...just take your time and all should go well.
Scan with AdwCleaner:
Please download adwcleaner from here (http://www.bleepingcomputer.com/download/adwcleaner/) and save to the desktop.
Alternate downloads are here (http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml) or here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner).
Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Delete tab >> follow the prompts and reboot the machine if not advised to.
Please post the contents of the log file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.
Scan with JRT:
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to the desktop.
Right-click on JRT.exe and select Run as Administrator to launch the application.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on the system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Reboot the machine after the scan is complete.
Scan with TDSSKiller:
Please download TDSSKiller (http://www.bleepingcomputer.com/download/tdsskiller/) to the desktop.
Alternate download is here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe).
Right-click on TDSSKiller.exe and select Run as Administrator to launch it.
When the window opens, click on Change Parameters
Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
A Report will have been created by TDSSKiller in your root directory C:\
To find the log go to Start(Windows 7 Orb) > Computer > C:
Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
Next:
When completed the above, please post back the following in the order asked for:
How is the computer performing now, any further symptoms and or problems encountered?
AdwCleaner Log.
Junkware Removal Tool Log
TDSSKiller Log.
Note: Post all requested logs separately if you so wish.
DeeDee12
2013-04-09, 20:21
I downloaded the "flag_disinfector and ran it and I will keep it on my computer, thank you.
The computer seems to startup just fine. I have not done anything more than just come to this web site with it. I have not tried any of the programs on it because I dont know if opening anything might trigger something to add to the virus problems.
# AdwCleaner v2.200 - Logfile created 04/09/2013 at 08:56:43
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Shermqn Cooper - BLACKLIGHT
# Boot Mode : Normal
# Running from : C:\Users\Shermqn Cooper\Downloads\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : WajamUpdater
***** [Files / Folders] *****
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\Users\SHERMQ~1\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\SHERMQ~1\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\SHERMQ~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\searchplugins\search-here.xml
File Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\searchplugins\whitesmoke-us-new-customized-web-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Complitly
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\Linkury
Folder Deleted : C:\Program Files (x86)\Playbryte
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\Program Files (x86)\SaveValet
Folder Deleted : C:\Program Files (x86)\search results toolbar
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Linkury
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\SHERMQ~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\SHERMQ~1\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\SHERMQ~1\AppData\Local\Temp\CT3244149
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Conduit
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpcciokmdkojnfcdidadlpakopjjmaig
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Ilivid
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Linkury
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\PackageAware
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Local\Wajam
Folder Deleted : C:\Users\Shermqn Cooper\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Shermqn Cooper\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Shermqn Cooper\AppData\LocalLow\ilividtoolbarguid
Folder Deleted : C:\Users\Shermqn Cooper\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Shermqn Cooper\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\Shermqn Cooper\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\CT3244149
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\ilividtoolbarguid
Folder Deleted : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\Smartbar
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3150609
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cpcciokmdkojnfcdidadlpakopjjmaig
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Linkury Chrome Smartbar]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.inbox.com/homepage.aspx?tbid=80105&lng=en --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\Shermqn Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\mdv00nzv.default\prefs.js
Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Deleted : user_pref("extensions.crossriderapp1950@crossrider.com.install-event-fired", true);
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=400&systemid=406&sr=0&q=");
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.4813] : icon_url = "hxxp://www.linkury.com/favicon.ico",
*************************
AdwCleaner[S1].txt - [32212 octets] - [09/04/2013 08:56:43]
########## EOF - C:\AdwCleaner[S1].txt - [32273 octets] ##########
DeeDee12
2013-04-09, 20:23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Shermqn Cooper on Tue 04/09/2013 at 9:09:11.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\installiqupdater
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b6ef6c45-5e8d-4c3b-b580-a5073261a381}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{b6ef6c45-5e8d-4c3b-b580-a5073261a381}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\Shermqn Cooper\appdata\local\dealcabby"
Successfully deleted: [Folder] "C:\Users\Shermqn Cooper\appdata\local\rewardsarcadesuite"
Failed to delete: [Folder] "C:\Users\Shermqn Cooper\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Shermqn Cooper\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"
Successfully deleted: [Folder] "C:\Program Files (x86)\rewardsarcadesuite"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{1BD57FCA-0726-476C-AF22-2987CE8AFF36}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{4A5D31CE-AD20-4028-AE6E-90957661BFDE}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{645B26D4-9856-4E00-B44A-308B0C11A5B2}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{80EEFA30-EA7B-4B83-B623-D0F328B35A36}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{9A4F32B5-8DAD-443F-BA2B-ECF285D1AE2C}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{A17DFE62-DCA0-428A-9DCD-1BE85E19AD0D}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{B5D3F900-BB61-4D41-B408-7C5AE1A7DCF8}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{B86C6040-E808-4FC4-AC4D-599956A5FF79}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{E10E13AF-2F6A-4310-A2BD-A8D053B3A56F}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{E13CC9D7-D9DB-4607-9EEE-90ED1CD2F61E}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{ED0C6C04-82D5-4B74-86F7-AF8296EC7375}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{F9C9F9F8-4D9C-4B51-AA31-886737B46A24}
Successfully deleted: [Empty Folder] C:\Users\Shermqn Cooper\appdata\local\{FA83E225-615F-4EDB-B6DF-794CBCA9B1D2}
~~~ FireFox
Successfully deleted: [File] C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\extensions\yaoigcfkgt@yaoigcfkgt.org.xpi [Tracur]
Successfully deleted: [File] C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\searchplugins\my-homepage.xml
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\extensions\dealcabby@jetpack
Successfully deleted the following from C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\prefs.js
user_pref("extensions.addon@defaulttab.com.install-event-fired", true);
user_pref("extensions.crossriderapp1950@crossrider.com.install-event-fired", true);
user_pref("extensions.defaulttab.active.affiliate", 2645);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121145,18175,0,0,0");
user_pref("extensions.defaulttab.browserID", "ffffff219689df75dbc455e54c327c72");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.2");
Emptied folder: C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\firefox\profiles\mdv00nzv.default\minidumps [20 files]
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\lenicmgjbmpgagkhghjmkikfoljdcbhi
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Successfully deleted: [Folder] C:\Users\Shermqn Cooper\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ielefkgbofdpglioecfjcbikholflklb
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/09/2013 at 9:26:30.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DeeDee12
2013-04-09, 20:26
09:57:24.0082 4844 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:57:24.0440 4844 ============================================================
09:57:24.0440 4844 Current date / time: 2013/04/09 09:57:24.0440
09:57:24.0440 4844 SystemInfo:
09:57:24.0440 4844
09:57:24.0440 4844 OS Version: 6.1.7601 ServicePack: 1.0
09:57:24.0440 4844 Product type: Workstation
09:57:24.0440 4844 ComputerName: BLACKLIGHT
09:57:24.0440 4844 UserName: Shermqn Cooper
09:57:24.0440 4844 Windows directory: C:\Windows
09:57:24.0440 4844 System windows directory: C:\Windows
09:57:24.0440 4844 Running under WOW64
09:57:24.0440 4844 Processor architecture: Intel x64
09:57:24.0440 4844 Number of processors: 2
09:57:24.0440 4844 Page size: 0x1000
09:57:24.0440 4844 Boot type: Normal boot
09:57:24.0440 4844 ============================================================
09:57:25.0267 4844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:57:25.0283 4844 Drive \Device\Harddisk1\DR2 - Size: 0x78800000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:57:25.0283 4844 ============================================================
09:57:25.0283 4844 \Device\Harddisk0\DR0:
09:57:25.0283 4844 MBR partitions:
09:57:25.0283 4844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:57:25.0283 4844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37DF6000
09:57:25.0283 4844 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37E5A000, BlocksNum 0x1D3C000
09:57:25.0283 4844 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
09:57:25.0283 4844 \Device\Harddisk1\DR2:
09:57:25.0283 4844 MBR partitions:
09:57:25.0283 4844 ============================================================
09:57:25.0314 4844 C: <-> \Device\Harddisk0\DR0\Partition2
09:57:25.0361 4844 D: <-> \Device\Harddisk0\DR0\Partition3
09:57:25.0376 4844 E: <-> \Device\Harddisk0\DR0\Partition4
09:57:25.0376 4844 ============================================================
09:57:25.0376 4844 Initialize success
09:57:25.0376 4844 ============================================================
09:58:38.0246 3560 ============================================================
09:58:38.0246 3560 Scan started
09:58:38.0246 3560 Mode: Manual; SigCheck; TDLFS;
09:58:38.0246 3560 ============================================================
09:58:38.0667 3560 ================ Scan system memory ========================
09:58:38.0667 3560 System memory - ok
09:58:38.0667 3560 ================ Scan services =============================
09:58:38.0870 3560 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:58:38.0995 3560 1394ohci - ok
09:58:39.0041 3560 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:58:39.0073 3560 ACPI - ok
09:58:39.0104 3560 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:58:39.0151 3560 AcpiPmi - ok
09:58:39.0338 3560 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:58:39.0369 3560 AdobeFlashPlayerUpdateSvc - ok
09:58:39.0431 3560 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:58:39.0463 3560 adp94xx - ok
09:58:39.0494 3560 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:58:39.0525 3560 adpahci - ok
09:58:39.0556 3560 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:58:39.0587 3560 adpu320 - ok
09:58:39.0619 3560 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:58:39.0697 3560 AeLookupSvc - ok
09:58:39.0806 3560 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
09:58:39.0821 3560 AERTFilters - ok
09:58:39.0868 3560 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:58:39.0915 3560 AFD - ok
09:58:39.0962 3560 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:58:39.0977 3560 agp440 - ok
09:58:40.0024 3560 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:58:40.0071 3560 ALG - ok
09:58:40.0118 3560 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:58:40.0133 3560 aliide - ok
09:58:40.0180 3560 [ 715B02B892C5BA46471EFC8DCD2AE934 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:58:40.0243 3560 AMD External Events Utility - ok
09:58:40.0289 3560 AMD FUEL Service - ok
09:58:40.0336 3560 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:58:40.0352 3560 amdide - ok
09:58:40.0367 3560 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
09:58:40.0399 3560 amdiox64 - ok
09:58:40.0430 3560 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:58:40.0477 3560 AmdK8 - ok
09:58:40.0711 3560 [ 7054D5D028B6CA727D0575192D633FA9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:58:41.0054 3560 amdkmdag - ok
09:58:41.0101 3560 [ 1CD2BC11467FD5FC7BE9827A9F3D8566 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:58:41.0147 3560 amdkmdap - ok
09:58:41.0194 3560 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:58:41.0241 3560 AmdPPM - ok
09:58:41.0272 3560 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:58:41.0288 3560 amdsata - ok
09:58:41.0335 3560 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:58:41.0366 3560 amdsbs - ok
09:58:41.0381 3560 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:58:41.0413 3560 amdxata - ok
09:58:41.0444 3560 [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
09:58:41.0475 3560 amd_sata - ok
09:58:41.0475 3560 [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
09:58:41.0491 3560 amd_xata - ok
09:58:41.0537 3560 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:58:41.0631 3560 AppID - ok
09:58:41.0662 3560 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:58:41.0740 3560 AppIDSvc - ok
09:58:41.0756 3560 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:58:41.0849 3560 Appinfo - ok
09:58:41.0896 3560 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:58:41.0927 3560 arc - ok
09:58:41.0959 3560 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:58:41.0990 3560 arcsas - ok
09:58:42.0005 3560 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:42.0099 3560 AsyncMac - ok
09:58:42.0130 3560 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:58:42.0146 3560 atapi - ok
09:58:42.0193 3560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:42.0286 3560 AudioEndpointBuilder - ok
09:58:42.0317 3560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:58:42.0395 3560 AudioSrv - ok
09:58:42.0458 3560 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:58:42.0520 3560 AxInstSV - ok
09:58:42.0567 3560 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:58:42.0629 3560 b06bdrv - ok
09:58:42.0676 3560 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:58:42.0723 3560 b57nd60a - ok
09:58:42.0817 3560 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:58:42.0848 3560 BBSvc - ok
09:58:42.0895 3560 [ B38798BADF9435BB6299B998D382147C ] bcm C:\Windows\system32\DRIVERS\drxvi314_64.sys
09:58:42.0941 3560 bcm - ok
09:58:43.0019 3560 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:58:43.0097 3560 BCM43XX - ok
09:58:43.0129 3560 [ D94E8856ED36E6DD34815A2B2C994A3C ] bcmbusctr C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
09:58:43.0175 3560 bcmbusctr - ok
09:58:43.0238 3560 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:58:43.0269 3560 BDESVC - ok
09:58:43.0316 3560 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:58:43.0409 3560 Beep - ok
09:58:43.0456 3560 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:58:43.0565 3560 BFE - ok
09:58:43.0612 3560 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:58:43.0721 3560 BITS - ok
09:58:43.0768 3560 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:58:43.0799 3560 blbdrive - ok
09:58:43.0831 3560 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:58:43.0862 3560 bowser - ok
09:58:43.0893 3560 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:58:43.0940 3560 BrFiltLo - ok
09:58:43.0987 3560 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:58:44.0018 3560 BrFiltUp - ok
09:58:44.0049 3560 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:58:44.0080 3560 Browser - ok
09:58:44.0111 3560 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:58:44.0158 3560 Brserid - ok
09:58:44.0189 3560 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:58:44.0236 3560 BrSerWdm - ok
09:58:44.0267 3560 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:58:44.0314 3560 BrUsbMdm - ok
09:58:44.0330 3560 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:58:44.0377 3560 BrUsbSer - ok
09:58:44.0392 3560 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:58:44.0439 3560 BTHMODEM - ok
09:58:44.0486 3560 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:58:44.0564 3560 bthserv - ok
09:58:44.0642 3560 [ 4FB313E24E8D8F107DA89053E14FB8AE ] CACLEARWIRE C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
09:58:44.0657 3560 CACLEARWIRE - ok
09:58:44.0689 3560 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:58:44.0767 3560 cdfs - ok
09:58:44.0798 3560 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:58:44.0845 3560 cdrom - ok
09:58:44.0891 3560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:58:44.0954 3560 CertPropSvc - ok
09:58:45.0001 3560 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:58:45.0047 3560 circlass - ok
09:58:45.0079 3560 [ C4ED9E7A82270CA1ADB522A69CE50523 ] clearwireDeviceDiagnosticsService C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
09:58:45.0110 3560 clearwireDeviceDiagnosticsService ( UnsignedFile.Multi.Generic ) - warning
09:58:45.0110 3560 clearwireDeviceDiagnosticsService - detected UnsignedFile.Multi.Generic (1)
09:58:45.0157 3560 [ 7E4CE75DEAEC4A295B226110FD8D82F8 ] CLEARWIRERcAppSvc C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
09:58:45.0172 3560 CLEARWIRERcAppSvc - ok
09:58:45.0219 3560 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:58:45.0250 3560 CLFS - ok
09:58:45.0328 3560 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:45.0359 3560 clr_optimization_v2.0.50727_32 - ok
09:58:45.0391 3560 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:58:45.0422 3560 clr_optimization_v2.0.50727_64 - ok
09:58:45.0469 3560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:45.0500 3560 clr_optimization_v4.0.30319_32 - ok
09:58:45.0515 3560 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:58:45.0547 3560 clr_optimization_v4.0.30319_64 - ok
09:58:45.0578 3560 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
09:58:45.0609 3560 clwvd - ok
09:58:45.0640 3560 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:58:45.0671 3560 CmBatt - ok
09:58:45.0718 3560 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:58:45.0734 3560 cmdide - ok
09:58:45.0781 3560 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:58:45.0843 3560 CNG - ok
09:58:45.0874 3560 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:58:45.0890 3560 Compbatt - ok
09:58:45.0905 3560 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:58:45.0952 3560 CompositeBus - ok
09:58:45.0968 3560 COMSysApp - ok
09:58:45.0999 3560 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:58:46.0030 3560 crcdisk - ok
09:58:46.0077 3560 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:58:46.0124 3560 CryptSvc - ok
09:58:46.0202 3560 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:58:46.0249 3560 cvhsvc - ok
09:58:46.0311 3560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:58:46.0420 3560 DcomLaunch - ok
09:58:46.0467 3560 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:58:46.0545 3560 defragsvc - ok
09:58:46.0576 3560 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:58:46.0654 3560 DfsC - ok
09:58:46.0685 3560 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:58:46.0732 3560 Dhcp - ok
09:58:46.0748 3560 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:58:46.0826 3560 discache - ok
09:58:46.0888 3560 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:58:46.0904 3560 Disk - ok
09:58:46.0951 3560 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:58:46.0982 3560 Dnscache - ok
09:58:47.0029 3560 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:58:47.0122 3560 dot3svc - ok
09:58:47.0153 3560 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:58:47.0231 3560 DPS - ok
09:58:47.0278 3560 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:58:47.0325 3560 drmkaud - ok
09:58:47.0372 3560 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:58:47.0419 3560 DXGKrnl - ok
09:58:47.0450 3560 EagleX64 - ok
09:58:47.0481 3560 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:58:47.0559 3560 EapHost - ok
09:58:47.0684 3560 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:58:47.0809 3560 ebdrv - ok
09:58:47.0871 3560 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:58:47.0902 3560 EFS - ok
09:58:47.0996 3560 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:58:48.0058 3560 ehRecvr - ok
09:58:48.0074 3560 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:58:48.0105 3560 ehSched - ok
09:58:48.0152 3560 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:58:48.0199 3560 elxstor - ok
09:58:48.0214 3560 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:58:48.0261 3560 ErrDev - ok
09:58:48.0323 3560 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:58:48.0417 3560 EventSystem - ok
09:58:48.0448 3560 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:58:48.0526 3560 exfat - ok
09:58:48.0542 3560 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:58:48.0620 3560 fastfat - ok
09:58:48.0667 3560 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:58:48.0729 3560 Fax - ok
09:58:48.0760 3560 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:58:48.0791 3560 fdc - ok
09:58:48.0838 3560 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:58:48.0901 3560 fdPHost - ok
09:58:48.0916 3560 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:58:48.0994 3560 FDResPub - ok
09:58:49.0025 3560 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:58:49.0041 3560 FileInfo - ok
09:58:49.0057 3560 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:58:49.0135 3560 Filetrace - ok
09:58:49.0166 3560 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:58:49.0197 3560 flpydisk - ok
09:58:49.0228 3560 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:58:49.0259 3560 FltMgr - ok
09:58:49.0306 3560 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:58:49.0384 3560 FontCache - ok
09:58:49.0431 3560 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:58:49.0462 3560 FontCache3.0.0.0 - ok
09:58:49.0493 3560 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:58:49.0509 3560 FsDepends - ok
09:58:49.0540 3560 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:58:49.0556 3560 Fs_Rec - ok
09:58:49.0587 3560 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:58:49.0618 3560 fvevol - ok
09:58:49.0649 3560 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:58:49.0681 3560 gagp30kx - ok
09:58:49.0743 3560 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:58:49.0774 3560 GamesAppService - ok
09:58:49.0821 3560 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:58:49.0915 3560 gpsvc - ok
09:58:49.0946 3560 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:58:49.0977 3560 hcw85cir - ok
09:58:50.0008 3560 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:50.0055 3560 HdAudAddService - ok
09:58:50.0086 3560 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:58:50.0133 3560 HDAudBus - ok
09:58:50.0149 3560 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:58:50.0180 3560 HidBatt - ok
09:58:50.0211 3560 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:58:50.0242 3560 HidBth - ok
09:58:50.0305 3560 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:58:50.0336 3560 HidIr - ok
09:58:50.0351 3560 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:58:50.0445 3560 hidserv - ok
09:58:50.0476 3560 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:58:50.0492 3560 HidUsb - ok
09:58:50.0523 3560 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:58:50.0601 3560 hkmsvc - ok
09:58:50.0632 3560 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:58:50.0679 3560 HomeGroupListener - ok
09:58:50.0710 3560 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:58:50.0757 3560 HomeGroupProvider - ok
09:58:50.0835 3560 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:58:50.0866 3560 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
09:58:50.0866 3560 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
09:58:50.0944 3560 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:58:50.0975 3560 HPClientSvc - ok
09:58:51.0038 3560 [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:58:51.0069 3560 HPDrvMntSvc.exe - ok
09:58:51.0147 3560 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:58:51.0225 3560 hpqwmiex - ok
09:58:51.0256 3560 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:58:51.0272 3560 HpSAMD - ok
09:58:51.0319 3560 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:58:51.0428 3560 HTTP - ok
09:58:51.0428 3560 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:58:51.0459 3560 hwpolicy - ok
09:58:51.0490 3560 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:58:51.0521 3560 i8042prt - ok
09:58:51.0553 3560 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:58:51.0584 3560 iaStorV - ok
09:58:51.0709 3560 [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:58:51.0818 3560 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
09:58:51.0818 3560 IconMan_R - detected UnsignedFile.Multi.Generic (1)
09:58:51.0896 3560 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:58:51.0943 3560 idsvc - ok
09:58:51.0989 3560 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:58:52.0005 3560 iirsp - ok
09:58:52.0067 3560 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:58:52.0192 3560 IKEEXT - ok
09:58:52.0301 3560 [ E395D888EF6D3777134A9E09FF7582C2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:58:52.0395 3560 IntcAzAudAddService - ok
09:58:52.0426 3560 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:58:52.0457 3560 intelide - ok
09:58:52.0489 3560 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:58:52.0520 3560 intelppm - ok
09:58:52.0567 3560 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:58:52.0660 3560 IPBusEnum - ok
09:58:52.0676 3560 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:58:52.0754 3560 IpFilterDriver - ok
09:58:52.0816 3560 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:58:52.0847 3560 iphlpsvc - ok
09:58:52.0894 3560 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:58:52.0988 3560 IPMIDRV - ok
09:58:53.0035 3560 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:58:53.0113 3560 IPNAT - ok
09:58:53.0144 3560 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:58:53.0175 3560 IRENUM - ok
09:58:53.0191 3560 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:58:53.0222 3560 isapnp - ok
09:58:53.0237 3560 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:58:53.0269 3560 iScsiPrt - ok
09:58:53.0315 3560 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:58:53.0331 3560 kbdclass - ok
09:58:53.0362 3560 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:58:53.0393 3560 kbdhid - ok
09:58:53.0425 3560 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:58:53.0456 3560 KeyIso - ok
09:58:53.0471 3560 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:58:53.0503 3560 KSecDD - ok
09:58:53.0534 3560 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:58:53.0549 3560 KSecPkg - ok
09:58:53.0581 3560 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:58:53.0674 3560 ksthunk - ok
09:58:53.0721 3560 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:58:53.0815 3560 KtmRm - ok
09:58:53.0861 3560 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:58:53.0955 3560 LanmanServer - ok
09:58:53.0971 3560 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:58:54.0064 3560 LanmanWorkstation - ok
09:58:54.0095 3560 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:58:54.0173 3560 lltdio - ok
09:58:54.0220 3560 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:58:54.0298 3560 lltdsvc - ok
09:58:54.0345 3560 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:58:54.0407 3560 lmhosts - ok
09:58:54.0439 3560 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:58:54.0470 3560 LSI_FC - ok
09:58:54.0501 3560 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:58:54.0532 3560 LSI_SAS - ok
09:58:54.0548 3560 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:58:54.0563 3560 LSI_SAS2 - ok
09:58:54.0595 3560 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:58:54.0626 3560 LSI_SCSI - ok
09:58:54.0657 3560 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:58:54.0735 3560 luafv - ok
09:58:54.0844 3560 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
09:58:54.0875 3560 McComponentHostService - ok
09:58:54.0922 3560 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:58:54.0969 3560 Mcx2Svc - ok
09:58:55.0000 3560 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:58:55.0031 3560 megasas - ok
09:58:55.0063 3560 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:58:55.0094 3560 MegaSR - ok
09:58:55.0141 3560 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:58:55.0234 3560 MMCSS - ok
09:58:55.0250 3560 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:58:55.0328 3560 Modem - ok
09:58:55.0343 3560 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:58:55.0375 3560 monitor - ok
09:58:55.0406 3560 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:58:55.0437 3560 mouclass - ok
09:58:55.0453 3560 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:58:55.0484 3560 mouhid - ok
09:58:55.0515 3560 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:58:55.0546 3560 mountmgr - ok
09:58:55.0609 3560 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:58:55.0624 3560 MozillaMaintenance - ok
09:58:55.0655 3560 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:58:55.0687 3560 mpio - ok
09:58:55.0702 3560 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:58:55.0765 3560 mpsdrv - ok
09:58:55.0811 3560 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:58:55.0921 3560 MpsSvc - ok
DeeDee12
2013-04-09, 20:27
09:58:55.0952 3560 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:58:55.0999 3560 MRxDAV - ok
09:58:56.0045 3560 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:58:56.0077 3560 mrxsmb - ok
09:58:56.0123 3560 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:58:56.0155 3560 mrxsmb10 - ok
09:58:56.0155 3560 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:58:56.0201 3560 mrxsmb20 - ok
09:58:56.0233 3560 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:58:56.0248 3560 msahci - ok
09:58:56.0279 3560 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:58:56.0295 3560 msdsm - ok
09:58:56.0326 3560 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:58:56.0373 3560 MSDTC - ok
09:58:56.0404 3560 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:58:56.0482 3560 Msfs - ok
09:58:56.0498 3560 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:58:56.0560 3560 mshidkmdf - ok
09:58:56.0591 3560 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:58:56.0623 3560 msisadrv - ok
09:58:56.0654 3560 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:58:56.0747 3560 MSiSCSI - ok
09:58:56.0747 3560 msiserver - ok
09:58:56.0794 3560 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:58:56.0888 3560 MSKSSRV - ok
09:58:56.0888 3560 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:58:56.0966 3560 MSPCLOCK - ok
09:58:56.0981 3560 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:58:57.0059 3560 MSPQM - ok
09:58:57.0091 3560 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:58:57.0122 3560 MsRPC - ok
09:58:57.0153 3560 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:58:57.0169 3560 mssmbios - ok
09:58:57.0200 3560 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:58:57.0278 3560 MSTEE - ok
09:58:57.0293 3560 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:58:57.0325 3560 MTConfig - ok
09:58:57.0340 3560 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:58:57.0356 3560 Mup - ok
09:58:57.0403 3560 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:58:57.0481 3560 napagent - ok
09:58:57.0527 3560 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:58:57.0590 3560 NativeWifiP - ok
09:58:57.0637 3560 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:58:57.0699 3560 NDIS - ok
09:58:57.0730 3560 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:58:57.0808 3560 NdisCap - ok
09:58:57.0839 3560 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:58:57.0902 3560 NdisTapi - ok
09:58:57.0917 3560 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:58:57.0995 3560 Ndisuio - ok
09:58:58.0011 3560 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:58:58.0105 3560 NdisWan - ok
09:58:58.0105 3560 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:58:58.0183 3560 NDProxy - ok
09:58:58.0183 3560 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:58:58.0276 3560 NetBIOS - ok
09:58:58.0292 3560 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:58:58.0370 3560 NetBT - ok
09:58:58.0401 3560 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:58:58.0432 3560 Netlogon - ok
09:58:58.0463 3560 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:58:58.0557 3560 Netman - ok
09:58:58.0588 3560 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:58:58.0697 3560 netprofm - ok
09:58:58.0760 3560 [ 2F06E01DE7A3E366185E65C41C9DEBF7 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
09:58:58.0822 3560 netr28x - ok
09:58:58.0853 3560 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:58:58.0885 3560 NetTcpPortSharing - ok
09:58:58.0916 3560 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:58:58.0931 3560 nfrd960 - ok
09:58:58.0978 3560 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:58:59.0009 3560 NlaSvc - ok
09:58:59.0041 3560 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:58:59.0103 3560 Npfs - ok
09:58:59.0119 3560 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:58:59.0197 3560 nsi - ok
09:58:59.0212 3560 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:58:59.0290 3560 nsiproxy - ok
09:58:59.0368 3560 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:58:59.0462 3560 Ntfs - ok
09:58:59.0477 3560 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:58:59.0555 3560 Null - ok
09:58:59.0587 3560 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
09:58:59.0633 3560 NVENETFD - ok
09:58:59.0680 3560 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:58:59.0711 3560 nvraid - ok
09:58:59.0727 3560 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:58:59.0758 3560 nvstor - ok
09:58:59.0789 3560 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:58:59.0821 3560 nv_agp - ok
09:58:59.0852 3560 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:58:59.0883 3560 ohci1394 - ok
09:58:59.0914 3560 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:58:59.0930 3560 ose - ok
09:59:00.0101 3560 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:59:00.0304 3560 osppsvc - ok
09:59:00.0335 3560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:59:00.0382 3560 p2pimsvc - ok
09:59:00.0398 3560 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:59:00.0445 3560 p2psvc - ok
09:59:00.0476 3560 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:59:00.0491 3560 Parport - ok
09:59:00.0523 3560 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:59:00.0554 3560 partmgr - ok
09:59:00.0569 3560 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:59:00.0616 3560 PcaSvc - ok
09:59:00.0647 3560 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:59:00.0679 3560 pci - ok
09:59:00.0710 3560 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:59:00.0725 3560 pciide - ok
09:59:00.0757 3560 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:59:00.0788 3560 pcmcia - ok
09:59:00.0819 3560 [ B5D3C24E4EA8E6D4850E83DAD8C510D4 ] PCTINDIS5X64 C:\Windows\system32\PCTINDIS5X64.SYS
09:59:00.0850 3560 PCTINDIS5X64 - ok
09:59:00.0866 3560 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:59:00.0897 3560 pcw - ok
09:59:00.0913 3560 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:59:01.0022 3560 PEAUTH - ok
09:59:01.0115 3560 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:59:01.0162 3560 PerfHost - ok
09:59:01.0240 3560 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:59:01.0365 3560 pla - ok
09:59:01.0412 3560 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:59:01.0459 3560 PlugPlay - ok
09:59:01.0474 3560 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:59:01.0505 3560 PNRPAutoReg - ok
09:59:01.0537 3560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:59:01.0568 3560 PNRPsvc - ok
09:59:01.0615 3560 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:59:01.0724 3560 PolicyAgent - ok
09:59:01.0771 3560 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:59:01.0864 3560 Power - ok
09:59:01.0880 3560 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:59:01.0973 3560 PptpMiniport - ok
09:59:02.0005 3560 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:59:02.0051 3560 Processor - ok
09:59:02.0083 3560 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:59:02.0129 3560 ProfSvc - ok
09:59:02.0161 3560 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:59:02.0176 3560 ProtectedStorage - ok
09:59:02.0207 3560 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:59:02.0285 3560 Psched - ok
09:59:02.0348 3560 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:59:02.0441 3560 ql2300 - ok
09:59:02.0488 3560 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:59:02.0504 3560 ql40xx - ok
09:59:02.0535 3560 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:59:02.0582 3560 QWAVE - ok
09:59:02.0613 3560 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:59:02.0660 3560 QWAVEdrv - ok
09:59:02.0691 3560 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:59:02.0769 3560 RasAcd - ok
09:59:02.0785 3560 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:59:02.0863 3560 RasAgileVpn - ok
09:59:02.0894 3560 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:59:02.0972 3560 RasAuto - ok
09:59:03.0003 3560 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:59:03.0081 3560 Rasl2tp - ok
09:59:03.0112 3560 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:59:03.0190 3560 RasMan - ok
09:59:03.0190 3560 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:59:03.0284 3560 RasPppoe - ok
09:59:03.0299 3560 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:59:03.0393 3560 RasSstp - ok
09:59:03.0424 3560 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:59:03.0502 3560 rdbss - ok
09:59:03.0533 3560 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:59:03.0565 3560 rdpbus - ok
09:59:03.0596 3560 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:59:03.0674 3560 RDPCDD - ok
09:59:03.0705 3560 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:59:03.0783 3560 RDPENCDD - ok
09:59:03.0814 3560 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:59:03.0892 3560 RDPREFMP - ok
09:59:03.0923 3560 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:59:03.0955 3560 RDPWD - ok
09:59:04.0001 3560 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:59:04.0033 3560 rdyboost - ok
09:59:04.0079 3560 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
09:59:04.0111 3560 RealNetworks Downloader Resolver Service - ok
09:59:04.0142 3560 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:59:04.0235 3560 RemoteAccess - ok
09:59:04.0267 3560 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:59:04.0345 3560 RemoteRegistry - ok
09:59:04.0407 3560 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:59:04.0438 3560 RimUsb - ok
09:59:04.0469 3560 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:59:04.0516 3560 RimVSerPort - ok
09:59:04.0579 3560 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:59:04.0641 3560 ROOTMODEM - ok
09:59:04.0672 3560 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
09:59:04.0703 3560 RoxioNow Service - ok
09:59:04.0735 3560 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:59:04.0828 3560 RpcEptMapper - ok
09:59:04.0859 3560 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:59:04.0891 3560 RpcLocator - ok
09:59:04.0922 3560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:59:05.0000 3560 RpcSs - ok
09:59:05.0047 3560 [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
09:59:05.0078 3560 RSPCIESTOR - ok
09:59:05.0093 3560 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:59:05.0171 3560 rspndr - ok
09:59:05.0203 3560 [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:59:05.0234 3560 RTL8167 - ok
09:59:05.0249 3560 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:59:05.0281 3560 SamSs - ok
09:59:05.0312 3560 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:59:05.0343 3560 sbp2port - ok
09:59:05.0374 3560 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:59:05.0452 3560 SCardSvr - ok
09:59:05.0468 3560 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:59:05.0546 3560 scfilter - ok
09:59:05.0593 3560 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:59:05.0717 3560 Schedule - ok
09:59:05.0733 3560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:59:05.0795 3560 SCPolicySvc - ok
09:59:05.0842 3560 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:59:05.0873 3560 sdbus - ok
09:59:05.0905 3560 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:59:05.0951 3560 SDRSVC - ok
09:59:06.0014 3560 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:59:06.0045 3560 SeaPort - ok
09:59:06.0061 3560 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:59:06.0154 3560 secdrv - ok
09:59:06.0185 3560 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:59:06.0248 3560 seclogon - ok
09:59:06.0263 3560 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:59:06.0341 3560 SENS - ok
09:59:06.0373 3560 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:59:06.0404 3560 SensrSvc - ok
09:59:06.0451 3560 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
09:59:06.0497 3560 Serenum - ok
09:59:06.0513 3560 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
09:59:06.0560 3560 Serial - ok
09:59:06.0607 3560 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:59:06.0638 3560 sermouse - ok
09:59:06.0685 3560 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:59:06.0778 3560 SessionEnv - ok
09:59:06.0809 3560 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:59:06.0841 3560 sffdisk - ok
09:59:06.0965 3560 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:59:07.0184 3560 sffp_mmc - ok
09:59:07.0215 3560 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:59:07.0262 3560 sffp_sd - ok
09:59:07.0293 3560 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:59:07.0324 3560 sfloppy - ok
09:59:07.0371 3560 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
09:59:07.0402 3560 Sftfs - ok
09:59:07.0449 3560 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:59:07.0480 3560 sftlist - ok
09:59:07.0511 3560 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:59:07.0543 3560 Sftplay - ok
09:59:07.0558 3560 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:59:07.0574 3560 Sftredir - ok
09:59:07.0574 3560 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
09:59:07.0605 3560 Sftvol - ok
09:59:07.0621 3560 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:59:07.0652 3560 sftvsa - ok
09:59:07.0683 3560 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:59:07.0761 3560 SharedAccess - ok
09:59:07.0792 3560 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:59:07.0886 3560 ShellHWDetection - ok
09:59:07.0917 3560 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:59:07.0948 3560 SiSRaid2 - ok
09:59:07.0964 3560 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:59:07.0995 3560 SiSRaid4 - ok
09:59:08.0026 3560 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:59:08.0120 3560 Smb - ok
09:59:08.0198 3560 [ C6274392D8CA6F637382764A12AC5673 ] SMSI Device Launch Service C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
09:59:08.0213 3560 SMSI Device Launch Service - ok
09:59:08.0276 3560 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:59:08.0307 3560 SNMPTRAP - ok
09:59:08.0323 3560 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:59:08.0354 3560 spldr - ok
09:59:08.0385 3560 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:59:08.0432 3560 Spooler - ok
09:59:08.0541 3560 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:59:08.0728 3560 sppsvc - ok
09:59:08.0759 3560 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:59:08.0822 3560 sppuinotify - ok
09:59:08.0853 3560 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:59:08.0900 3560 srv - ok
09:59:08.0947 3560 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:59:08.0993 3560 srv2 - ok
09:59:09.0040 3560 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:59:09.0071 3560 SrvHsfHDA - ok
09:59:09.0118 3560 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:59:09.0227 3560 SrvHsfV92 - ok
09:59:09.0259 3560 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:59:09.0321 3560 SrvHsfWinac - ok
09:59:09.0337 3560 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:59:09.0368 3560 srvnet - ok
09:59:09.0415 3560 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:59:09.0493 3560 SSDPSRV - ok
09:59:09.0508 3560 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:59:09.0586 3560 SstpSvc - ok
09:59:09.0602 3560 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:59:09.0633 3560 stexstor - ok
09:59:09.0664 3560 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:59:09.0727 3560 stisvc - ok
09:59:09.0773 3560 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:59:09.0789 3560 swenum - ok
09:59:09.0836 3560 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:59:09.0945 3560 swprv - ok
09:59:10.0023 3560 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:59:10.0085 3560 SynTP - ok
09:59:10.0148 3560 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:59:10.0257 3560 SysMain - ok
09:59:10.0273 3560 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:59:10.0304 3560 TabletInputService - ok
09:59:10.0319 3560 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:59:10.0413 3560 TapiSrv - ok
09:59:10.0429 3560 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:59:10.0507 3560 TBS - ok
09:59:10.0569 3560 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:59:10.0678 3560 Tcpip - ok
09:59:10.0725 3560 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:59:10.0803 3560 TCPIP6 - ok
09:59:10.0834 3560 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:59:10.0865 3560 tcpipreg - ok
09:59:10.0897 3560 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:59:10.0928 3560 TDPIPE - ok
09:59:10.0959 3560 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:59:10.0990 3560 TDTCP - ok
09:59:11.0021 3560 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:59:11.0084 3560 tdx - ok
09:59:11.0115 3560 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:59:11.0131 3560 TermDD - ok
09:59:11.0177 3560 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:59:11.0271 3560 TermService - ok
09:59:11.0302 3560 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:59:11.0349 3560 Themes - ok
09:59:11.0365 3560 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:59:11.0427 3560 THREADORDER - ok
09:59:11.0458 3560 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:59:11.0536 3560 TrkWks - ok
09:59:11.0583 3560 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:11.0661 3560 TrustedInstaller - ok
09:59:11.0677 3560 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:11.0770 3560 tssecsrv - ok
09:59:11.0786 3560 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:59:11.0817 3560 TsUsbFlt - ok
09:59:11.0848 3560 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:59:11.0864 3560 TsUsbGD - ok
09:59:11.0895 3560 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:59:11.0957 3560 tunnel - ok
09:59:11.0989 3560 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:59:12.0004 3560 uagp35 - ok
09:59:12.0035 3560 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:59:12.0129 3560 udfs - ok
09:59:12.0160 3560 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:59:12.0191 3560 UI0Detect - ok
09:59:12.0238 3560 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:59:12.0254 3560 uliagpkx - ok
09:59:12.0285 3560 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:59:12.0332 3560 umbus - ok
09:59:12.0347 3560 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:59:12.0394 3560 UmPass - ok
09:59:12.0441 3560 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:59:12.0519 3560 upnphost - ok
09:59:12.0566 3560 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:12.0581 3560 usbccgp - ok
09:59:12.0613 3560 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:59:12.0644 3560 usbcir - ok
09:59:12.0659 3560 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:59:12.0691 3560 usbehci - ok
09:59:12.0737 3560 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:59:12.0753 3560 usbfilter - ok
09:59:12.0784 3560 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
09:59:12.0831 3560 usbhub - ok
09:59:12.0847 3560 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:59:12.0893 3560 usbohci - ok
09:59:12.0940 3560 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
09:59:12.0971 3560 usbprint - ok
09:59:13.0003 3560 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:13.0049 3560 USBSTOR - ok
09:59:13.0096 3560 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:59:13.0127 3560 usbuhci - ok
09:59:13.0159 3560 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:59:13.0190 3560 usbvideo - ok
09:59:13.0205 3560 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
09:59:13.0237 3560 usb_rndisx - ok
09:59:13.0268 3560 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:59:13.0346 3560 UxSms - ok
09:59:13.0361 3560 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:59:13.0393 3560 VaultSvc - ok
09:59:13.0408 3560 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:59:13.0439 3560 vdrvroot - ok
09:59:13.0471 3560 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:59:13.0580 3560 vds - ok
09:59:13.0611 3560 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:13.0642 3560 vga - ok
09:59:13.0658 3560 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:59:13.0736 3560 VgaSave - ok
09:59:13.0751 3560 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:59:13.0783 3560 vhdmp - ok
09:59:13.0814 3560 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:59:13.0829 3560 viaide - ok
09:59:13.0876 3560 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:59:13.0892 3560 volmgr - ok
09:59:13.0923 3560 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:59:13.0954 3560 volmgrx - ok
09:59:13.0970 3560 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:59:14.0001 3560 volsnap - ok
09:59:14.0048 3560 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:59:14.0063 3560 vsmraid - ok
09:59:14.0126 3560 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:59:14.0251 3560 VSS - ok
09:59:14.0266 3560 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:59:14.0313 3560 vwifibus - ok
09:59:14.0344 3560 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:59:14.0391 3560 vwififlt - ok
09:59:14.0438 3560 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:59:14.0516 3560 W32Time - ok
09:59:14.0547 3560 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:59:14.0594 3560 WacomPen - ok
09:59:14.0641 3560 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:59:14.0719 3560 WANARP - ok
09:59:14.0734 3560 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:59:14.0797 3560 Wanarpv6 - ok
09:59:14.0859 3560 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:59:14.0937 3560 WatAdminSvc - ok
09:59:14.0999 3560 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:59:15.0093 3560 wbengine - ok
09:59:15.0109 3560 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:59:15.0140 3560 WbioSrvc - ok
09:59:15.0155 3560 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:59:15.0218 3560 wcncsvc - ok
09:59:15.0233 3560 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:15.0265 3560 WcsPlugInService - ok
09:59:15.0296 3560 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:59:15.0311 3560 Wd - ok
09:59:15.0358 3560 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:59:15.0421 3560 Wdf01000 - ok
09:59:15.0436 3560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:59:15.0499 3560 WdiServiceHost - ok
09:59:15.0514 3560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:59:15.0545 3560 WdiSystemHost - ok
09:59:15.0577 3560 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:59:15.0623 3560 WebClient - ok
09:59:15.0655 3560 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:59:15.0748 3560 Wecsvc - ok
09:59:15.0779 3560 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:59:15.0857 3560 wercplsupport - ok
09:59:15.0873 3560 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:59:15.0951 3560 WerSvc - ok
09:59:15.0982 3560 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:59:16.0060 3560 WfpLwf - ok
09:59:16.0076 3560 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:59:16.0107 3560 WIMMount - ok
09:59:16.0123 3560 WinDefend - ok
09:59:16.0138 3560 WinHttpAutoProxySvc - ok
09:59:16.0201 3560 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:59:16.0263 3560 Winmgmt - ok
09:59:16.0341 3560 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:59:16.0481 3560 WinRM - ok
09:59:16.0528 3560 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:59:16.0575 3560 WinUsb - ok
09:59:16.0606 3560 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:59:16.0684 3560 Wlansvc - ok
09:59:16.0778 3560 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:59:16.0793 3560 wlcrasvc - ok
09:59:16.0887 3560 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:59:17.0012 3560 wlidsvc - ok
09:59:17.0027 3560 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:59:17.0074 3560 WmiAcpi - ok
09:59:17.0105 3560 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:59:17.0137 3560 wmiApSrv - ok
09:59:17.0183 3560 WMPNetworkSvc - ok
09:59:17.0215 3560 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:59:17.0230 3560 WPCSvc - ok
09:59:17.0246 3560 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:59:17.0293 3560 WPDBusEnum - ok
09:59:17.0324 3560 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:59:17.0386 3560 ws2ifsl - ok
09:59:17.0402 3560 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:59:17.0464 3560 wscsvc - ok
09:59:17.0464 3560 WSearch - ok
09:59:17.0558 3560 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:59:17.0683 3560 wuauserv - ok
09:59:17.0729 3560 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:59:17.0761 3560 WudfPf - ok
09:59:17.0807 3560 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:17.0854 3560 WUDFRd - ok
09:59:17.0885 3560 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:59:17.0932 3560 wudfsvc - ok
09:59:17.0963 3560 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
09:59:17.0995 3560 WwanSvc - ok
09:59:18.0057 3560 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:59:18.0088 3560 YahooAUService - ok
09:59:18.0119 3560 ================ Scan global ===============================
09:59:18.0151 3560 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:59:18.0166 3560 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:59:18.0182 3560 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:59:18.0213 3560 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:59:18.0229 3560 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:59:18.0244 3560 [Global] - ok
09:59:18.0244 3560 ================ Scan MBR ==================================
09:59:18.0260 3560 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:59:18.0681 3560 \Device\Harddisk0\DR0 - ok
09:59:18.0697 3560 ================ Scan VBR ==================================
09:59:18.0697 3560 [ 2FB621B0CD3A4CBA96478B3C615578A7 ] \Device\Harddisk0\DR0\Partition1
09:59:18.0712 3560 \Device\Harddisk0\DR0\Partition1 - ok
09:59:18.0743 3560 [ EA95D9D5B51AA9D3F03AF13D70475C33 ] \Device\Harddisk0\DR0\Partition2
09:59:18.0743 3560 \Device\Harddisk0\DR0\Partition2 - ok
09:59:18.0790 3560 [ DBB104711163E1E8A6C49C8B1E7210DE ] \Device\Harddisk0\DR0\Partition3
09:59:18.0806 3560 \Device\Harddisk0\DR0\Partition3 - ok
09:59:18.0821 3560 [ 08C94D27748E6960ACC5F045029AA4F5 ] \Device\Harddisk0\DR0\Partition4
09:59:18.0821 3560 \Device\Harddisk0\DR0\Partition4 - ok
09:59:18.0821 3560 ============================================================
09:59:18.0821 3560 Scan finished
09:59:18.0821 3560 ============================================================
09:59:18.0853 3732 Detected object count: 3
09:59:18.0853 3732 Actual detected object count: 3
10:05:36.0155 3732 clearwireDeviceDiagnosticsService ( UnsignedFile.Multi.Generic ) - skipped by user
10:05:36.0155 3732 clearwireDeviceDiagnosticsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:05:36.0155 3732 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:05:36.0155 3732 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:05:36.0155 3732 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
10:05:36.0155 3732 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
Dakeyras
2013-04-09, 21:20
Hi. :)
I downloaded the "flag_disinfector and ran it and I will keep it on my computer, thank you.
Good and you're most welcome!
The computer seems to startup just fine. I have not done anything more than just come to this web site with it. I have not tried any of the programs on it because I dont know if opening anything might trigger something to add to the virus problems.
Acknowledged and fair play.
Next:
This time round it is just a few benign scans so I can ascertain what will require addressing next apart from both the Anti-Virus and Mozilla Firefox issues...with regard to the latter do try to download the the scanner below using it and let myself know if still the same problem.
Scan with FSS:
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)and save to the desktop.
Right-click FSS.exe and select Run as Administrator to start the program.
Select all available options.
Then click on the Scan tab.
When the scan is complete, it will produce a log named FSS.txt
Post the contents in your next reply.
Re-scan with OTL:
Delete both OTL.txt and Extras.txt if still present, them empty the Recycle Bin.
Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.
DeeDee12
2013-04-09, 22:06
Below is the log that you requested. One option in the selection box was checked but it was greyed out. It was called "RpcSs and PlugPlay"
Farbar Service Scanner Version: 03-03-2013
Ran by Shermqn Cooper (administrator) on 09-04-2013 at 12:01:09
Running from "C:\Users\Shermqn Cooper\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
DeeDee12
2013-04-09, 22:30
OTL logfile created on: 4/9/2013 12:08:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.60 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 65.98% Memory free
7.21 Gb Paging File | 5.80 Gb Available in Paging File | 80.47% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.98 Gb Total Space | 334.85 Gb Free Space | 74.91% Space Free | Partition Type: NTFS
Drive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.32% Space Free | Partition Type: FAT32
Computer Name: BLACKLIGHT | User Name: Shermqn Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Shermqn Cooper\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\ActivePath\ActiveMail\UpdateClient.exe (ActivePath Ltd.)
PRC - C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
PRC - C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
PRC - C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc)
PRC - C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
MOD - C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
MOD - C:\Program Files (x86)\Raptr\heliotrope._purple.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd ()
MOD - C:\Program Files (x86)\Raptr\sip.pyd ()
MOD - C:\Users\Shermqn Cooper\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd ()
MOD - C:\Program Files (x86)\Raptr\liboscar.dll ()
MOD - C:\Program Files (x86)\Raptr\libjabber.dll ()
MOD - C:\Program Files (x86)\Raptr\libymsg.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Raptr\simplejson._speedups.pyd ()
MOD - C:\Program Files (x86)\Raptr\libxml2-2.dll ()
MOD - C:\Program Files (x86)\Raptr\sqlite3.dll ()
MOD - C:\Program Files (x86)\Raptr\zlib1.dll ()
MOD - C:\Program Files (x86)\Raptr\win32gui.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32file.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32api.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32process.pyd ()
MOD - C:\Program Files (x86)\Raptr\gobject._gobject.pyd ()
MOD - C:\Program Files (x86)\Raptr\pywintypes26.dll ()
MOD - C:\Program Files (x86)\Raptr\PIL._imaging.pyd ()
MOD - C:\Program Files (x86)\Raptr\_ssl.pyd ()
MOD - C:\Program Files (x86)\Raptr\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Raptr\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Raptr\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Raptr\_elementtree.pyd ()
MOD - C:\Program Files (x86)\Raptr\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Raptr\_sqlite3.pyd ()
MOD - C:\Program Files (x86)\Raptr\_socket.pyd ()
MOD - C:\Program Files (x86)\Raptr\winsound.pyd ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CACLEARWIRE) -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (bcm) -- C:\Windows\SysNative\drivers\drxvi314_64.sys (Beceem communications pvt ltd.)
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys (Beceem communications pvt ltd.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.7.20130322105505
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/10 18:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/20 18:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/20 18:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 08:49:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/12/29 14:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Extensions
[2013/04/09 09:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions
[2013/04/09 05:51:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/09 06:15:32 | 000,000,000 | ---D | M] (ActiveMail) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\activemail@activepath.com
[2012/12/20 18:05:53 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults
[2012/12/29 14:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 08:49:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search? p={searchTerms}&ei=UTF-8&fr=w3is&type=
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekjmomebeenmcaidoolfdgmhljcegdjg\1.1_0\
CHR - Extension: No name found = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdibpcceojcijhomkdgiffflkgngmapf\2.6.430_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)
O2 - BHO: (My Personal Homepage) - {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Conduit] C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll (The GTK developer community)
O4 - HKU\S-1-5-18..\Run: [Conduit] C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll (The GTK developer community)
O4 - HKU\S-1-5-19..\Run: [Conduit] C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll (The GTK developer community)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Conduit] C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll (The GTK developer community)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Akamai NetSession Interface] C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [GenieoSystemTray] C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [GenieoUpdaterService] C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Ranges: Range1 ( in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26AE02A1-4B39-46A9-89C7-F777F66FFCFD}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51AE88A-6CA5-4D53-803F-A6EF3053E57E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/09 09:09:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/09 09:08:23 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/09 06:23:43 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/04/09 06:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/04/09 06:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/04/08 10:29:55 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/08 10:29:55 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/08 10:29:54 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/08 10:27:27 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/04/08 10:27:27 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/04/08 10:27:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/04/08 10:27:27 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/04/08 10:27:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/04/08 10:27:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/04/08 10:27:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/04/08 10:27:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/04/08 10:27:27 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/04/08 10:27:27 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/04/08 10:27:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/04/08 10:27:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/04/08 10:27:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/04/08 10:27:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/04/08 10:27:27 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/04/08 10:27:27 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/04/08 10:27:27 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/04/08 10:27:27 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/04/08 10:27:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/04/08 10:27:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/04/08 10:27:26 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/04/08 10:27:26 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/04/08 10:27:26 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/04/08 10:27:26 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/04/08 10:27:26 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/04/08 10:27:26 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/04/08 10:27:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/04/08 10:27:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/04/08 10:21:36 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/04/08 10:21:36 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/04/08 10:17:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/04/08 10:17:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/04/08 10:17:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/04/08 10:17:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/04/08 10:17:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/04/08 10:17:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/04/08 10:17:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/04/08 10:17:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/04/08 10:17:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/04/08 10:17:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/04/08 10:17:16 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/04/08 10:15:45 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/04/08 10:15:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/04/08 10:15:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/04/08 10:15:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/04/08 10:15:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/04/08 10:15:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/04/08 10:15:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/04/08 10:15:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/04/08 10:15:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/04/08 10:15:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/04/08 10:15:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/04/08 10:11:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/04/08 09:18:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
[2013/04/08 07:21:56 | 000,000,000 | ---D | C] -- C:\Users\Shermqn Cooper\AppData\Roaming\Malwarebytes
[2013/04/08 07:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/08 07:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 07:21:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/08 07:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/08 07:20:08 | 000,000,000 | ---D | C] -- C:\Users\Shermqn Cooper\AppData\Local\Programs
[2013/04/05 12:58:19 | 000,000,000 | ---D | C] -- C:\FRST
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/09 12:11:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2013/04/09 11:54:14 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 11:54:14 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 11:49:42 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job
[2013/04/09 11:49:27 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shermqn Cooper.job
[2013/04/09 11:46:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/09 11:46:47 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/09 10:27:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001UA.job
[2013/04/09 09:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/09 08:03:22 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 06:27:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001Core.job
[2013/04/09 06:25:00 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BLACKLIGHT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/04/09 06:20:15 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/04/09 05:59:41 | 000,757,060 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/09 05:59:41 | 000,636,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/09 05:59:41 | 000,110,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/08 09:45:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/08 09:45:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/08 09:18:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
[2013/04/08 09:04:34 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shermqn Cooper.job
[2013/04/08 08:56:42 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shermqn Cooper.job
[2013/04/08 07:21:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 07:00:14 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForShermqn Cooper.job
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/09 06:25:00 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BLACKLIGHT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/04/09 06:20:15 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/04/09 05:46:14 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\ActiveMail Updater.job
[2013/04/09 05:46:03 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2013/04/08 07:21:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 07:01:02 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shermqn Cooper.job
[2013/04/08 07:01:00 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shermqn Cooper.job
[2013/04/08 07:00:49 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shermqn Cooper.job
[2013/04/07 14:11:52 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForShermqn Cooper.job
[2012/08/20 18:29:04 | 000,000,238 | ---- | C] () -- C:\Windows\SysWow64\initparams.ini
[2012/06/30 09:52:44 | 000,007,680 | ---- | C] () -- C:\Users\Shermqn Cooper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/13 21:56:05 | 000,001,199 | ---- | C] () -- C:\Users\Shermqn Cooper\AppData\Roaming\result.db
[2012/04/13 21:34:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/02 17:01:47 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/02 18:34:26 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/26 02:33:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/05 12:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/13 08:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
DeeDee12
2013-04-09, 22:32
OTL Extras logfile created on: 4/9/2013 12:08:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.60 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 65.98% Memory free
7.21 Gb Paging File | 5.80 Gb Available in Paging File | 80.47% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.98 Gb Total Space | 334.85 Gb Free Space | 74.91% Space Free | Partition Type: NTFS
Drive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.32% Space Free | Partition Type: FAT32
Computer Name: BLACKLIGHT | User Name: Shermqn Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012BF0CC-8FDE-41C8-B536-649D5D597E84}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{06D64F51-1E72-4DB9-93ED-2BBE70544A51}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{09405AEB-E523-49BE-A5CA-B80E8C65B5EE}" = lport=49208 | protocol=6 | dir=in | name=akamai netsession interface |
"{0C24E3C0-42D3-4C3C-BA78-D5FB4C23F609}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{139CBFB8-09B4-4E29-93A1-9924EC2CA558}" = rport=139 | protocol=6 | dir=out | app=system |
"{22401E4F-F701-4E68-A6DE-F5967EEC4077}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{273F8F88-CE92-41DE-ADAB-6E34D0B4D0AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C411930-0A90-4E70-9240-01CB7430E26A}" = rport=138 | protocol=17 | dir=out | app=system |
"{43C6B14F-82F1-4DE8-8F79-918F7FF275FC}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{46B6B15A-D8E1-4BB1-98F8-74BE7574E9CA}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{47896614-B55F-4877-967B-D66079483538}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56060FC6-DF95-4B00-8DB1-80AAE6C8B7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{56640BE7-472F-4831-9E89-4C34C96BE302}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{572083BB-0A59-4D1A-8F49-AF7855463D86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{636D125D-23F6-4E13-9E07-06D3861AF527}" = lport=139 | protocol=6 | dir=in | app=system |
"{8A850C59-DD46-46CE-B7C7-E2A5E3C14E26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FBFCDF9-2461-4AB7-896F-F935699C9D46}" = lport=49327 | protocol=6 | dir=in | name=akamai netsession interface |
"{97975213-29EF-4A24-B7D6-1367EC51BD48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98D81E01-EB8A-408B-BAE5-746CAE85D9B4}" = rport=137 | protocol=17 | dir=out | app=system |
"{9C8B1C37-5D98-451A-BCFB-BFA11D357048}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ABB6DEFD-22C3-4FA1-8665-4DF97610809F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B910A31C-4FC1-4624-8483-128D5F5635C9}" = lport=445 | protocol=6 | dir=in | app=system |
"{B9713F4D-DB1A-4EAA-B902-5A8ECFF313AF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C3EF2A7E-7B55-4E1B-A053-65608A425983}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7693C70-C656-4E18-BC67-173A516895AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFA5C070-6468-4454-BC4B-C0B64E70852C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1F27763-DF9C-4163-A671-FBA89D6CB209}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{E6AAD82A-2806-424A-B259-B7417BB4D4DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA89690C-BF1D-4CB2-9910-301C0C56D4D7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F76CAFDD-38F6-4457-B49A-4166677D97C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{FFCCCD19-4CC6-4349-B53A-FEB4B200EAE5}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12AF40C0-5FA1-4A38-9EE0-83A535AA5578}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{2084043C-411C-46FD-A0A6-4E2C1F6B3F25}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{216E7CF3-5328-4E4E-941D-F1BCD9D15CA5}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{2520B914-6504-47E7-A090-757E8740E293}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{26AF4343-08B1-4497-BE4A-A9654F6B6362}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2795DB9E-7E47-4596-ACBB-9D2D0B9156B2}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{28B70A3D-9C6B-40D6-AC09-848C081660A8}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{2FECD046-7D9D-4E9C-9BFE-0A209F275AF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30A5F8E5-D1F4-444E-A1EC-F7D92CC18720}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{3DBBE193-DDA1-4B92-95DB-445F34A9171D}" = protocol=6 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{49CDFB03-9D6A-448D-ABCF-D2FF3961674A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5239B7FB-95C6-4018-BA16-CF5FAC2839BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53D0F711-5858-49A4-A527-EC688C6F67EE}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{54CCCA38-D7E7-4D81-9854-12D847C36FCA}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{5600D688-2958-4455-A49F-609597C38AFB}" = protocol=6 | dir=in | app=c:\program files (x86)\shopping4causes shopping plugin\troubleshooter.exe |
"{63753786-C804-4771-9BB4-E306B0427618}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63782F92-E203-4EE9-B990-A3C481F0B356}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{69CADD58-5C56-4F82-9124-EF7C9D5A6FEE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A252317-E553-45FB-84B7-1F910676E366}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6B83C7B4-B6A0-4ED9-AE2C-B5643A6CF64A}" = protocol=6 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{6C6807B4-185B-422E-A435-074805F3C9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{7059C0E3-C716-4955-8741-4D339D51803D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{7889874D-907F-40BE-B6F7-4FDC0145F70D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7DE7AE0D-5753-43C6-A9EA-277380F6F5C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{811FFAEF-9333-4966-9053-5FD9A440C797}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{86749E67-75B1-4246-B279-E16F027EE6E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8716ACE4-C5AB-45E2-9DF1-E8E7F9B49485}" = protocol=17 | dir=in | app=c:\program files (x86)\shopping4causes shopping plugin\troubleshooter.exe |
"{8C8F244B-3084-4F0A-944A-3EAF976A9929}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92589284-1F64-4BE9-BB82-449013434DF5}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{937FA555-FCDB-4756-8912-60684AEC3A59}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{95E304DF-D0DB-49A3-AD4D-0750D04A5655}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9704FB59-BCB5-4D71-BEB4-32CBBBB36129}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9D72FE1F-3A24-4742-8AF6-FC6A83FDE496}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{A59823BB-724A-4037-A0D2-F9B637F7CD33}" = protocol=17 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{A7FAF874-FA19-4C85-99AF-F8BF467A7326}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{BC62CE25-8573-4863-B0C1-A7E8FC24DC22}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C82858E8-3EB2-4214-8C33-2F37649F6DED}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{CBE0CCA7-6B8F-456E-AB95-2E004B5E2746}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0A7EF9F-2BC2-40DC-935A-46E1D4D8FBEC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D0DC73E3-63D5-4762-99A8-814D75E8C3C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2E25034-8BEE-44C8-A27A-C7A47A55A732}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D76806D8-A1A2-49CA-985F-03A5D539F592}" = protocol=6 | dir=out | app=system |
"{DE285E3A-923A-4EA7-BE84-60787402F40D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2057B91-07E7-4C01-A525-91B01EF17014}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F0913FFB-8437-401F-8F4C-E941667B4359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F36AAD3A-FAA3-4492-B3E0-707B03EFBD79}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{006F5E5F-102C-42E8-BC52-A5D8C0FBEFC3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{12D5171C-4845-4E56-8CC0-9BFDF5010F3B}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{5255B3FC-0D24-4B53-A9A4-F4EA243306AD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{69FB3D7F-7B46-4CDD-8B6F-C089C371617C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B6E2AB3E-FD89-4CB9-87D2-39B23B3A58BB}C:\users\shermqn cooper\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\shermqn cooper\appdata\local\akamai\netsession_win.exe |
"TCP Query User{BB731BAA-1BEC-487A-960A-26319A5B2FE1}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{D933328E-4CFD-434E-94DB-1FCE88171D2E}C:\program files (x86)\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"UDP Query User{2D70D231-1D9B-439C-A0F5-80AE13555AD3}C:\program files (x86)\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"UDP Query User{2F5458E0-E7E4-4824-BDC8-932A35287FEF}C:\users\shermqn cooper\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\shermqn cooper\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7762A128-73C5-45E7-A602-AB79E819CF39}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{869EDEC9-84F7-469D-BE97-6CC4CD4D3ACA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B67525B5-8862-4558-9B49-5EBA3FCF0B83}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C6850828-56BC-4433-833A-92D6AB9CD147}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{F27AA1CA-4EFB-4CDF-9832-3C60D0CCC87E}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{781337AB-FB90-466A-B06A-46F112C95D54}" = CLEAR Connection Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
"{DC3381CB-10D4-431D-B9B3-7DB84B00645F}" = FreePriceAlerts 2.3.5
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{075A14EB-B72E-4193-1870-967EF65800AC}" = FlipToast
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E42A955-54D0-49CB-9ABA-78B506F88436}" = ActiveMail
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German
"{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English
"{23538B53-1A87-4728-AC4B-869345AA067D}" = Community Smartbar
"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = Rusty Hearts PWE
"{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0
"{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common
"{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech
"{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
"{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian
"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
"{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1" = Elsword version 1.27
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
"Chica Password Manager_is1" = Chica Password Manager 1.10.0.6
"com.w3i.FlipToast" = FlipToast
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Raptr" = Raptr
"RealPlayer 16.0" = RealPlayer
"RumbleFighter" = Rumble Fighter
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-01f56657-a518-46da-9f3a-13869c14972c" = Slingo Supreme
"WTA-028cb45d-88b7-4a73-8972-bebd772e305d" = Governor of Poker 2 Premium Edition
"WTA-15853f67-ff9a-43d4-82ba-1020d0af056d" = Zuma Deluxe
"WTA-1bbf1ab4-860c-40d7-97a4-daffc14d1793" = Blackhawk Striker 2
"WTA-2a780506-d4a6-4222-b135-b13fbe04a5af" = Vacation Quest - The Hawaiian Islands
"WTA-2f1fea9a-1a16-4f47-9cf1-caafccca18f6" = Namco All-Stars: PAC-MAN
"WTA-38df255c-c0d6-4d6e-a761-fd76bdb3c8eb" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-3ea4045b-7a72-42af-9e9c-86545de43de6" = Farm Frenzy
"WTA-3f5344f6-9073-4d79-9f91-6249c52089f4" = Mah Jong Medley
"WTA-3fbd1b6a-cb28-40a2-bcb3-083a95a731f0" = Plants vs. Zombies - Game of the Year
"WTA-4233f013-469f-483b-a117-49e9327ddb66" = Blasterball 3
"WTA-543c2727-a0b9-4621-9ec3-f9752f315510" = Poker Superstars III
"WTA-56f0f831-0d10-43ac-adb6-8dc06426619d" = Bounce Symphony
"WTA-7497ca49-a35f-41db-bb98-3591103c404e" = Chronicles of Albian
"WTA-76cb86aa-d32e-465b-9201-60601d184921" = Polar Bowler
"WTA-8367bcac-d225-41b5-8475-3f2573051da4" = Polar Golfer
"WTA-8898f13a-b6de-4c19-84d4-d1bee1dceacf" = Mystery of Mortlake Mansion
"WTA-8bfb1ab2-9994-44c9-a4e6-4fd5a92a5aff" = Penguins!
"WTA-9fc0e47b-e236-4584-a199-b32a4a9a9fda" = Cradle of Rome 2
"WTA-a307b701-1b38-4efe-b1ce-a986a50f5eb1" = Cake Mania
"WTA-acded29b-e906-4839-8ece-fa7b19aaf0ab" = Virtual Villagers 5 - New Believers
"WTA-ba152df7-7dc1-4e98-b67f-fc9888b85353" = FATE
"WTA-cc128f2b-21e9-4403-9aa8-46b3e4ac752f" = Chuzzle Deluxe
"WTA-e50c5ace-1225-4b32-a336-a5887a8876f9" = Agatha Christie - Peril at End House
"WTA-f6fc44d2-2ce2-4682-a2cb-02954a585536" = Bejeweled 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"genieo" = Genieo
"Google Chrome" = Google Chrome
"RewardsArcadeSuite" = RewardsArcadeSuite
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/9/2013 1:14:37 PM | Computer Name = blacklight | Source = WinMgmt | ID = 10
Description =
Error - 4/9/2013 2:48:31 PM | Computer Name = blacklight | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 11/9/2012 4:25:26 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/14/2012 12:23:12 AM | Computer Name = blacklight | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Could not load file or assembly '0 bytes loaded from System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' or one of its dependencies. An attempt was made
to load a program with an incorrect format. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
en-US RAM: 3690 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)
Error - 11/14/2012 12:23:49 AM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/15/2012 12:53:15 AM | Computer Name = blacklight | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Could not load file or assembly '0 bytes loaded from System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' or one of its dependencies. An attempt was made
to load a program with an incorrect format. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
en-US RAM: 3690 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)
Error - 11/15/2012 12:53:41 AM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/16/2012 4:12:28 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()
at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()
at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3690
Ram
Utilization: 70 TargetSite: Void loadXML()
Error - 11/16/2012 4:13:01 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/16/2012 4:13:41 PM | Computer Name = blacklight | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Could not load file or assembly '0 bytes loaded from System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' or one of its dependencies. An attempt was made
to load a program with an incorrect format. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
en-US RAM: 3690 Ram Utilization: 70 TargetSite: Void UpdateDetail(System.String)
Error - 11/16/2012 4:15:12 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 4000
Description =
Error - 11/17/2012 11:40:35 PM | Computer Name = blacklight | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3690
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
[ HP Software Framework Events ]
Error - 11/14/2012 12:23:03 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:03.268|000007BC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:21 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:21.569|00001690|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:25 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:25.732|000017F0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:33 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:33.438|00000F2C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:37 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:37.123|0000142C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/14/2012 12:23:45 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/13 20:23:45.194|00001268|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/15/2012 12:53:29 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/14 20:53:29.358|00001F4C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/15/2012 12:53:35 AM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/14 20:53:35.884|00001B4C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/16/2012 4:14:27 PM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/16 12:14:27.464|000046B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 11/16/2012 4:14:54 PM | Computer Name = blacklight | Source = CaslWmi | ID = 5
Description = 2012/11/16 12:14:54.903|00004774|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 4/9/2013 1:12:05 PM | Computer Name = blacklight | Source = DCOM | ID = 10010
Description =
Error - 4/9/2013 1:27:38 PM | Computer Name = blacklight | Source = BROWSER | ID = 8032
Description =
Error - 4/9/2013 2:49:25 PM | Computer Name = blacklight | Source = BROWSER | ID = 8032
Description =
< End of report >
Dakeyras
2013-04-10, 12:37
Hi. :)
One option in the selection box was checked but it was greyed out. It was called "RpcSs and PlugPlay"
That is absolutely fine and not a cause for concern, were you able to download Farbar Service Scanner via Mozilla Firefox or not ?
In the removals below we will actually be uninstalling Java as it is out date. I strongly advise against re-installing a updated version at present because the software as a whole has been exploited of late and the machine could end up seriously infected again. Even though this exploit has been reportedly fixed there is still a vulnerability with the software.
At present I do not even have anything Java related installed on any of my machines.
Next:
Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):
BearShare
Bing Bar
Blio
FlipToast
FreePriceAlerts 2.3.5
Genieo
InstallIQ Updater
JavaFX 2.1.1
Java(TM) 7 Update 5
Mozilla Maintenance Service
WeatherBug
Yahoo! Toolbar
Yahoo! Software Update
To do so click once on each of the above to highlight, and then on Uninstall/Change and follow the prompts.
Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.
Next:
Download this (http://aa-download.avg.com/filedir/util/avgrem/avg_remover_stf_x64_2012_2125.exe) AVG Removal Tool to the desktop.
Right-click on avg_remover_stf_x64_2012_2125.exe and select Run as Administrator >> Yes >> reboot the machine if not advised to.
Note: There will be a notepad file on the desktop afterwards called avgremover.txt. I actually do not need to review this, however if you encountered any problems running the tool then by all means do post its contents in your next reply.
Next:
Reset Google Chrome, how to do so can be read here (http://www.googlechrometutorial.com/google-chrome-initial-settings/Google-chrome-reset-default-page-settings.html).
Next:
Let myself know when completed the above and if any problems encountered, also post a new OTL log please...
Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
Only one log will be created this time and that is all I require for the present.
DeeDee12
2013-04-10, 15:40
Yes I did the download from Firefox.
Going to run these items now.
Thanks for the headsup on Java. I will remove them from my personal machine as well. I noticed that there are updates for them, but if you believe they are a threat, that is good enough for me. :2thumb:
Dakeyras
2013-04-10, 15:45
Acknowledged. :)
DeeDee12
2013-04-10, 16:57
I am having a few problems uninstalling a couple of the programs.
I don't see Bearshare on the uninstall list.
FreePriceAlerts 2.3.5:
An error occured while trying to uninstall FreePriceAlerts 2.3.5. It may have already been uninstalled. Would you like to remove FreePriceAlerts 2.3.5 from the Programs and Features list.. What should I do? Click yes or no?, or should I do something else?
Yahoo! Toolbar:
I clicked for it to be uninstalled, it went through the uninstall process. It said the program was uninstalled but it is still in the Programs and Features list. I tried to uninstall it again and it said:Please wait until the current program is finished uninstalling or being changed... It as been awhile and it still says the same thing.
I am going ahead to the next item on your list of things to to. Thank you..
Dakeyras
2013-04-10, 17:54
Hi. :)
I don't see Bearshare on the uninstall list.
Not a problem, have a look and see if there is a folder for it in Program Files (x86). If there is open it and a uninstaller for it should be there.
If no folder present, not a problem either and merely means it is not installed at all.
Would you like to remove FreePriceAlerts 2.3.5 from the Programs and Features list.. What should I do? Click yes or no?, or should I do something else?
Click on Yes, any problems just leave it and inform myself in your next reply and we can tackle it via a different methodology.
Yahoo! Toolbar:
I clicked for it to be uninstalled, it went through the uninstall process. It said the program was uninstalled but it is still in the Programs and Features list. I tried to uninstall it again and it said:Please wait until the current program is finished uninstalling or being changed... It as been awhile and it still says the same thing.
Just leave that then and reboot the machine, then afterwards check if the entry is still present and if is we can tackle that also via the aforementioned different methodology.
Overall none of the above are that major a concern and I am not surprised any of the dross is not playing nice uninstall wise. ;)
DeeDee12
2013-04-10, 18:14
Ok. I clicked yes for the FreePriceAlerts 2.3.5.
I rebooted for the Yahoo! Toolbar and it is still there.
Reset Google Chrome:
I can't reset it. There's not a little wrench to click on next to the address bar. There is a little box with 3 lines in it that does open a drop-down box, but within that there is not an "option" link to click.
The time on the laptop is still wrong but the date has fixed itself.
Here is the OTL log:
OTL logfile created on: 4/10/2013 7:42:10 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.60 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 70.41% Memory free
7.21 Gb Paging File | 5.93 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.98 Gb Total Space | 342.17 Gb Free Space | 76.55% Space Free | Partition Type: NTFS
Drive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.32% Space Free | Partition Type: FAT32
Computer Name: BLACKLIGHT | User Name: Shermqn Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Shermqn Cooper\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\ActivePath\ActiveMail\UpdateClient.exe (ActivePath Ltd.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc)
PRC - C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Raptr\heliotrope._purple.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd ()
MOD - C:\Program Files (x86)\Raptr\sip.pyd ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd ()
MOD - C:\Program Files (x86)\Raptr\liboscar.dll ()
MOD - C:\Program Files (x86)\Raptr\libjabber.dll ()
MOD - C:\Program Files (x86)\Raptr\libymsg.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Raptr\simplejson._speedups.pyd ()
MOD - C:\Program Files (x86)\Raptr\libxml2-2.dll ()
MOD - C:\Program Files (x86)\Raptr\sqlite3.dll ()
MOD - C:\Program Files (x86)\Raptr\zlib1.dll ()
MOD - C:\Program Files (x86)\Raptr\win32gui.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32file.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32api.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32process.pyd ()
MOD - C:\Program Files (x86)\Raptr\gobject._gobject.pyd ()
MOD - C:\Program Files (x86)\Raptr\pywintypes26.dll ()
MOD - C:\Program Files (x86)\Raptr\PIL._imaging.pyd ()
MOD - C:\Program Files (x86)\Raptr\_ssl.pyd ()
MOD - C:\Program Files (x86)\Raptr\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Raptr\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Raptr\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Raptr\_elementtree.pyd ()
MOD - C:\Program Files (x86)\Raptr\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Raptr\_sqlite3.pyd ()
MOD - C:\Program Files (x86)\Raptr\_socket.pyd ()
MOD - C:\Program Files (x86)\Raptr\winsound.pyd ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CACLEARWIRE) -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (bcm) -- C:\Windows\SysNative\drivers\drxvi314_64.sys (Beceem communications pvt ltd.)
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys (Beceem communications pvt ltd.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.7.20130322105505
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/10 18:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/20 18:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/20 18:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 08:49:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/12/29 14:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Extensions
[2013/04/09 09:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions
[2013/04/09 05:51:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/09 06:15:32 | 000,000,000 | ---D | M] (ActiveMail) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\activemail@activepath.com
[2012/12/20 18:05:53 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults
[2012/12/29 14:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 08:49:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=8433553062244335&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.yahoo.com/web?fr=w3is/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: McAfee SiteAdvisor = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\
CHR - Extension: PowerInbox = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmmgljeemhhajnponhffhpjioiclpmbh\1.4.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Akamai NetSession Interface] C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Ranges: Range1 ( in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26AE02A1-4B39-46A9-89C7-F777F66FFCFD}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51AE88A-6CA5-4D53-803F-A6EF3053E57E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/10 06:31:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/04/10 05:42:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/10 05:42:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/10 05:42:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 05:42:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 05:42:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/10 05:42:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/10 05:42:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/10 05:42:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/10 05:42:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 05:42:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/10 05:42:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/10 05:42:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 05:42:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 05:42:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/10 05:42:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/09 18:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/04/09 09:09:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/09 09:08:23 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/09 06:23:43 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/04/09 06:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/04/09 06:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/04/08 10:29:55 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/08 10:29:55 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/08 10:29:54 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/08 10:27:27 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/04/08 10:27:27 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/04/08 10:27:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/04/08 10:27:27 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/04/08 10:27:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/04/08 10:27:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/04/08 10:27:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/04/08 10:27:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/04/08 10:27:27 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/04/08 10:27:27 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/04/08 10:27:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/04/08 10:27:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/04/08 10:27:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/04/08 10:27:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/04/08 10:27:27 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/04/08 10:27:27 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/04/08 10:27:27 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/04/08 10:27:27 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/04/08 10:27:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/04/08 10:27:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/04/08 10:27:26 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/04/08 10:27:26 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/04/08 10:27:26 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/04/08 10:27:26 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/04/08 10:27:26 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/04/08 10:27:26 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/04/08 10:27:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/04/08 10:27:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/04/08 10:21:36 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/04/08 10:21:36 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/04/08 10:17:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/04/08 10:17:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/04/08 10:17:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/04/08 10:17:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/04/08 10:17:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/04/08 10:17:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/04/08 10:17:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/04/08 10:17:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/04/08 10:17:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/04/08 10:17:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/04/08 10:17:16 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/04/08 10:15:45 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/04/08 10:15:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/04/08 10:15:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/04/08 10:15:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/04/08 10:15:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/04/08 10:15:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/04/08 10:15:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/04/08 10:15:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/04/08 10:15:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/04/08 10:15:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/04/08 10:15:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/04/08 10:11:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/04/08 09:18:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
[2013/04/08 07:21:56 | 000,000,000 | ---D | C] -- C:\Users\Shermqn Cooper\AppData\Roaming\Malwarebytes
[2013/04/08 07:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/08 07:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 07:21:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/08 07:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/08 07:20:08 | 000,000,000 | ---D | C] -- C:\Users\Shermqn Cooper\AppData\Local\Programs
[2013/04/05 12:58:19 | 000,000,000 | ---D | C] -- C:\FRST
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/10 07:46:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2013/04/10 07:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/10 07:27:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001UA.job
[2013/04/10 07:10:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 07:10:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 07:03:52 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job
[2013/04/10 07:03:37 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shermqn Cooper.job
[2013/04/10 07:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 07:03:13 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 07:02:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shermqn Cooper.job
[2013/04/10 06:27:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001Core.job
[2013/04/10 05:47:34 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 05:33:06 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForShermqn Cooper.job
[2013/04/09 18:52:25 | 000,009,728 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/09 18:46:24 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/04/09 18:46:24 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/04/09 08:03:22 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 06:25:00 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BLACKLIGHT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/04/09 06:20:15 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/04/09 05:59:41 | 000,757,060 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/09 05:59:41 | 000,636,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/09 05:59:41 | 000,110,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/08 09:45:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/08 09:45:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/08 09:18:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
[2013/04/08 09:04:34 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shermqn Cooper.job
[2013/04/08 07:21:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/10 05:47:34 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/04/09 06:25:00 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BLACKLIGHT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/04/09 06:20:15 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/04/09 05:46:14 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\ActiveMail Updater.job
[2013/04/09 05:46:03 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2013/04/08 07:21:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 07:01:02 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shermqn Cooper.job
[2013/04/08 07:01:00 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shermqn Cooper.job
[2013/04/08 07:00:49 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shermqn Cooper.job
[2013/04/07 14:11:52 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForShermqn Cooper.job
[2012/08/20 18:29:04 | 000,000,238 | ---- | C] () -- C:\Windows\SysWow64\initparams.ini
[2012/06/30 09:52:44 | 000,009,728 | ---- | C] () -- C:\Users\Shermqn Cooper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/13 21:56:05 | 000,001,199 | ---- | C] () -- C:\Users\Shermqn Cooper\AppData\Roaming\result.db
[2012/04/13 21:34:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/02 17:01:47 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/02 18:34:26 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/26 02:33:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/05 12:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/13 08:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
DeeDee12
2013-04-10, 18:20
Checked programs and files and there was a file "BearShare" in "My Music" but the folder was empty. Is there a way to deleted the folder?. Thanks.
My machine seems to be slowing down now. :sick:
DeeDee12
2013-04-10, 19:14
When I open Google Chrome, on the infected machine, 2 tabs open. One says "search" with www.searchnu.com/406. I dont know if this is needed. I thought it would just be a regular Chrome home page that would be opened.
The other tab says "search.babylon.com" in the address bar.
Also I forgot to inform you that on the infected machine, after I finished running the AVG removal tool, it did not produce "avgremover.txt" log on the desktop.
There is something on the desktop (it was already there) that says AVGInstLog. When I place the cursor over it it says "compressed files". Should this be kept or deleted?
Dakeyras
2013-04-11, 11:01
Hi. :)
My machine seems to be slowing down now. :sick:
This may be of help:-
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
Also I forgot to inform you that on the infected machine, after I finished running the AVG removal tool, it did not produce "avgremover.txt" log on the desktop.
There is something on the desktop (it was already there) that says AVGInstLog. When I place the cursor over it it says "compressed files". Should this be kept or deleted?
Aye go ahead and delete it etc. Every thing else you have mentioned should be taken care of by the below...
Reset Google Chrome:
Click on Start(Windows 7 Orb) >> Run... and copy and paste the below from the code-box and click on OK
%USERPROFILE%\AppData\Local\Google\Chrome\User Data
Navigate to the folder called Default in the directory window that opens and right-click on it and select Rename.
Now rename it as Backup Default. Now launch Google Chrome and check if the issues you mentioned are still present.
Custom OTL Script:
Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[CreateRestorePoint]
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox
[2013/04/09 05:51:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/20 18:05:53 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Ranges: Range1 ( in Trusted sites)
:Files
C:\Program Files (x86)\AVG
C:\Program Files (x86)\Java
C:\Program Files (x86)\Yahoo!
C:\Users\Shermqn Cooper\Music\BearShare
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
:Reg
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]
:Commands
[ResetHosts]
[EmptyTemp]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Install Microsoft Security Essentials:
Download the installer for Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/) to the desktop.
Right-click on the installer for Microsoft Security Essentials(mseinstall.exe) and select Run as Administrator.
Follow the prompts to install >> when asked if you want to turn one the Windows Firewall, agree to this...
Update >> Carry Out a Quick Scan. Have it fix/remove anything it finds.
Note: If anything was removed please make a note of it, to copy anything found/removed:-
Click on Start(Windows 7 Orb) >> Control Panel >> Administrative Tools >> Event Viewer >> Windows Logs >> System
Locate:-
Source= Microsoft Antimalware Event ID=1001 (scan finished)
Next:
When completed the above, please post back the following in the order asked for:
How is the computer performing now, any further symptoms and or problems encountered ?
OTL Log from the Custom Script.
Did Microsoft Security Essentials find/remove anything ?
DeeDee12
2013-04-11, 18:51
Computer seems be be running fine.
Yahoo! Toolbar is back in Programs and Features, but it seems to be ok. Is that ok?
OTL:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ not found.
HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{317D3F46-EAFE-415B-BC52-E8D648A2C775}\ not found.
Registry key HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}\ not found.
Registry key HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}\ not found.
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1\ deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com deleted successfully.
File C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox not found.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults\preferences folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\skin folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\locale\en-US folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\locale folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\content folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com folder moved successfully.
Folder C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\ not found.
Folder C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ not found.
Registry key HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\genieo.com\yahoo\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\* deleted successfully.
Invalid CLSID key: *
========== FILES ==========
C:\Program Files (x86)\AVG\AVG2012\Drivers folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG folder moved successfully.
C:\Program Files (x86)\Java\jre6\lib\ext folder moved successfully.
C:\Program Files (x86)\Java\jre6\lib folder moved successfully.
C:\Program Files (x86)\Java\jre6\bin folder moved successfully.
C:\Program Files (x86)\Java\jre6 folder moved successfully.
C:\Program Files (x86)\Java folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0 folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Data folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion folder moved successfully.
C:\Program Files (x86)\Yahoo!\Common folder moved successfully.
C:\Program Files (x86)\Yahoo! folder moved successfully.
C:\Users\Shermqn Cooper\Music\BearShare folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shermqn Cooper\Desktop\cmd.bat deleted successfully.
C:\Users\Shermqn Cooper\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Shermqn Cooper\Desktop\cmd.bat deleted successfully.
C:\Users\Shermqn Cooper\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Shermqn Cooper\Desktop\cmd.bat deleted successfully.
C:\Users\Shermqn Cooper\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: hedev
->Temp folder emptied: 43164427 bytes
User: Public
User: Shermqn Cooper
->Temp folder emptied: 3948389448 bytes
->Temporary Internet Files folder emptied: 833709167 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 87144297 bytes
->Google Chrome cache emptied: 6678718 bytes
->Flash cache emptied: 60973 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3307728 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 369740986 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 990766 bytes
Total Files Cleaned = 5,048.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04112013_071919
Files\Folders moved on Reboot...
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\e=2;sz=728x90,1008x150,1008x200,1008x30,9x1;p=t;p=top;ct=com;ua=2;r=afc;g=brc;id=tt0024339;g=dr;g=ro;tt=f;coo=usa;k=c;ab=e;;u=3686446292805891.5;ord=3686446292805891[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\maindetails;tile=3;sz=300x250,300x600,11x1;p=tr;p=tc;ct=com;ua=2;r=afc;g=brc;id=tt0024339;g=dr;g=ro;tt=f;coo=usa;k=c;ab=e;;u=3686446292805891.5;ord=3686446292805891[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=300x120_top;tile=4;sz=300x120;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=300x250;tile=3;sz=300x250;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=300x250;tile=7;sz=300x250;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\sz=450x60;mpvid=AAS68ygeuK2rWYN1;!c=1123;k2=3;k2=34;k2=1106;kvid=8tCqSm4Phug;shortform=1;kpid=1123;kga=-1;kgg=-1;kcr=us;kvz=204;longads=1;ytexp=907529.914041.909903[1].asx not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\t_videoclipsmoviedownloads;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=F;kw=the+reader+trailer;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=1903681969128292[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\t_videoclipsmoviedownloads;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=F;kw=the+reader+trailer;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=3838866801900785[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CW9RV76M\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=120x600;tile=5;sz=120x600;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C9NPSE7J\252525252520Itachi%252525252520Kakuzu%252525252520kisame%252525252520Konan%252525252520Naruto%252525252520Pein%252525252520sasori%252525252520Tobi%252525252520zetsu[1].jpg not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C9NPSE7J\e;aff=communities;aff=teens;artid=3856;dmn=wikiacom;hostpre=naruto;pos=TOP_RIGHT_BOXAD;wpage=mikoto_uchiha;lang=en;dis=large;hasp=yes;cat=characters;loc=top;admeld=0[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C9NPSE7J\nities;aff=teens;artid=3856;dmn=wikiacom;hostpre=naruto;pos=TOP_LEADERBOARD;wpage=mikoto_uchiha;lang=en;dis=large;hasp=yes;cat=characters;loc=top;dcopt=ist;admeld=-1[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4RD71HK\afct=site_content;tile=1;kvz=204;tves=2;kvid=8tCqSm4Phug;pos=pre;sz=480x70,480x360,480x361;k5=3_34_1106;khd=0;longads=1;!c=1123;kt=K;ko=c;ytexp=907529.914041.909903[1].asx not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4RD71HK\esatelliteproviders;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=R;kw=cinemax+nightcap+episodes;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=6324308902185103[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4RD71HK\lesatelliteproviders;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=R;kw=cinemax+nightcap+episodes;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=596017488604290[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6R3UEZLS\0,300x250;mpvid=AAS68ygeuK2rWYN1;!c=1123;k2=3;k2=34;k2=1106;kvid=8tCqSm4Phug;shortform=1;kpid=1123;kga=-1;kgg=-1;kcr=us;kvz=204;longads=1;ytexp=907529.914041.909903[1].htm not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6R3UEZLS\;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;dcopt=ist;slot=728x90,468x60;tile=1;sz=728x90,468x60;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6R3UEZLS\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=900x250;tile=2;sz=900x250;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6R3UEZLS\ro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=300x120_bottom;tile=6;sz=300x120;test=pagepeel;ord=3058252066174628[1].js not found!
C:\Users\Shermqn Cooper\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
MSE: there were no problems found.:bigthumb:
DeeDee12
2013-04-11, 19:35
I just restarted the infected machine. When the desktop came it there is a "Windows Security Alert" box in the middle of the screen.
It says "Windows Firewall has blocked some features of this program".
Windows Firewall has blocked some features of Akamai NetSession Client on all public and private networks.
Name: Akamai NetSession Client
Publisher: Akamai Technologies, Inc.
Path: C:\users\shermqn cooper \appdata\local\akamai
\netsession_win.exe
Allow Akamai NetSession Client to communicate on these networks:
then it has the Private Networks box checked and the public networks box unchecked. It then asks to Allow access or Cancel.
I am not sure what to do so I have just left it there and not checked anything until I hear from you. Thanks.
Dakeyras
2013-04-12, 11:34
Hi. :)
MSE: there were no problems found.:bigthumb:
Good.
I am not sure what to do so I have just left it there and not checked anything until I hear from you. Thanks.
This is fine to allow, reason for the prompt the prior custom OTL script reset the inbuilt Windows 7 Firewall settings etc.
Yahoo! Toolbar is back in Programs and Features, but it seems to be ok. Is that ok?
Hmm a strange one that as according to the custom OTL script log the entry was deleted successfully.
OK not a problem...download and install the toolbar from here (http://uk.toolbar.yahoo.com/), then uninstall it.
Next:
Let check/update some software as follows shall we...
Download and install FileHippo Update Checker from here (http://www.filehippo.com/updatechecker/).
Once installed(during the installation process deselect the option:- Run at Startup >> Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Programs and Features in the Control Panel.
Re-install the updated software, delete the installers and then empty the Recycle Bin.
When completed the above let myself know and if any further issues remaining, thank you.
Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.
DeeDee12
2013-04-12, 18:52
Ok. I allowed Akamai NetSession Client.
I went to reinstall the Yahoo! Toolbar but it was blocked. It said the one that was installed was the updated version. Should I just leave it alone or will it cause more problems.
I downloaded FileHippo Update Checker. Ran it and it found about 8 updates and about 3 beta updates. I did not download the beta ones.
When I did the downloads they did not go to the desktop, they went to the downloads folder. I sent them to the desktop from there. I have ran all of them except one "Evernote4". When I clicked to update Evernote4 from the desktop icon I received a message saying "Setup error, The installer was unable to uninstall a previous version of Evernote4 from your computer. Please uninstall Evernote4 manually then restart the installer from this location: C:Users\Shermqn Cooper\Downloads\Evernote4_4.6.4.8136.exe.
Just thought I would check with you before I did it.
You also said to delete the installers am I right to assume that I will need to delete them from the downloads folder as well as the desktop icons?..Many, many thanks again for all of your help.
Dakeyras
2013-04-12, 22:27
Hi. :)
I went to reinstall the Yahoo! Toolbar but it was blocked. It said the one that was installed was the updated version. Should I just leave it alone or will it cause more problems.
Aye leave it for the time being please...
However do check for myself if there is anything absolutely Yahoo related in either of the Program Files or Program Files (x86) folders. In the event their is, double-click on the respective folder and check if anything is present inside etc.
Also check again if either Yahoo! Software Update or Yahoo! Toolbar are still present in Programs and Features.
When I did the downloads they did not go to the desktop, they went to the downloads folder. I sent them to the desktop from there. I have ran all of them except one "Evernote4". When I clicked to update Evernote4 from the desktop icon I received a message saying "Setup error, The installer was unable to uninstall a previous version of Evernote4 from your computer. Please uninstall Evernote4 manually then restart the installer from this location: C:Users\Shermqn Cooper\Downloads\Evernote4_4.6.4.8136.exe.
Just thought I would check with you before I did it.
Aye that is fine so is what you enquired about etc.
You also said to delete the installers am I right to assume that I will need to delete them from the downloads folder as well as the desktop icons?..Many, many thanks again for all of your help.
Correct, as in once finished with the installers go ahead and delete them and you're welcome!
DeeDee12
2013-04-13, 02:36
Yahoo! Toolbar:
There's nothing in either Program Files or Program Files (x86) folders.
When I checked Programs and Features it said an error occurred trying to uninstall Yahoo! Toolbar. It may have already been uninstalled. Would you like to remove Yahoo! Toolbar from Programs and Features. I clicked yes.
Evernote4 updated correctly. I have no idea what it is for but its not my computer. ;)
I have deleted the installers...
:clap:
Dakeyras
2013-04-13, 11:49
Hi. :)
Yahoo! Toolbar:
There's nothing in either Program Files or Program Files (x86) folders.
When I checked Programs and Features it said an error occurred trying to uninstall Yahoo! Toolbar. It may have already been uninstalled. Would you like to remove Yahoo! Toolbar from Programs and Features. I clicked yes.
Good, that's sorted then.
Evernote4 updated correctly. I have no idea what it is for but its not my computer. ;)
Basically it is like a Filofax for a computer, it may be used in this instance to save information about games since your friends son appears to be a online gamer. This is just a guess what it may actually be used for as you would have to ask the lad himself.
I have deleted the installers...
:clap:
Acknowledged...
Congratulations the computer appears to be malware free!
Clean up with OTL:
Right-click OTL and select Run as Administrator to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.
Any left over merely delete yourself and empty the Recycle Bin.
Reset the System Restore points:
Create a new, clean System Restore point:-
Right click on Computer and select Properties >> System protection >> Create.
Give this restore point a descriptive name and click Create.
When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!
Flush Old System Restore points:-
Next click Start(Windows 7 Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
cleanmgr in the box and press OK.
Select the system drive, C >> OK.
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Click on Clean up system files >> Select the system drive, C >> OK.
Now click on the More Options tab.
Under:-
System Restore and Shadow Copies
Click on Clean up... >> Delete >> OK >> Delete Files.
Next:
Be a good idea to bookmark this topic (http://forums.spybot.info/showthread.php?t=279) on the computer we have been working on and show it your friends son etc.
Any questions? Feel free to ask, if not stay safe!
DeeDee12
2013-04-13, 22:52
Thank you so very, very much..I know this will be one very happy young man. None of us can afford the cost of going to a so call pro, they dont always complete the job anyway. I have be coming here for a few years and I know you all are the best and will do whatever it takes to help. You do this because you want too and that is what makes you so very special.
The young man has been without this computer for awhile, I know he will be over joyed.
I thank you again and I will be sure to show him this thread so that he can see all the trouble you went through to get it going.
Are there any other things I should do at this point?.. If not, be blessed and you are "AWESOME!!!":crowned: :thanks:
Dakeyras
2013-04-13, 23:13
You're most welcome/thank you for the compliment...
No further action/advice is required on my behalf per-say and your good to go so to speak, give the computer back to the lad etc. :)
Dakeyras
2013-04-15, 12:53
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.