Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Member
    Join Date
    Nov 2013
    Posts
    8
    Points
    0

    Default PC running slow and IE8 keeps opening by itself.

    Hi, I am sure I have a virus of some kind. Internet explorer keeps opening by itself despite having Firefox as default. I have Windows Defender which has shown no problems. I ran Malwarebytes and Spybot which both came up with nothing. Today I installed Super AntiSpyware which showed a Trojan. Here are the logs for Hijackthis, Malwarebytes and SAS. Please could you tell me if my PC is now clean and safe now or if there is anything else that I need to do to fix it. I use Windows XP with 1.49 GB of RAM

    Thanks in advance for any help you can give me.
    Karen

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:05:33, on 13/11/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Samsung\Kies\Kies.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sky.com | Your Home for the Latest Sky News, Sports & Entertainment
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sky.com | Your Home for the Latest Sky News, Sports & Entertainment
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/po...loader_v10.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

    --
    End of file - 9748 bytes

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 11/13/2013 at 02:47 PM

    Application Version : 5.6.1042

    Core Rules Database Version : 10886
    Trace Rules Database Version: 8698

    Scan type : Complete Scan
    Total Scan Time : 03:20:32

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 603
    Memory threats detected : 0
    Registry items scanned : 37188
    Registry threats detected : 0
    File items scanned : 59023
    File threats detected : 9

    Adware.Tracking Cookie
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2RHHG0UK.txt [ Cookie:system@atdmt.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TPX87TBS.txt [ Cookie:system@doubleclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GQP9SJ37.txt [ Cookie:system@readserver.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9X256JAH.txt [ Cookie:system@content.yieldmanager.com/ak/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U9W8T6EE.txt [ Cookie:system@content.yieldmanager.com/ ]
    content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\ANY USER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LT3J4Y7M ]
    serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ANY USER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LT3J4Y7M ]
    content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3YYWRWH7 ]

    Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{429B3D1E-98FE-4CCA-BBFB-A63609A082F6}\RP1553\A0173632.EXE

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.11.07.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Any User :: MAINPC [administrator]

    Protection: Enabled

    07/11/2013 15:25:31
    mbam-log-2013-11-07 (15-25-31).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 326051
    Time elapsed: 1 hour(s), 29 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 1
    C:\Documents and Settings\Any User\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

    Files Detected: 4
    C:\Documents and Settings\Any User\My Documents\Downloads\DAEMONToolsPro520-0348.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Any User\My Documents\Downloads\PDFReaderSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    C:\Program Files\PDFReader\Uninstall\Uninstall.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Any User\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

    (end)

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Kazashy1,

    Welcome to Help2Go!

    My apologies for the delay in responding.

    Today I installed Super AntiSpyware which showed a Trojan.
    As you can see below, the trojan was found in SYSTEM VOLUME INFORMATION which is where your System Restore Points are saved to:

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{429B3D1E-98FE-4CCA-BBFB-A63609A082F6}\RP1553\A0173632.EXE

    What ever you do, please do not use System Restore to restore your computer to an earlier time. I'll clean up those Restore Points here shortly.

    Please run the following scans and post the logs requested:

    1st:

    Please uninstall Spybot - Search & Destroy 2 before we begin to prevent it from interfering with any fixes. We can re-install once we are finished.

    Thank you.


    Next:

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.


    Next:

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



    Next:

    Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista - W7 users: Right-click and select "Run As Administrator".
      If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
    • Click the Start Scan button. Do not use the computer during the scan!
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
      • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:\).
    • Copy and paste the contents of that file in your next reply.


    Please post the 4 logs requested in your next reply:

    OTL.txt
    Extras.txt
    AdwCleaner.txt
    TDSSKiller.txt


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Nov 2013
    Posts
    8
    Points
    0

    Default

    Hi Donna,
    Thank you so much. Here are the 4 logs.

    OTL logfile created on: 14/11/2013 09:42:15 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Any User\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.49 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 43.27% Memory free
    2.83 Gb Paging File | 2.02 Gb Available in Paging File | 71.28% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 28.45 Gb Free Space | 38.19% Space Free | Partition Type: NTFS

    Computer Name: MAINPC | User Name: Any User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/14 08:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    PRC - [2013/11/05 17:56:23 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/10/17 15:04:30 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/05/25 00:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/31 08:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012/08/31 08:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/08/31 08:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
    PRC - [2010/10/19 10:56:46 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2009/01/08 08:42:54 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/27 18:36:32 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2013/10/11 12:00:58 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/11 11:57:48 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
    MOD - [2013/10/11 11:57:18 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/11 11:56:46 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bae93d40999e6497d4efb81429d15943\PresentationFramework.ni.dll
    MOD - [2013/10/11 11:55:24 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\065efe0fe58c464f5fb108cb0791e6ad\PresentationCore.ni.dll
    MOD - [2013/10/11 11:54:42 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25798162f0e3229e9754b28f5b6d9dd\WindowsBase.ni.dll
    MOD - [2013/10/10 21:46:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013/08/16 08:03:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/16 08:03:34 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
    MOD - [2013/08/15 21:59:38 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/15 21:59:07 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
    MOD - [2013/08/15 21:56:41 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/07/11 09:31:12 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll
    MOD - [2013/07/10 22:44:07 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2013/06/04 07:23:02 | 000,562,688 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
    MOD - [2013/03/13 20:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\libcef.dll
    MOD - [2013/01/02 06:48:28 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2012/11/13 23:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2012/10/01 12:23:56 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Any User\Local Settings\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
    MOD - [2012/08/31 08:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2012/08/31 08:46:26 | 015,342,592 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    MOD - [2012/08/31 08:45:44 | 000,559,616 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    MOD - [2012/08/28 09:23:40 | 000,034,816 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    MOD - [2012/08/28 09:22:46 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    MOD - [2012/08/28 09:06:08 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll
    MOD - [2012/08/28 09:05:16 | 000,659,408 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
    MOD - [2012/08/28 09:05:16 | 000,552,400 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
    MOD - [2012/08/28 09:05:16 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
    MOD - [2012/08/28 09:05:16 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
    MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2008/04/14 03:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 03:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
    MOD - [2008/04/14 03:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


    ========== Services (SafeList) ==========

    SRV - [2013/11/07 11:27:49 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/10/09 17:12:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2009/01/08 08:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/11/14 09:36:38 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A056EC21-C948-44DF-84CB-8D9969B06BEA}\MpKsl332279d5.sys -- (MpKsl332279d5)
    DRV - [2013/10/27 18:36:10 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
    DRV - [2013/10/17 15:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2013/10/17 15:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/06/27 08:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2012/06/27 08:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
    DRV - [2012/06/27 08:37:56 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
    DRV - [2012/06/27 08:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV - [2011/12/20 02:46:50 | 000,021,504 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/11/25 06:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2009/01/08 08:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2008/05/29 18:33:35 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/05/29 18:31:21 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Sky.com | Your Home for the Latest Sky News, Sports & Entertainment
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sky.com | Your Home for the Latest Sky News, Sports & Entertainment
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/12 11:41:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/07 11:26:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/07 11:27:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/12 11:41:37 | 000,000,000 | ---D | M]

    [2011/06/15 10:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Any User\Application Data\Mozilla\Extensions
    [2013/09/27 11:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Any User\Application Data\Mozilla\Firefox\Profiles\6ijq93f8.default-1368782195859\extensions
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/11/07 11:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/11/07 11:27:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: Google
    CHR - Extension: Google Docs = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Docs = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/11/08 14:24:15 | 000,450,581 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 ???-www.0scan.com-???
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 博彩通,博彩网,金宝博188,博彩通评级,百家乐,奥妙百家乐
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15468 more lines...
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - Startup: C:\Documents and Settings\Any User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/po...loader_v10.cab (PopCapLoader Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13E0217E-FF20-4DE9-8EA9-26F219294A5E}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Any User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Any User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/14 14:15:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/14 09:22:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Any User\Desktop\tdsskiller.exe
    [2013/11/14 09:14:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/11/14 08:44:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    [2013/11/13 15:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Desktop\Antivirus
    [2013/11/13 11:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [2013/11/13 11:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\SUPERAntiSpyware.com
    [2013/11/13 11:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2013/11/13 11:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/11/13 11:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2013/11/13 10:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Start Menu\Programs\HiJackThis
    [2013/11/13 10:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2013/11/12 09:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013/11/12 09:50:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/11/12 09:50:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/11/12 09:50:22 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/11/12 09:50:22 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/11/12 09:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
    [2013/11/08 14:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2013/11/08 14:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/11/07 15:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\Malwarebytes
    [2013/11/07 15:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/11/07 15:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/11/07 15:21:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/11/07 15:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/11/07 11:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
    [2013/11/07 11:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
    [2013/11/07 11:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/11/02 14:50:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Any User\Recent
    [2013/10/23 10:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2013/10/23 10:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2013/10/23 10:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
    [2013/10/23 10:18:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer
    [2013/10/21 10:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\SumatraPDF
    [2013/10/21 10:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\PDF Reader Packages
    [2013/10/21 10:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2013/10/21 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\DSite
    [2013/10/21 10:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
    [2013/10/17 15:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/14 10:04:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/14 10:02:51 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2013/11/14 09:46:04 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/11/14 09:37:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/11/14 09:36:43 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/14 09:35:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/11/14 09:33:44 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2013/11/14 09:22:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Any User\Desktop\tdsskiller.exe
    [2013/11/14 09:13:57 | 001,085,542 | ---- | M] () -- C:\Documents and Settings\Any User\Desktop\AdwCleaner.exe
    [2013/11/14 09:11:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/11/14 08:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    [2013/11/13 22:32:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/11/13 19:24:04 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1556acdf-7763-49da-a160-53035927d014.job
    [2013/11/13 14:53:06 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/11/13 11:24:44 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7ca0f79e-dc93-4383-b046-f9d5dc932607.job
    [2013/11/08 16:40:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/11/08 14:24:15 | 000,450,581 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/10/27 08:08:13 | 000,433,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/10/27 08:08:13 | 000,067,862 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/16 10:31:29 | 000,014,806 | ---- | M] () -- C:\Documents and Settings\Any User\My Documents\Menu.odt
    [2013/10/15 21:40:25 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/14 09:33:32 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2013/11/14 09:13:37 | 001,085,542 | ---- | C] () -- C:\Documents and Settings\Any User\Desktop\AdwCleaner.exe
    [2013/11/13 22:32:01 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2013/11/13 15:02:25 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2013/11/13 11:37:30 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/11/13 11:24:44 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7ca0f79e-dc93-4383-b046-f9d5dc932607.job
    [2013/11/13 11:24:44 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1556acdf-7763-49da-a160-53035927d014.job
    [2013/10/22 10:18:04 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
    [2013/10/22 10:18:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
    [2013/10/16 10:34:52 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/04/03 13:47:39 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\Any User\Local Settings\Application Data\recently-used.xbel
    [2012/08/28 09:04:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2012/08/28 09:04:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2012/08/28 09:04:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2012/08/28 09:04:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2012/08/28 09:04:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2012/02/16 09:15:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/02/17 20:54:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/19 10:41:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\$_hpcst$.hpc
    [2010/08/14 11:06:07 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Any User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/14 14:36:05 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\Launch Internet Explorer Browser.lnk

    ========== ZeroAccess Check ==========

    [2011/10/22 10:06:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/17 09:43:54 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/10/30 08:57:57 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Any User\My Documents\CCCS letter.odt:SummaryInformation
    @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
    @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CCCAD05

    < End of report >


    OTL Extras logfile created on: 14/11/2013 09:42:16 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Any User\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.49 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 43.27% Memory free
    2.83 Gb Paging File | 2.02 Gb Available in Paging File | 71.28% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 28.45 Gb Free Space | 38.19% Space Free | Partition Type: NTFS

    Computer Name: MAINPC | User Name: Any User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "88:UDP" = 88:UDP:*:Enabled:xbox
    "3074:UDP" = 3074:UDP:*:Enabled:xbox2
    "3074:TCP" = 3074:TCP:*:Enabled:xbox
    "53:TCP" = 53:TCP:*:Enabled:xbox3
    "53:UDP" = 53:UDP:*:Enabled:xbox3
    "80:TCP" = 80:TCP:*:Enabled:xbox4
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
    "9500:TCP" = 9500:TCP:*:Enabledrinter
    "9290:TCP" = 9290:TCP:*:Enabledrinter 2
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
    "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
    "C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\Any User\Local Settings\Temp\7zS6096\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Any User\Local Settings\Temp\7zS6096\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
    "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
    "{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Backspin Billiards" = Backspin Billiards
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
    "CCleaner" = CCleaner
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Digital Editions" = Adobe Digital Editions
    "DTC Library" = DTC Library
    "Google Chrome" = Google Chrome
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Photo Creations" = HP Photo Creations
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "Kobo" = Kobo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Rapport_msi" = Trusteer Endpoint Protection
    "Shop for HP Supplies" = Shop for HP Supplies
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "MyFreeCodec" = MyFreeCodec
    "PDF Reader Packages" = PDF Reader Packages

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/11/2013 03:32:11 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 11/11/2013 19:11:11 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P2 4.3.219.0, P3 timeout, P4 1.1.10003.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/11/2013 04:16:03 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 13/11/2013 07:15:34 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 13/11/2013 10:06:40 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P2 4.3.219.0, P3 timeout, P4 1.1.10003.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 13/11/2013 10:44:33 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P2 4.3.219.0, P3 timeout, P4 1.1.10003.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 13/11/2013 10:53:17 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 14/11/2013 04:10:25 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 14/11/2013 04:10:25 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
    NIL.

    Error - 14/11/2013 04:11:49 | Computer Name = MAINPC | Source = SDUpdSvc.exe | ID = 0
    Description =

    [ System Events ]
    Error - 13/11/2013 05:33:36 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
    following error: %%1053

    Error - 13/11/2013 05:33:36 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 13/11/2013 05:33:36 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 13/11/2013 07:15:51 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 13/11/2013 07:15:51 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 13/11/2013 10:53:15 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 13/11/2013 10:53:15 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 13/11/2013 18:32:30 | Computer Name = MAINPC | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x8007f0f4: Security Update for Windows XP (KB2686509).

    Error - 14/11/2013 04:11:01 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 14/11/2013 04:11:01 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053


    < End of report >


    # AdwCleaner v3.012 - Report created 14/11/2013 at 10:12:15
    # Updated 11/11/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Any User - MAINPC
    # Running from : C:\Documents and Settings\Any User\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\WINDOWS\Downloaded Program Files\popcaploader.inf
    Folder Found C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec
    Folder Found C:\Documents and Settings\Any User\Application Data\DSite
    Folder Found C:\Program Files\myfree codec

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\dsiteproducts
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Key Found : HKCU\Software\Myfree Codec
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
    Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
    Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
    Key Found : HKLM\Software\Myfree Codec
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe]
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v25.0 (en-US)

    [ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\wb6rty6o.default\prefs.js ]


    [ File : C:\Documents and Settings\Any User\Application Data\Mozilla\Firefox\Profiles\6ijq93f8.default-1368782195859\prefs.js ]


    -\\ Google Chrome v31.0.1650.48

    [ File : C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4001 octets] - [14/11/2013 09:14:26]
    AdwCleaner[R1].txt - [3906 octets] - [14/11/2013 10:12:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3966 octets] ##########

    10:14:39.0281 0x0874 TDSS rootkit removing tool 3.0.0.17 Nov 12 2013 19:54:52
    10:14:42.0703 0x0874 ============================================================
    10:14:42.0703 0x0874 Current date / time: 2013/11/14 10:14:42.0703
    10:14:42.0703 0x0874 SystemInfo:
    10:14:42.0703 0x0874
    10:14:42.0703 0x0874 OS Version: 5.1.2600 ServicePack: 3.0
    10:14:42.0703 0x0874 Product type: Workstation
    10:14:42.0703 0x0874 ComputerName: MAINPC
    10:14:42.0703 0x0874 UserName: Any User
    10:14:42.0703 0x0874 Windows directory: C:\WINDOWS
    10:14:42.0703 0x0874 System windows directory: C:\WINDOWS
    10:14:42.0703 0x0874 Processor architecture: Intel x86
    10:14:42.0703 0x0874 Number of processors: 2
    10:14:42.0703 0x0874 Page size: 0x1000
    10:14:42.0703 0x0874 Boot type: Normal boot
    10:14:42.0703 0x0874 ============================================================
    10:14:47.0890 0x0874 System UUID: {73061329-86D8-6BD3-D37A-A94C555212DD}
    10:14:49.0718 0x0874 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    10:14:49.0734 0x0874 ============================================================
    10:14:49.0734 0x0874 \Device\Harddisk0\DR0:
    10:14:49.0734 0x0874 MBR partitions:
    10:14:49.0734 0x0874 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
    10:14:49.0734 0x0874 ============================================================
    10:14:49.0781 0x0874 C: <-> \Device\Harddisk0\DR0\Partition1
    10:14:49.0781 0x0874 ============================================================
    10:14:49.0781 0x0874 Initialize success
    10:14:49.0781 0x0874 ============================================================
    10:14:56.0968 0x04a4 ============================================================
    10:14:56.0968 0x04a4 Scan started
    10:14:56.0968 0x04a4 Mode: Manual;
    10:14:56.0968 0x04a4 ============================================================
    10:14:56.0968 0x04a4 KSN ping started
    10:15:00.0406 0x04a4 KSN ping finished: true
    10:15:01.0109 0x04a4 ================ Scan system memory ========================
    10:15:01.0109 0x04a4 System memory - ok
    10:15:01.0109 0x04a4 ================ Scan services =============================
    10:15:01.0250 0x04a4 [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    10:15:01.0265 0x04a4 !SASCORE - ok
    10:15:01.0531 0x04a4 Abiosdsk - ok
    10:15:01.0593 0x04a4 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    10:15:01.0593 0x04a4 ACPI - ok
    10:15:01.0640 0x04a4 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    10:15:01.0640 0x04a4 ACPIEC - ok
    10:15:01.0750 0x04a4 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:15:01.0750 0x04a4 AdobeFlashPlayerUpdateSvc - ok
    10:15:01.0812 0x04a4 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    10:15:01.0812 0x04a4 aec - ok
    10:15:01.0875 0x04a4 [ 30BB1BDE595CA65FD5549462080D94E5, 04BAFCC9445F82A2CAA9852F1B35ECBD18CDD6333E73F6861704E96D740A7C79 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
    10:15:01.0875 0x04a4 AegisP - ok
    10:15:01.0937 0x04a4 [ F6B7B1ECD7B41736BDB6FF4B092BCB79, B892C7303E08238C025409D602CB2F58D273B19B81CF04E26EA52A27EE7706DB ] AFD C:\WINDOWS\System32\drivers\afd.sys
    10:15:01.0937 0x04a4 AFD - ok
    10:15:01.0984 0x04a4 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    10:15:01.0984 0x04a4 Alerter - ok
    10:15:02.0000 0x04a4 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
    10:15:02.0000 0x04a4 ALG - ok
    10:15:02.0015 0x04a4 AliIde - ok
    10:15:02.0125 0x04a4 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    10:15:02.0125 0x04a4 Apple Mobile Device - ok
    10:15:02.0140 0x04a4 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    10:15:02.0156 0x04a4 AppMgmt - ok
    10:15:02.0265 0x04a4 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    10:15:02.0265 0x04a4 aspnet_state - ok
    10:15:02.0296 0x04a4 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    10:15:02.0296 0x04a4 AsyncMac - ok
    10:15:02.0343 0x04a4 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    10:15:02.0343 0x04a4 atapi - ok
    10:15:02.0343 0x04a4 Atdisk - ok
    10:15:02.0343 0x04a4 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    10:15:02.0359 0x04a4 Atmarpc - ok
    10:15:02.0406 0x04a4 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    10:15:02.0406 0x04a4 AudioSrv - ok
    10:15:02.0421 0x04a4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    10:15:02.0421 0x04a4 audstub - ok
    10:15:02.0453 0x04a4 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9, 16F076B9816E28541C58FE9695EB883211C284AA025E9F49B19E7DD4E6BDA94D ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    10:15:02.0453 0x04a4 b57w2k - ok
    10:15:02.0515 0x04a4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    10:15:02.0515 0x04a4 Beep - ok
    10:15:02.0578 0x04a4 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
    10:15:02.0593 0x04a4 BITS - ok
    10:15:02.0718 0x04a4 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    10:15:02.0718 0x04a4 Bonjour Service - ok
    10:15:02.0781 0x04a4 [ D3FACB34FFF5DB91ADB70987838F8BA7, 5892F2070F040D0E80D527BE7422F5583548BECF36BBDA07E1CF246A8B5E60E4 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
    10:15:02.0781 0x04a4 Brother XP spl Service - ok
    10:15:02.0843 0x04a4 [ FC6D1D80588D371F0321E15A75B2F8F2, C87F45BA56B273ED75693BA88879AA5E39F4DEAD7A0F386A4E51171961F880EB ] Browser C:\WINDOWS\System32\browser.dll
    10:15:02.0843 0x04a4 Browser - ok
    10:15:02.0890 0x04a4 [ 92A964547B96D697E5E9ED43B4297F5A, 01A84802B68253FF093EAFED5B85DE716BB85EBD080D92D4814B6FB39286CD24 ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
    10:15:02.0890 0x04a4 BrScnUsb - ok
    10:15:02.0937 0x04a4 [ C121E10C64318182A6478ACAE1855EE0, A99812DA08E6034B807833087897C7731F1299B4B7D7012A1976DF90300BECF7 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
    10:15:02.0937 0x04a4 BrSerIf - ok
    10:15:02.0937 0x04a4 [ 7AC85CDC03BEFD78908B3B6A73D201D0, 338BE17C3FF86F4C4FB5810C844BCB404FFF2BF18239065410D24B155D8E32B8 ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
    10:15:02.0937 0x04a4 BrUsbSer - ok
    10:15:02.0984 0x04a4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    10:15:02.0984 0x04a4 Cdaudio - ok
    10:15:03.0046 0x04a4 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    10:15:03.0046 0x04a4 Cdfs - ok
    10:15:03.0109 0x04a4 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    10:15:03.0109 0x04a4 Cdrom - ok
    10:15:03.0109 0x04a4 Changer - ok
    10:15:03.0125 0x04a4 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
    10:15:03.0125 0x04a4 CiSvc - ok
    10:15:03.0140 0x04a4 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    10:15:03.0140 0x04a4 ClipSrv - ok
    10:15:03.0187 0x04a4 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:15:03.0187 0x04a4 clr_optimization_v2.0.50727_32 - ok
    10:15:03.0203 0x04a4 CmdIde - ok
    10:15:03.0203 0x04a4 COMSysApp - ok
    10:15:03.0218 0x04a4 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    10:15:03.0218 0x04a4 CryptSvc - ok
    10:15:03.0296 0x04a4 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    10:15:03.0328 0x04a4 DcomLaunch - ok
    10:15:03.0375 0x04a4 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    10:15:03.0375 0x04a4 Dhcp - ok
    10:15:03.0390 0x04a4 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    10:15:03.0390 0x04a4 Disk - ok
    10:15:03.0406 0x04a4 dmadmin - ok
    10:15:03.0468 0x04a4 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    10:15:03.0515 0x04a4 dmboot - ok
    10:15:03.0515 0x04a4 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    10:15:03.0531 0x04a4 dmio - ok
    10:15:03.0562 0x04a4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    10:15:03.0562 0x04a4 dmload - ok
    10:15:03.0593 0x04a4 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
    10:15:03.0609 0x04a4 dmserver - ok
    10:15:03.0609 0x04a4 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    10:15:03.0609 0x04a4 DMusic - ok
    10:15:03.0671 0x04a4 [ D977659AE4D8ECE5286D99D1ED34614D, 4D7DF9C6D5E8255DDD34AFCC04DA0B675162BF852D29DB50C6451C5BDD7269D5 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    10:15:03.0671 0x04a4 Dnscache - ok
    10:15:03.0734 0x04a4 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    10:15:03.0750 0x04a4 Dot3svc - ok
    10:15:03.0796 0x04a4 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    10:15:03.0796 0x04a4 drmkaud - ok
    10:15:03.0843 0x04a4 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
    10:15:03.0843 0x04a4 EapHost - ok
    10:15:03.0859 0x04a4 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
    10:15:03.0875 0x04a4 ERSvc - ok
    10:15:03.0921 0x04a4 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] Eventlog C:\WINDOWS\system32\services.exe
    10:15:03.0937 0x04a4 Eventlog - ok
    10:15:03.0953 0x04a4 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC, 51EDCDEB437A8984C086CC19C25958CBF0B8EB18FEA21173D1DCCDC39B6E64E1 ] EventSystem C:\WINDOWS\system32\es.dll
    10:15:03.0968 0x04a4 EventSystem - ok
    10:15:04.0031 0x04a4 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    10:15:04.0031 0x04a4 Fastfat - ok
    10:15:04.0109 0x04a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    10:15:04.0125 0x04a4 FastUserSwitchingCompatibility - ok
    10:15:04.0140 0x04a4 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    10:15:04.0156 0x04a4 Fdc - ok
    10:15:04.0171 0x04a4 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    10:15:04.0343 0x04a4 Fips - ok
    10:15:04.0406 0x04a4 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    10:15:04.0406 0x04a4 Flpydisk - ok
    10:15:04.0484 0x04a4 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    10:15:04.0500 0x04a4 FltMgr - ok
    10:15:04.0812 0x04a4 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    10:15:04.0828 0x04a4 FontCache3.0.0.0 - ok
    10:15:04.0890 0x04a4 [ 790A4CA68F44BE35967B3DF61F3E4675, 7CBC77C620ABA75FEF4BA8AD9C38766D50CD18106EBA4693F162F2C5A7D46AA8 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
    10:15:04.0906 0x04a4 FsUsbExDisk - ok
    10:15:04.0953 0x04a4 [ D3F9205CC4CB07553F2F9472C767EA87, B1DF2B8D718CF7958E5E0B367859EEFB45CC9042B1B88E0C4DA884DF2608B59A ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
    10:15:04.0984 0x04a4 FsUsbExService - ok
    10:15:05.0046 0x04a4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    10:15:05.0171 0x04a4 Fs_Rec - ok
    10:15:05.0265 0x04a4 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    10:15:05.0296 0x04a4 Ftdisk - ok
    10:15:05.0390 0x04a4 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    10:15:05.0453 0x04a4 GEARAspiWDM - ok
    10:15:05.0531 0x04a4 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    10:15:05.0531 0x04a4 Gpc - ok
    10:15:05.0640 0x04a4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    10:15:05.0640 0x04a4 gupdate - ok
    10:15:05.0656 0x04a4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    10:15:05.0656 0x04a4 gupdatem - ok
    10:15:05.0718 0x04a4 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
    10:15:05.0718 0x04a4 HidServ - ok
    10:15:05.0734 0x04a4 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    10:15:05.0734 0x04a4 hidusb - ok
    10:15:05.0796 0x04a4 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    10:15:05.0796 0x04a4 hkmsvc - ok
    10:15:05.0953 0x04a4 [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    10:15:05.0953 0x04a4 hpqcxs08 - ok
    10:15:06.0000 0x04a4 [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    10:15:06.0015 0x04a4 hpqddsvc - ok
    10:15:06.0046 0x04a4 [ A04F4AC48895774A2CF9D1C9EAAACEF0, 012F10DE086C3551D75716EF1F6DCC477C8C1E776267D9FC4073BEADAFD37C9C ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    10:15:06.0109 0x04a4 HPSLPSVC - ok
    10:15:06.0171 0x04a4 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    10:15:06.0171 0x04a4 HTTP - ok
    10:15:06.0250 0x04a4 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    10:15:06.0250 0x04a4 HTTPFilter - ok
    10:15:06.0312 0x04a4 [ 0F0194C4B635C10C3F785E4FEE52D641, A450D84AF1E2ECC59046B7DFAEF04AD0E70043A57BB2C954E4D8596D59979B48 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    10:15:06.0406 0x04a4 ialm - ok
    10:15:06.0546 0x04a4 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:15:06.0625 0x04a4 idsvc - ok
    10:15:06.0671 0x04a4 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    10:15:06.0671 0x04a4 Imapi - ok
    10:15:06.0703 0x04a4 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
    10:15:06.0703 0x04a4 ImapiService - ok
    10:15:06.0703 0x04a4 IntelIde - ok
    10:15:06.0750 0x04a4 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    10:15:06.0750 0x04a4 intelppm - ok
    10:15:06.0781 0x04a4 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    10:15:06.0781 0x04a4 Ip6Fw - ok
    10:15:06.0828 0x04a4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    10:15:06.0828 0x04a4 IpFilterDriver - ok
    10:15:06.0859 0x04a4 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    10:15:06.0859 0x04a4 IpInIp - ok
    10:15:06.0890 0x04a4 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    10:15:06.0906 0x04a4 IpNat - ok
    10:15:06.0984 0x04a4 [ D8B8B5A8FE57CF4F307A540D9A153C23, 1C5AA5C29204A90D11FF40A5DD5967CC7195F5C4ACD7E41CB94C230A7DFD459D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    10:15:07.0000 0x04a4 iPod Service - ok
    10:15:07.0093 0x04a4 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    10:15:07.0093 0x04a4 IPSec - ok
    10:15:07.0125 0x04a4 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    10:15:07.0140 0x04a4 IRENUM - ok
    10:15:07.0171 0x04a4 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    10:15:07.0171 0x04a4 isapnp - ok
    10:15:07.0343 0x04a4 [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    10:15:07.0343 0x04a4 JavaQuickStarterService - ok
    10:15:07.0390 0x04a4 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    10:15:07.0390 0x04a4 Kbdclass - ok
    10:15:07.0437 0x04a4 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    10:15:07.0437 0x04a4 kbdhid - ok
    10:15:07.0453 0x04a4 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    10:15:07.0453 0x04a4 kmixer - ok
    10:15:07.0531 0x04a4 [ C6EBF1D6AD71DF30DB49B8D3287E1368, 09A8F5BCE774BA8881195AB390692048C3B05EDC8C0BF3ACBC673FD391A29D72 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    10:15:07.0531 0x04a4 KSecDD - ok
    10:15:07.0578 0x04a4 [ 3695B8D03745B2F8022B161238347A9D, AFA2FFA9D3A5CA7383FA1A60C7E1C054EF6B0021A62B2AC3AAC499DF12765F93 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    10:15:07.0593 0x04a4 LanmanServer - ok
    10:15:07.0640 0x04a4 [ 3B9324D60DD321BAB7BF6F77931D3FD1, 060F32C57CF9ABE9039CDD51A7CA9DE33ED407E17ECA20DAA3AB0F795E798511 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    10:15:07.0656 0x04a4 lanmanworkstation - ok
    10:15:07.0656 0x04a4 lbrtfdc - ok
    10:15:07.0703 0x04a4 [ B280C4608AC389DA9515A35AC4CAB0FD, E76E91BDF525AFF78073C6D0EB1E65A0127BF818C0034313626DE432DFF7B631 ] libusb0 C:\WINDOWS\system32\drivers\libusb0.sys
    10:15:07.0703 0x04a4 libusb0 - ok
    10:15:07.0734 0x04a4 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    10:15:07.0750 0x04a4 LmHosts - ok
    10:15:07.0796 0x04a4 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    10:15:07.0796 0x04a4 MBAMProtector - ok
    10:15:07.0906 0x04a4 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    10:15:07.0937 0x04a4 MBAMScheduler - ok
    10:15:07.0984 0x04a4 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    10:15:08.0031 0x04a4 MBAMService - ok
    10:15:08.0046 0x04a4 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    10:15:08.0046 0x04a4 Messenger - ok
    10:15:08.0109 0x04a4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    10:15:08.0109 0x04a4 mnmdd - ok
    10:15:08.0156 0x04a4 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    10:15:08.0156 0x04a4 mnmsrvc - ok
    10:15:08.0203 0x04a4 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    10:15:08.0203 0x04a4 Modem - ok
    10:15:08.0234 0x04a4 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    10:15:08.0234 0x04a4 Mouclass - ok
    10:15:08.0250 0x04a4 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    10:15:08.0265 0x04a4 mouhid - ok
    10:15:08.0265 0x04a4 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    10:15:08.0265 0x04a4 MountMgr - ok
    10:15:08.0375 0x04a4 [ 5D494509432897338AFC19DB78A76DCB, 873F61F45D4A96096E17F9E266B1A20CCD65E4678DDB21DDE3DB98E831E524D3 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:15:08.0375 0x04a4 MozillaMaintenance - ok
    10:15:08.0437 0x04a4 [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    10:15:08.0437 0x04a4 MpFilter - ok
    10:15:08.0671 0x04a4 [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl332279d5 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A056EC21-C948-44DF-84CB-8D9969B06BEA}\MpKsl332279d5.sys
    10:15:08.0687 0x04a4 MpKsl332279d5 - ok
    10:15:08.0718 0x04a4 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    10:15:08.0734 0x04a4 MRxDAV - ok
    10:15:08.0765 0x04a4 [ FB2FCCC70F7174C7BF64F48E96D3ADF4, 484B4DF0A500CAE8AFA4F3A6393615A3963D91C95939025DF1A172C9A67D951D ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    10:15:08.0781 0x04a4 MRxSmb - ok
    10:15:08.0843 0x04a4 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    10:15:08.0843 0x04a4 MSDTC - ok
    10:15:08.0890 0x04a4 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    10:15:08.0890 0x04a4 Msfs - ok
    10:15:08.0906 0x04a4 MSIServer - ok
    10:15:08.0937 0x04a4 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    10:15:08.0937 0x04a4 MSKSSRV - ok
    10:15:09.0015 0x04a4 [ 0A7F86657755ADA92C57E597BF5151F7, E226DFF12C4930DF1D0F1D2E7CE7BFFDF62F6DC402200EEFE196D14172A59B63 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    10:15:09.0015 0x04a4 MsMpSvc - ok
    10:15:09.0046 0x04a4 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    10:15:09.0046 0x04a4 MSPCLOCK - ok
    10:15:09.0046 0x04a4 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    10:15:09.0062 0x04a4 MSPQM - ok
    10:15:09.0093 0x04a4 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    10:15:09.0093 0x04a4 mssmbios - ok
    10:15:09.0156 0x04a4 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    10:15:09.0156 0x04a4 Mup - ok
    10:15:09.0234 0x04a4 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
    10:15:09.0234 0x04a4 napagent - ok
    10:15:09.0296 0x04a4 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    10:15:09.0312 0x04a4 NDIS - ok
    10:15:09.0328 0x04a4 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    10:15:09.0328 0x04a4 NdisTapi - ok
    10:15:09.0359 0x04a4 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    10:15:09.0359 0x04a4 Ndisuio - ok
    10:15:09.0375 0x04a4 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    10:15:09.0390 0x04a4 NdisWan - ok
    10:15:09.0421 0x04a4 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    10:15:09.0421 0x04a4 NDProxy - ok
    10:15:09.0484 0x04a4 [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    10:15:09.0484 0x04a4 Net Driver HPZ12 - ok
    10:15:09.0500 0x04a4 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    10:15:09.0515 0x04a4 NetBIOS - ok
    10:15:09.0531 0x04a4 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    10:15:09.0531 0x04a4 NetBT - ok
    10:15:09.0546 0x04a4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
    10:15:09.0546 0x04a4 NetDDE - ok
    10:15:09.0562 0x04a4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    10:15:09.0562 0x04a4 NetDDEdsdm - ok
    10:15:09.0562 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
    10:15:09.0562 0x04a4 Netlogon - ok
    10:15:09.0593 0x04a4 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
    10:15:09.0609 0x04a4 Netman - ok
    10:15:09.0656 0x04a4 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:15:09.0671 0x04a4 NetTcpPortSharing - ok
    10:15:09.0703 0x04a4 [ FCEE5FCB99F7C724593365C706D28388, 96A5E34E78934026357945F7CA3D1BBEF284BE76625DF3CB6B4B5EA4B5807136 ] Nla C:\WINDOWS\System32\mswsock.dll
    10:15:09.0703 0x04a4 Nla - ok
    10:15:09.0765 0x04a4 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    10:15:09.0765 0x04a4 Npfs - ok
    10:15:09.0781 0x04a4 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    10:15:09.0828 0x04a4 Ntfs - ok
    10:15:09.0843 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    10:15:09.0843 0x04a4 NtLmSsp - ok
    10:15:09.0875 0x04a4 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    10:15:09.0890 0x04a4 NtmsSvc - ok
    10:15:09.0937 0x04a4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
    10:15:09.0937 0x04a4 Null - ok
    10:15:09.0968 0x04a4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    10:15:09.0968 0x04a4 NwlnkFlt - ok
    10:15:09.0984 0x04a4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    10:15:09.0984 0x04a4 NwlnkFwd - ok
    10:15:10.0031 0x04a4 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    10:15:10.0031 0x04a4 Parport - ok
    10:15:10.0046 0x04a4 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    10:15:10.0046 0x04a4 PartMgr - ok
    10:15:10.0062 0x04a4 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    10:15:10.0078 0x04a4 ParVdm - ok
    10:15:10.0109 0x04a4 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    10:15:10.0125 0x04a4 PCI - ok
    10:15:10.0125 0x04a4 PCIDump - ok
    10:15:10.0171 0x04a4 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    10:15:10.0171 0x04a4 PCIIde - ok
    10:15:10.0203 0x04a4 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    10:15:10.0218 0x04a4 Pcmcia - ok
    10:15:10.0218 0x04a4 PDCOMP - ok
    10:15:10.0218 0x04a4 PDFRAME - ok
    10:15:10.0234 0x04a4 PDRELI - ok
    10:15:10.0234 0x04a4 PDRFRAME - ok
    10:15:10.0281 0x04a4 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] PlugPlay C:\WINDOWS\system32\services.exe
    10:15:10.0281 0x04a4 PlugPlay - ok
    10:15:10.0296 0x04a4 [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    10:15:10.0296 0x04a4 Pml Driver HPZ12 - ok
    10:15:10.0312 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    10:15:10.0312 0x04a4 PolicyAgent - ok
    10:15:10.0375 0x04a4 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    10:15:10.0375 0x04a4 PptpMiniport - ok
    10:15:10.0375 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    10:15:10.0375 0x04a4 ProtectedStorage - ok
    10:15:10.0390 0x04a4 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    10:15:10.0390 0x04a4 PSched - ok
    10:15:10.0453 0x04a4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    10:15:10.0453 0x04a4 Ptilink - ok
    10:15:10.0578 0x04a4 [ AB51E1F08C8E789D6C9E8B94D15BE9A9, 35386087B0D57D181FE39E4AFBFFE4DB5B827DACA6D87F1F5563B26547993E24 ] RapportCerberus_59849 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
    10:15:10.0593 0x04a4 RapportCerberus_59849 - ok
    10:15:10.0703 0x04a4 [ 9D52A4DEB9F28CC41EB61346E3808E4D, 6025F833B27B7A86E2F69F2D6D994DE95DCAD33FFC8FFA52BF45E350417BAAA0 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
    10:15:10.0703 0x04a4 RapportEI - ok
    10:15:10.0718 0x04a4 [ 4136175FABB89CB493DF1D237DB50CF4, F38E6AA084A910D2445CEF53EC7E6FFB74AE3FE518A052562A0AEEC8F1DD37C1 ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys
    10:15:10.0734 0x04a4 RapportKELL - ok
    10:15:10.0828 0x04a4 [ 02396BD77121751A738444325E1F14E8, C9A0B4D423C18014DD6523332B378BD0E85E5EE9F9B33C892DCA5DEECEEF805C ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    10:15:10.0906 0x04a4 RapportMgmtService - ok
    10:15:10.0968 0x04a4 [ A9B99416DE6CADEE2D3C369B634F20F1, A2836B5BD439EE9163317ADA1E10D911F55FF0E3459CF3AEFDC3FBB6C16570ED ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
    10:15:10.0968 0x04a4 RapportPG - ok
    10:15:11.0031 0x04a4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    10:15:11.0031 0x04a4 RasAcd - ok
    10:15:11.0078 0x04a4 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
    10:15:11.0093 0x04a4 RasAuto - ok
    10:15:11.0093 0x04a4 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    10:15:11.0109 0x04a4 Rasl2tp - ok
    10:15:11.0125 0x04a4 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
    10:15:11.0140 0x04a4 RasMan - ok
    10:15:11.0156 0x04a4 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    10:15:11.0156 0x04a4 RasPppoe - ok
    10:15:11.0156 0x04a4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    10:15:11.0171 0x04a4 Raspti - ok
    10:15:11.0187 0x04a4 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    10:15:11.0187 0x04a4 Rdbss - ok
    10:15:11.0203 0x04a4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    10:15:11.0203 0x04a4 RDPCDD - ok
    10:15:11.0265 0x04a4 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    10:15:11.0281 0x04a4 rdpdr - ok
    10:15:11.0343 0x04a4 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    10:15:11.0343 0x04a4 RDPWD - ok
    10:15:11.0406 0x04a4 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    10:15:11.0421 0x04a4 RDSessMgr - ok
    10:15:11.0437 0x04a4 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    10:15:11.0437 0x04a4 redbook - ok
    10:15:11.0500 0x04a4 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    10:15:11.0500 0x04a4 RemoteAccess - ok
    10:15:11.0546 0x04a4 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    10:15:11.0562 0x04a4 RemoteRegistry - ok
    10:15:11.0578 0x04a4 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
    10:15:11.0578 0x04a4 RpcLocator - ok
    10:15:11.0625 0x04a4 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] RpcSs C:\WINDOWS\system32\rpcss.dll
    10:15:11.0625 0x04a4 RpcSs - ok
    10:15:11.0687 0x04a4 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
    10:15:11.0687 0x04a4 RSVP - ok
    10:15:11.0765 0x04a4 [ BA11D5F61A74E156BF6F33DDDD1AD1CE, 54726EB21DF231372CDFA09909C2ACC287FB132B0CCB42E7914CE4785B88FAB2 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
    10:15:11.0796 0x04a4 RTL8192su - ok
    10:15:11.0812 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
    10:15:11.0812 0x04a4 SamSs - ok
    10:15:11.0859 0x04a4 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    10:15:11.0875 0x04a4 SASDIFSV - ok
    10:15:11.0890 0x04a4 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    10:15:11.0890 0x04a4 SASKUTIL - ok
    10:15:11.0937 0x04a4 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    10:15:11.0953 0x04a4 SCardSvr - ok
    10:15:12.0015 0x04a4 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    10:15:12.0031 0x04a4 Schedule - ok
    10:15:12.0062 0x04a4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    10:15:12.0062 0x04a4 Secdrv - ok
    10:15:12.0109 0x04a4 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
    10:15:12.0109 0x04a4 seclogon - ok
    10:15:12.0187 0x04a4 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
    10:15:12.0234 0x04a4 senfilt - ok
    10:15:12.0250 0x04a4 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
    10:15:12.0265 0x04a4 SENS - ok
    10:15:12.0265 0x04a4 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    10:15:12.0265 0x04a4 serenum - ok
    10:15:12.0281 0x04a4 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    10:15:12.0281 0x04a4 Serial - ok
    10:15:12.0312 0x04a4 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    10:15:12.0312 0x04a4 Sfloppy - ok
    10:15:12.0343 0x04a4 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    10:15:12.0343 0x04a4 SharedAccess - ok
    10:15:12.0390 0x04a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    10:15:12.0406 0x04a4 ShellHWDetection - ok
    10:15:12.0406 0x04a4 Simbad - ok
    10:15:12.0468 0x04a4 [ 0066FF77AEB4AE70066F7E94D5A6D866, 5067FC7F71FD3D1AFF4173D6379EF85DCB2B6B5588897430F3B440F3BB85D967 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    10:15:12.0484 0x04a4 smwdm - ok
    10:15:12.0500 0x04a4 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    10:15:12.0500 0x04a4 splitter - ok
    10:15:12.0562 0x04a4 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    10:15:12.0562 0x04a4 Spooler - ok
    10:15:12.0625 0x04a4 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    10:15:12.0625 0x04a4 sr - ok
    10:15:12.0640 0x04a4 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
    10:15:12.0656 0x04a4 srservice - ok
    10:15:12.0703 0x04a4 [ 9B390283569EA58D43D2586032B892F5, FADC0AD9D8F715290F02A6A59B284A6AD53C5BD13933B1D3ECC03C558C9D5885 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    10:15:12.0703 0x04a4 Srv - ok
    10:15:12.0765 0x04a4 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    10:15:12.0765 0x04a4 ssadbus - ok
    10:15:12.0781 0x04a4 [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
    10:15:12.0781 0x04a4 ssadmdfl - ok
    10:15:12.0812 0x04a4 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
    10:15:12.0812 0x04a4 ssadmdm - ok
    10:15:12.0843 0x04a4 [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
    10:15:12.0859 0x04a4 ssadserd - ok
    10:15:12.0890 0x04a4 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    10:15:12.0890 0x04a4 SSDPSRV - ok
    10:15:12.0953 0x04a4 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    10:15:12.0953 0x04a4 StillCam - ok
    10:15:13.0015 0x04a4 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    10:15:13.0031 0x04a4 stisvc - ok
    10:15:13.0046 0x04a4 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    10:15:13.0046 0x04a4 swenum - ok
    10:15:13.0062 0x04a4 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    10:15:13.0062 0x04a4 swmidi - ok
    10:15:13.0062 0x04a4 SwPrv - ok
    10:15:13.0062 0x04a4 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    10:15:13.0078 0x04a4 sysaudio - ok
    10:15:13.0093 0x04a4 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    10:15:13.0093 0x04a4 SysmonLog - ok
    10:15:13.0125 0x04a4 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    10:15:13.0125 0x04a4 TapiSrv - ok
    10:15:13.0171 0x04a4 [ AD978A1B783B5719720CFF204B666C8E, FA50A3664522C58E1637C06731B9CB9D56FF14F0A5F8AB496A1945585E8A2C16 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    10:15:13.0187 0x04a4 Tcpip - ok
    10:15:13.0234 0x04a4 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    10:15:13.0234 0x04a4 TDPIPE - ok
    10:15:13.0250 0x04a4 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    10:15:13.0250 0x04a4 TDTCP - ok
    10:15:13.0281 0x04a4 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    10:15:13.0281 0x04a4 TermDD - ok
    10:15:13.0312 0x04a4 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
    10:15:13.0328 0x04a4 TermService - ok
    10:15:13.0375 0x04a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
    10:15:13.0390 0x04a4 Themes - ok
    10:15:13.0437 0x04a4 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    10:15:13.0453 0x04a4 TlntSvr - ok
    10:15:13.0453 0x04a4 TosIde - ok
    10:15:13.0468 0x04a4 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    10:15:13.0484 0x04a4 TrkWks - ok
    10:15:13.0500 0x04a4 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    10:15:13.0500 0x04a4 Udfs - ok
    10:15:13.0578 0x04a4 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    10:15:13.0640 0x04a4 Update - ok
    10:15:13.0703 0x04a4 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
    10:15:13.0718 0x04a4 upnphost - ok
    10:15:13.0765 0x04a4 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    10:15:13.0765 0x04a4 usbccgp - ok
    10:15:13.0828 0x04a4 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    10:15:13.0828 0x04a4 usbehci - ok
    10:15:13.0843 0x04a4 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    10:15:13.0843 0x04a4 usbhub - ok
    10:15:13.0890 0x04a4 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    10:15:13.0890 0x04a4 usbprint - ok
    10:15:13.0937 0x04a4 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    10:15:13.0937 0x04a4 usbscan - ok
    10:15:13.0953 0x04a4 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    10:15:13.0953 0x04a4 USBSTOR - ok
    10:15:13.0953 0x04a4 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    10:15:13.0953 0x04a4 usbuhci - ok
    10:15:14.0000 0x04a4 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    10:15:14.0000 0x04a4 VgaSave - ok
    10:15:14.0000 0x04a4 ViaIde - ok
    10:15:14.0031 0x04a4 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    10:15:14.0031 0x04a4 VolSnap - ok
    10:15:14.0062 0x04a4 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
    10:15:14.0062 0x04a4 VSS - ok
    10:15:14.0093 0x04a4 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
    10:15:14.0093 0x04a4 W32Time - ok
    10:15:14.0109 0x04a4 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    10:15:14.0109 0x04a4 Wanarp - ok
    10:15:14.0109 0x04a4 WDICA - ok
    10:15:14.0125 0x04a4 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    10:15:14.0125 0x04a4 wdmaud - ok
    10:15:14.0140 0x04a4 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
    10:15:14.0140 0x04a4 WebClient - ok
    10:15:14.0281 0x04a4 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    10:15:14.0296 0x04a4 winmgmt - ok
    10:15:14.0750 0x04a4 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:15:14.0875 0x04a4 wlidsvc - ok
    10:15:14.0937 0x04a4 [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    10:15:14.0953 0x04a4 WmdmPmSN - ok
    10:15:15.0031 0x04a4 [ C8A6C82F90B055149925DC7526B2D78C, 9E0FA00550229883025E8AD0BC3E3F55457B241D0D259B178935F0B16EC30BB2 ] Wmi C:\WINDOWS\System32\advapi32.dll
    10:15:15.0062 0x04a4 Wmi - ok
    10:15:15.0125 0x04a4 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    10:15:15.0125 0x04a4 WmiApSrv - ok
    10:15:15.0265 0x04a4 [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    10:15:15.0296 0x04a4 WMPNetworkSvc - ok
    10:15:15.0343 0x04a4 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    10:15:15.0343 0x04a4 wscsvc - ok
    10:15:15.0390 0x04a4 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    10:15:15.0406 0x04a4 wuauserv - ok
    10:15:15.0437 0x04a4 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    10:15:15.0437 0x04a4 WudfPf - ok
    10:15:15.0437 0x04a4 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    10:15:15.0453 0x04a4 WudfRd - ok
    10:15:15.0484 0x04a4 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    10:15:15.0484 0x04a4 WudfSvc - ok
    10:15:15.0515 0x04a4 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    10:15:15.0562 0x04a4 WZCSVC - ok
    10:15:15.0625 0x04a4 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    10:15:15.0625 0x04a4 xmlprov - ok
    10:15:15.0640 0x04a4 ================ Scan global ===============================
    10:15:15.0703 0x04a4 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    10:15:15.0765 0x04a4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    10:15:15.0781 0x04a4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    10:15:15.0828 0x04a4 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] C:\WINDOWS\system32\services.exe
    10:15:15.0828 0x04a4 [ Global ] - ok
    10:15:15.0828 0x04a4 ================ Scan MBR ==================================
    10:15:15.0859 0x04a4 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    10:15:16.0062 0x04a4 \Device\Harddisk0\DR0 - ok
    10:15:16.0062 0x04a4 ================ Scan VBR ==================================
    10:15:16.0078 0x04a4 [ 5D81D4768A18FA7D2F5A8797FDAF157D ] \Device\Harddisk0\DR0\Partition1
    10:15:16.0078 0x04a4 \Device\Harddisk0\DR0\Partition1 - ok
    10:15:16.0078 0x04a4 Waiting for KSN requests completion. In queue: 186
    10:15:17.0078 0x04a4 Waiting for KSN requests completion. In queue: 186
    10:15:18.0078 0x04a4 Waiting for KSN requests completion. In queue: 186
    10:15:19.0343 0x04a4 AV detected via SS1: Microsoft Security Essentials, 4.3.0219.0, enabled, updated
    10:15:19.0343 0x04a4 AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
    10:15:19.0359 0x04a4 Win FW state via NFM: enabled
    10:15:21.0781 0x04a4 ============================================================
    10:15:21.0781 0x04a4 Scan finished
    10:15:21.0781 0x04a4 ============================================================
    10:15:21.0796 0x0c20 Detected object count: 0
    10:15:21.0796 0x0c20 Actual detected object count: 0
    10:15:26.0703 0x0d3c Deinitialize success

  4. #4
    Member
    Join Date
    Nov 2013
    Posts
    8
    Points
    0

    Default

    Hi Donna,
    Thank you so much. Here are the 4 logs.

    OTL logfile created on: 14/11/2013 09:42:15 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Any User\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.49 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 43.27% Memory free
    2.83 Gb Paging File | 2.02 Gb Available in Paging File | 71.28% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 28.45 Gb Free Space | 38.19% Space Free | Partition Type: NTFS

    Computer Name: MAINPC | User Name: Any User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/14 08:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    PRC - [2013/11/05 17:56:23 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/10/17 15:04:30 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/05/25 00:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/31 08:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012/08/31 08:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/08/31 08:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
    PRC - [2010/10/19 10:56:46 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2009/01/08 08:42:54 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/27 18:36:32 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2013/10/11 12:00:58 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/11 11:57:48 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
    MOD - [2013/10/11 11:57:18 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/11 11:56:46 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bae93d40999e6497d4efb81429d15943\PresentationFramework.ni.dll
    MOD - [2013/10/11 11:55:24 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\065efe0fe58c464f5fb108cb0791e6ad\PresentationCore.ni.dll
    MOD - [2013/10/11 11:54:42 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25798162f0e3229e9754b28f5b6d9dd\WindowsBase.ni.dll
    MOD - [2013/10/10 21:46:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013/08/16 08:03:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/16 08:03:34 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
    MOD - [2013/08/15 21:59:38 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/15 21:59:07 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
    MOD - [2013/08/15 21:56:41 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/07/11 09:31:12 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll
    MOD - [2013/07/10 22:44:07 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2013/06/04 07:23:02 | 000,562,688 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
    MOD - [2013/03/13 20:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\libcef.dll
    MOD - [2013/01/02 06:48:28 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2012/11/13 23:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2012/10/01 12:23:56 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Any User\Local Settings\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
    MOD - [2012/08/31 08:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2012/08/31 08:46:26 | 015,342,592 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    MOD - [2012/08/31 08:45:44 | 000,559,616 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    MOD - [2012/08/28 09:23:40 | 000,034,816 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    MOD - [2012/08/28 09:22:46 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    MOD - [2012/08/28 09:06:08 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll
    MOD - [2012/08/28 09:05:16 | 000,659,408 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
    MOD - [2012/08/28 09:05:16 | 000,552,400 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
    MOD - [2012/08/28 09:05:16 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
    MOD - [2012/08/28 09:05:16 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
    MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2008/04/14 03:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 03:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
    MOD - [2008/04/14 03:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


    ========== Services (SafeList) ==========

    SRV - [2013/11/07 11:27:49 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/10/09 17:12:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2009/01/08 08:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/11/14 09:36:38 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A056EC21-C948-44DF-84CB-8D9969B06BEA}\MpKsl332279d5.sys -- (MpKsl332279d5)
    DRV - [2013/10/27 18:36:10 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
    DRV - [2013/10/17 15:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2013/10/17 15:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/06/27 08:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2012/06/27 08:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
    DRV - [2012/06/27 08:37:56 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
    DRV - [2012/06/27 08:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV - [2011/12/20 02:46:50 | 000,021,504 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/11/25 06:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2009/01/08 08:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2008/05/29 18:33:35 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/05/29 18:31:21 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Sky.com | Your Home for the Latest Sky News, Sports & Entertainment
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sky.com | Your Home for the Latest Sky News, Sports & Entertainment
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/12 11:41:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/07 11:26:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/07 11:27:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/12 11:41:37 | 000,000,000 | ---D | M]

    [2011/06/15 10:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Any User\Application Data\Mozilla\Extensions
    [2013/09/27 11:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Any User\Application Data\Mozilla\Firefox\Profiles\6ijq93f8.default-1368782195859\extensions
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/11/07 11:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/11/07 11:27:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: Google
    CHR - Extension: Google Docs = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Docs = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/11/08 14:24:15 | 000,450,581 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 ???-www.0scan.com-???
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 博彩通,博彩网,金宝博188,博彩通评级,百家乐,奥妙百家乐
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15468 more lines...
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - Startup: C:\Documents and Settings\Any User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/po...loader_v10.cab (PopCapLoader Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13E0217E-FF20-4DE9-8EA9-26F219294A5E}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Any User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Any User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/14 14:15:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/14 09:22:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Any User\Desktop\tdsskiller.exe
    [2013/11/14 09:14:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/11/14 08:44:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    [2013/11/13 15:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Desktop\Antivirus
    [2013/11/13 11:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [2013/11/13 11:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\SUPERAntiSpyware.com
    [2013/11/13 11:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2013/11/13 11:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/11/13 11:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2013/11/13 10:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Start Menu\Programs\HiJackThis
    [2013/11/13 10:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2013/11/12 09:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013/11/12 09:50:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/11/12 09:50:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/11/12 09:50:22 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/11/12 09:50:22 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/11/12 09:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
    [2013/11/08 14:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2013/11/08 14:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/11/07 15:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\Malwarebytes
    [2013/11/07 15:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/11/07 15:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/11/07 15:21:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/11/07 15:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/11/07 11:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
    [2013/11/07 11:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
    [2013/11/07 11:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/11/02 14:50:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Any User\Recent
    [2013/10/23 10:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2013/10/23 10:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2013/10/23 10:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
    [2013/10/23 10:18:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer
    [2013/10/21 10:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\SumatraPDF
    [2013/10/21 10:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\PDF Reader Packages
    [2013/10/21 10:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2013/10/21 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\DSite
    [2013/10/21 10:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
    [2013/10/17 15:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/14 10:04:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/14 10:02:51 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2013/11/14 09:46:04 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/11/14 09:37:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/11/14 09:36:43 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/14 09:35:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/11/14 09:33:44 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2013/11/14 09:22:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Any User\Desktop\tdsskiller.exe
    [2013/11/14 09:13:57 | 001,085,542 | ---- | M] () -- C:\Documents and Settings\Any User\Desktop\AdwCleaner.exe
    [2013/11/14 09:11:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/11/14 08:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    [2013/11/13 22:32:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/11/13 19:24:04 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1556acdf-7763-49da-a160-53035927d014.job
    [2013/11/13 14:53:06 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/11/13 11:24:44 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7ca0f79e-dc93-4383-b046-f9d5dc932607.job
    [2013/11/08 16:40:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/11/08 14:24:15 | 000,450,581 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/10/27 08:08:13 | 000,433,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/10/27 08:08:13 | 000,067,862 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/16 10:31:29 | 000,014,806 | ---- | M] () -- C:\Documents and Settings\Any User\My Documents\Menu.odt
    [2013/10/15 21:40:25 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/14 09:33:32 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2013/11/14 09:13:37 | 001,085,542 | ---- | C] () -- C:\Documents and Settings\Any User\Desktop\AdwCleaner.exe
    [2013/11/13 22:32:01 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2013/11/13 15:02:25 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2013/11/13 11:37:30 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/11/13 11:24:44 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7ca0f79e-dc93-4383-b046-f9d5dc932607.job
    [2013/11/13 11:24:44 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1556acdf-7763-49da-a160-53035927d014.job
    [2013/10/22 10:18:04 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
    [2013/10/22 10:18:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
    [2013/10/16 10:34:52 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/04/03 13:47:39 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\Any User\Local Settings\Application Data\recently-used.xbel
    [2012/08/28 09:04:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2012/08/28 09:04:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2012/08/28 09:04:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2012/08/28 09:04:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2012/08/28 09:04:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2012/02/16 09:15:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/02/17 20:54:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/19 10:41:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\$_hpcst$.hpc
    [2010/08/14 11:06:07 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Any User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/14 14:36:05 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\Launch Internet Explorer Browser.lnk

    ========== ZeroAccess Check ==========

    [2011/10/22 10:06:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/17 09:43:54 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/10/30 08:57:57 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Any User\My Documents\CCCS letter.odt:SummaryInformation
    @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
    @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CCCAD05

    < End of report >


    OTL Extras logfile created on: 14/11/2013 09:42:16 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Any User\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.49 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 43.27% Memory free
    2.83 Gb Paging File | 2.02 Gb Available in Paging File | 71.28% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 28.45 Gb Free Space | 38.19% Space Free | Partition Type: NTFS

    Computer Name: MAINPC | User Name: Any User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "88:UDP" = 88:UDP:*:Enabled:xbox
    "3074:UDP" = 3074:UDP:*:Enabled:xbox2
    "3074:TCP" = 3074:TCP:*:Enabled:xbox
    "53:TCP" = 53:TCP:*:Enabled:xbox3
    "53:UDP" = 53:UDP:*:Enabled:xbox3
    "80:TCP" = 80:TCP:*:Enabled:xbox4
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
    "9500:TCP" = 9500:TCP:*:Enabledrinter
    "9290:TCP" = 9290:TCP:*:Enabledrinter 2
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
    "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
    "C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\Any User\Local Settings\Temp\7zS6096\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Any User\Local Settings\Temp\7zS6096\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
    "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
    "{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Backspin Billiards" = Backspin Billiards
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville
    "CCleaner" = CCleaner
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Digital Editions" = Adobe Digital Editions
    "DTC Library" = DTC Library
    "Google Chrome" = Google Chrome
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Photo Creations" = HP Photo Creations
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "Kobo" = Kobo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Rapport_msi" = Trusteer Endpoint Protection
    "Shop for HP Supplies" = Shop for HP Supplies
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1757981266-1897051121-1644491937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "MyFreeCodec" = MyFreeCodec
    "PDF Reader Packages" = PDF Reader Packages

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/11/2013 03:32:11 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 11/11/2013 19:11:11 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P2 4.3.219.0, P3 timeout, P4 1.1.10003.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/11/2013 04:16:03 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 13/11/2013 07:15:34 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 13/11/2013 10:06:40 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P2 4.3.219.0, P3 timeout, P4 1.1.10003.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 13/11/2013 10:44:33 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P2 4.3.219.0, P3 timeout, P4 1.1.10003.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 13/11/2013 10:53:17 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 14/11/2013 04:10:25 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
    NIL, P9 NIL, P10 NIL.

    Error - 14/11/2013 04:10:25 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
    4.3.219.0, P5 1.1.10003.0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
    NIL.

    Error - 14/11/2013 04:11:49 | Computer Name = MAINPC | Source = SDUpdSvc.exe | ID = 0
    Description =

    [ System Events ]
    Error - 13/11/2013 05:33:36 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
    following error: %%1053

    Error - 13/11/2013 05:33:36 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 13/11/2013 05:33:36 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 13/11/2013 07:15:51 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 13/11/2013 07:15:51 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 13/11/2013 10:53:15 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 13/11/2013 10:53:15 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 13/11/2013 18:32:30 | Computer Name = MAINPC | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x8007f0f4: Security Update for Windows XP (KB2686509).

    Error - 14/11/2013 04:11:01 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 14/11/2013 04:11:01 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053


    < End of report >


    # AdwCleaner v3.012 - Report created 14/11/2013 at 10:12:15
    # Updated 11/11/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Any User - MAINPC
    # Running from : C:\Documents and Settings\Any User\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\WINDOWS\Downloaded Program Files\popcaploader.inf
    Folder Found C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec
    Folder Found C:\Documents and Settings\Any User\Application Data\DSite
    Folder Found C:\Program Files\myfree codec

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\dsiteproducts
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Key Found : HKCU\Software\Myfree Codec
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
    Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
    Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
    Key Found : HKLM\Software\Myfree Codec
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe]
    Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v25.0 (en-US)

    [ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\wb6rty6o.default\prefs.js ]


    [ File : C:\Documents and Settings\Any User\Application Data\Mozilla\Firefox\Profiles\6ijq93f8.default-1368782195859\prefs.js ]


    -\\ Google Chrome v31.0.1650.48

    [ File : C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4001 octets] - [14/11/2013 09:14:26]
    AdwCleaner[R1].txt - [3906 octets] - [14/11/2013 10:12:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3966 octets] ##########

    10:14:39.0281 0x0874 TDSS rootkit removing tool 3.0.0.17 Nov 12 2013 19:54:52
    10:14:42.0703 0x0874 ============================================================
    10:14:42.0703 0x0874 Current date / time: 2013/11/14 10:14:42.0703
    10:14:42.0703 0x0874 SystemInfo:
    10:14:42.0703 0x0874
    10:14:42.0703 0x0874 OS Version: 5.1.2600 ServicePack: 3.0
    10:14:42.0703 0x0874 Product type: Workstation
    10:14:42.0703 0x0874 ComputerName: MAINPC
    10:14:42.0703 0x0874 UserName: Any User
    10:14:42.0703 0x0874 Windows directory: C:\WINDOWS
    10:14:42.0703 0x0874 System windows directory: C:\WINDOWS
    10:14:42.0703 0x0874 Processor architecture: Intel x86
    10:14:42.0703 0x0874 Number of processors: 2
    10:14:42.0703 0x0874 Page size: 0x1000
    10:14:42.0703 0x0874 Boot type: Normal boot
    10:14:42.0703 0x0874 ============================================================
    10:14:47.0890 0x0874 System UUID: {73061329-86D8-6BD3-D37A-A94C555212DD}
    10:14:49.0718 0x0874 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    10:14:49.0734 0x0874 ============================================================
    10:14:49.0734 0x0874 \Device\Harddisk0\DR0:
    10:14:49.0734 0x0874 MBR partitions:
    10:14:49.0734 0x0874 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
    10:14:49.0734 0x0874 ============================================================
    10:14:49.0781 0x0874 C: <-> \Device\Harddisk0\DR0\Partition1
    10:14:49.0781 0x0874 ============================================================
    10:14:49.0781 0x0874 Initialize success
    10:14:49.0781 0x0874 ============================================================
    10:14:56.0968 0x04a4 ============================================================
    10:14:56.0968 0x04a4 Scan started
    10:14:56.0968 0x04a4 Mode: Manual;
    10:14:56.0968 0x04a4 ============================================================
    10:14:56.0968 0x04a4 KSN ping started
    10:15:00.0406 0x04a4 KSN ping finished: true
    10:15:01.0109 0x04a4 ================ Scan system memory ========================
    10:15:01.0109 0x04a4 System memory - ok
    10:15:01.0109 0x04a4 ================ Scan services =============================
    10:15:01.0250 0x04a4 [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    10:15:01.0265 0x04a4 !SASCORE - ok
    10:15:01.0531 0x04a4 Abiosdsk - ok
    10:15:01.0593 0x04a4 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    10:15:01.0593 0x04a4 ACPI - ok
    10:15:01.0640 0x04a4 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    10:15:01.0640 0x04a4 ACPIEC - ok
    10:15:01.0750 0x04a4 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:15:01.0750 0x04a4 AdobeFlashPlayerUpdateSvc - ok
    10:15:01.0812 0x04a4 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    10:15:01.0812 0x04a4 aec - ok
    10:15:01.0875 0x04a4 [ 30BB1BDE595CA65FD5549462080D94E5, 04BAFCC9445F82A2CAA9852F1B35ECBD18CDD6333E73F6861704E96D740A7C79 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
    10:15:01.0875 0x04a4 AegisP - ok
    10:15:01.0937 0x04a4 [ F6B7B1ECD7B41736BDB6FF4B092BCB79, B892C7303E08238C025409D602CB2F58D273B19B81CF04E26EA52A27EE7706DB ] AFD C:\WINDOWS\System32\drivers\afd.sys
    10:15:01.0937 0x04a4 AFD - ok
    10:15:01.0984 0x04a4 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    10:15:01.0984 0x04a4 Alerter - ok
    10:15:02.0000 0x04a4 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
    10:15:02.0000 0x04a4 ALG - ok
    10:15:02.0015 0x04a4 AliIde - ok
    10:15:02.0125 0x04a4 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    10:15:02.0125 0x04a4 Apple Mobile Device - ok
    10:15:02.0140 0x04a4 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    10:15:02.0156 0x04a4 AppMgmt - ok
    10:15:02.0265 0x04a4 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    10:15:02.0265 0x04a4 aspnet_state - ok
    10:15:02.0296 0x04a4 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    10:15:02.0296 0x04a4 AsyncMac - ok
    10:15:02.0343 0x04a4 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    10:15:02.0343 0x04a4 atapi - ok
    10:15:02.0343 0x04a4 Atdisk - ok
    10:15:02.0343 0x04a4 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    10:15:02.0359 0x04a4 Atmarpc - ok
    10:15:02.0406 0x04a4 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    10:15:02.0406 0x04a4 AudioSrv - ok
    10:15:02.0421 0x04a4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    10:15:02.0421 0x04a4 audstub - ok
    10:15:02.0453 0x04a4 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9, 16F076B9816E28541C58FE9695EB883211C284AA025E9F49B19E7DD4E6BDA94D ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    10:15:02.0453 0x04a4 b57w2k - ok
    10:15:02.0515 0x04a4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    10:15:02.0515 0x04a4 Beep - ok
    10:15:02.0578 0x04a4 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
    10:15:02.0593 0x04a4 BITS - ok
    10:15:02.0718 0x04a4 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    10:15:02.0718 0x04a4 Bonjour Service - ok
    10:15:02.0781 0x04a4 [ D3FACB34FFF5DB91ADB70987838F8BA7, 5892F2070F040D0E80D527BE7422F5583548BECF36BBDA07E1CF246A8B5E60E4 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
    10:15:02.0781 0x04a4 Brother XP spl Service - ok
    10:15:02.0843 0x04a4 [ FC6D1D80588D371F0321E15A75B2F8F2, C87F45BA56B273ED75693BA88879AA5E39F4DEAD7A0F386A4E51171961F880EB ] Browser C:\WINDOWS\System32\browser.dll
    10:15:02.0843 0x04a4 Browser - ok
    10:15:02.0890 0x04a4 [ 92A964547B96D697E5E9ED43B4297F5A, 01A84802B68253FF093EAFED5B85DE716BB85EBD080D92D4814B6FB39286CD24 ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
    10:15:02.0890 0x04a4 BrScnUsb - ok
    10:15:02.0937 0x04a4 [ C121E10C64318182A6478ACAE1855EE0, A99812DA08E6034B807833087897C7731F1299B4B7D7012A1976DF90300BECF7 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
    10:15:02.0937 0x04a4 BrSerIf - ok
    10:15:02.0937 0x04a4 [ 7AC85CDC03BEFD78908B3B6A73D201D0, 338BE17C3FF86F4C4FB5810C844BCB404FFF2BF18239065410D24B155D8E32B8 ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
    10:15:02.0937 0x04a4 BrUsbSer - ok
    10:15:02.0984 0x04a4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    10:15:02.0984 0x04a4 Cdaudio - ok
    10:15:03.0046 0x04a4 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    10:15:03.0046 0x04a4 Cdfs - ok
    10:15:03.0109 0x04a4 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    10:15:03.0109 0x04a4 Cdrom - ok
    10:15:03.0109 0x04a4 Changer - ok
    10:15:03.0125 0x04a4 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
    10:15:03.0125 0x04a4 CiSvc - ok
    10:15:03.0140 0x04a4 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    10:15:03.0140 0x04a4 ClipSrv - ok
    10:15:03.0187 0x04a4 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:15:03.0187 0x04a4 clr_optimization_v2.0.50727_32 - ok
    10:15:03.0203 0x04a4 CmdIde - ok
    10:15:03.0203 0x04a4 COMSysApp - ok
    10:15:03.0218 0x04a4 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    10:15:03.0218 0x04a4 CryptSvc - ok
    10:15:03.0296 0x04a4 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    10:15:03.0328 0x04a4 DcomLaunch - ok
    10:15:03.0375 0x04a4 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    10:15:03.0375 0x04a4 Dhcp - ok
    10:15:03.0390 0x04a4 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    10:15:03.0390 0x04a4 Disk - ok
    10:15:03.0406 0x04a4 dmadmin - ok
    10:15:03.0468 0x04a4 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    10:15:03.0515 0x04a4 dmboot - ok
    10:15:03.0515 0x04a4 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    10:15:03.0531 0x04a4 dmio - ok
    10:15:03.0562 0x04a4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    10:15:03.0562 0x04a4 dmload - ok
    10:15:03.0593 0x04a4 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
    10:15:03.0609 0x04a4 dmserver - ok
    10:15:03.0609 0x04a4 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    10:15:03.0609 0x04a4 DMusic - ok
    10:15:03.0671 0x04a4 [ D977659AE4D8ECE5286D99D1ED34614D, 4D7DF9C6D5E8255DDD34AFCC04DA0B675162BF852D29DB50C6451C5BDD7269D5 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    10:15:03.0671 0x04a4 Dnscache - ok
    10:15:03.0734 0x04a4 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    10:15:03.0750 0x04a4 Dot3svc - ok
    10:15:03.0796 0x04a4 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    10:15:03.0796 0x04a4 drmkaud - ok
    10:15:03.0843 0x04a4 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
    10:15:03.0843 0x04a4 EapHost - ok
    10:15:03.0859 0x04a4 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
    10:15:03.0875 0x04a4 ERSvc - ok
    10:15:03.0921 0x04a4 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] Eventlog C:\WINDOWS\system32\services.exe
    10:15:03.0937 0x04a4 Eventlog - ok
    10:15:03.0953 0x04a4 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC, 51EDCDEB437A8984C086CC19C25958CBF0B8EB18FEA21173D1DCCDC39B6E64E1 ] EventSystem C:\WINDOWS\system32\es.dll
    10:15:03.0968 0x04a4 EventSystem - ok
    10:15:04.0031 0x04a4 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    10:15:04.0031 0x04a4 Fastfat - ok
    10:15:04.0109 0x04a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    10:15:04.0125 0x04a4 FastUserSwitchingCompatibility - ok
    10:15:04.0140 0x04a4 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    10:15:04.0156 0x04a4 Fdc - ok
    10:15:04.0171 0x04a4 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    10:15:04.0343 0x04a4 Fips - ok
    10:15:04.0406 0x04a4 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    10:15:04.0406 0x04a4 Flpydisk - ok
    10:15:04.0484 0x04a4 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    10:15:04.0500 0x04a4 FltMgr - ok
    10:15:04.0812 0x04a4 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    10:15:04.0828 0x04a4 FontCache3.0.0.0 - ok
    10:15:04.0890 0x04a4 [ 790A4CA68F44BE35967B3DF61F3E4675, 7CBC77C620ABA75FEF4BA8AD9C38766D50CD18106EBA4693F162F2C5A7D46AA8 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
    10:15:04.0906 0x04a4 FsUsbExDisk - ok
    10:15:04.0953 0x04a4 [ D3F9205CC4CB07553F2F9472C767EA87, B1DF2B8D718CF7958E5E0B367859EEFB45CC9042B1B88E0C4DA884DF2608B59A ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
    10:15:04.0984 0x04a4 FsUsbExService - ok
    10:15:05.0046 0x04a4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    10:15:05.0171 0x04a4 Fs_Rec - ok
    10:15:05.0265 0x04a4 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    10:15:05.0296 0x04a4 Ftdisk - ok
    10:15:05.0390 0x04a4 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    10:15:05.0453 0x04a4 GEARAspiWDM - ok
    10:15:05.0531 0x04a4 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    10:15:05.0531 0x04a4 Gpc - ok
    10:15:05.0640 0x04a4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    10:15:05.0640 0x04a4 gupdate - ok
    10:15:05.0656 0x04a4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    10:15:05.0656 0x04a4 gupdatem - ok
    10:15:05.0718 0x04a4 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
    10:15:05.0718 0x04a4 HidServ - ok
    10:15:05.0734 0x04a4 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    10:15:05.0734 0x04a4 hidusb - ok
    10:15:05.0796 0x04a4 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    10:15:05.0796 0x04a4 hkmsvc - ok
    10:15:05.0953 0x04a4 [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    10:15:05.0953 0x04a4 hpqcxs08 - ok
    10:15:06.0000 0x04a4 [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    10:15:06.0015 0x04a4 hpqddsvc - ok
    10:15:06.0046 0x04a4 [ A04F4AC48895774A2CF9D1C9EAAACEF0, 012F10DE086C3551D75716EF1F6DCC477C8C1E776267D9FC4073BEADAFD37C9C ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    10:15:06.0109 0x04a4 HPSLPSVC - ok
    10:15:06.0171 0x04a4 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    10:15:06.0171 0x04a4 HTTP - ok
    10:15:06.0250 0x04a4 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    10:15:06.0250 0x04a4 HTTPFilter - ok
    10:15:06.0312 0x04a4 [ 0F0194C4B635C10C3F785E4FEE52D641, A450D84AF1E2ECC59046B7DFAEF04AD0E70043A57BB2C954E4D8596D59979B48 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    10:15:06.0406 0x04a4 ialm - ok
    10:15:06.0546 0x04a4 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:15:06.0625 0x04a4 idsvc - ok
    10:15:06.0671 0x04a4 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    10:15:06.0671 0x04a4 Imapi - ok
    10:15:06.0703 0x04a4 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
    10:15:06.0703 0x04a4 ImapiService - ok
    10:15:06.0703 0x04a4 IntelIde - ok
    10:15:06.0750 0x04a4 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    10:15:06.0750 0x04a4 intelppm - ok
    10:15:06.0781 0x04a4 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    10:15:06.0781 0x04a4 Ip6Fw - ok
    10:15:06.0828 0x04a4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    10:15:06.0828 0x04a4 IpFilterDriver - ok
    10:15:06.0859 0x04a4 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    10:15:06.0859 0x04a4 IpInIp - ok
    10:15:06.0890 0x04a4 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    10:15:06.0906 0x04a4 IpNat - ok
    10:15:06.0984 0x04a4 [ D8B8B5A8FE57CF4F307A540D9A153C23, 1C5AA5C29204A90D11FF40A5DD5967CC7195F5C4ACD7E41CB94C230A7DFD459D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    10:15:07.0000 0x04a4 iPod Service - ok
    10:15:07.0093 0x04a4 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    10:15:07.0093 0x04a4 IPSec - ok
    10:15:07.0125 0x04a4 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    10:15:07.0140 0x04a4 IRENUM - ok
    10:15:07.0171 0x04a4 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    10:15:07.0171 0x04a4 isapnp - ok
    10:15:07.0343 0x04a4 [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    10:15:07.0343 0x04a4 JavaQuickStarterService - ok
    10:15:07.0390 0x04a4 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    10:15:07.0390 0x04a4 Kbdclass - ok
    10:15:07.0437 0x04a4 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    10:15:07.0437 0x04a4 kbdhid - ok
    10:15:07.0453 0x04a4 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    10:15:07.0453 0x04a4 kmixer - ok
    10:15:07.0531 0x04a4 [ C6EBF1D6AD71DF30DB49B8D3287E1368, 09A8F5BCE774BA8881195AB390692048C3B05EDC8C0BF3ACBC673FD391A29D72 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    10:15:07.0531 0x04a4 KSecDD - ok
    10:15:07.0578 0x04a4 [ 3695B8D03745B2F8022B161238347A9D, AFA2FFA9D3A5CA7383FA1A60C7E1C054EF6B0021A62B2AC3AAC499DF12765F93 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    10:15:07.0593 0x04a4 LanmanServer - ok
    10:15:07.0640 0x04a4 [ 3B9324D60DD321BAB7BF6F77931D3FD1, 060F32C57CF9ABE9039CDD51A7CA9DE33ED407E17ECA20DAA3AB0F795E798511 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    10:15:07.0656 0x04a4 lanmanworkstation - ok
    10:15:07.0656 0x04a4 lbrtfdc - ok
    10:15:07.0703 0x04a4 [ B280C4608AC389DA9515A35AC4CAB0FD, E76E91BDF525AFF78073C6D0EB1E65A0127BF818C0034313626DE432DFF7B631 ] libusb0 C:\WINDOWS\system32\drivers\libusb0.sys
    10:15:07.0703 0x04a4 libusb0 - ok
    10:15:07.0734 0x04a4 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    10:15:07.0750 0x04a4 LmHosts - ok
    10:15:07.0796 0x04a4 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    10:15:07.0796 0x04a4 MBAMProtector - ok
    10:15:07.0906 0x04a4 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    10:15:07.0937 0x04a4 MBAMScheduler - ok
    10:15:07.0984 0x04a4 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    10:15:08.0031 0x04a4 MBAMService - ok
    10:15:08.0046 0x04a4 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    10:15:08.0046 0x04a4 Messenger - ok
    10:15:08.0109 0x04a4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    10:15:08.0109 0x04a4 mnmdd - ok
    10:15:08.0156 0x04a4 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    10:15:08.0156 0x04a4 mnmsrvc - ok
    10:15:08.0203 0x04a4 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    10:15:08.0203 0x04a4 Modem - ok
    10:15:08.0234 0x04a4 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    10:15:08.0234 0x04a4 Mouclass - ok
    10:15:08.0250 0x04a4 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    10:15:08.0265 0x04a4 mouhid - ok
    10:15:08.0265 0x04a4 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    10:15:08.0265 0x04a4 MountMgr - ok
    10:15:08.0375 0x04a4 [ 5D494509432897338AFC19DB78A76DCB, 873F61F45D4A96096E17F9E266B1A20CCD65E4678DDB21DDE3DB98E831E524D3 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:15:08.0375 0x04a4 MozillaMaintenance - ok
    10:15:08.0437 0x04a4 [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    10:15:08.0437 0x04a4 MpFilter - ok
    10:15:08.0671 0x04a4 [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl332279d5 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A056EC21-C948-44DF-84CB-8D9969B06BEA}\MpKsl332279d5.sys
    10:15:08.0687 0x04a4 MpKsl332279d5 - ok
    10:15:08.0718 0x04a4 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    10:15:08.0734 0x04a4 MRxDAV - ok
    10:15:08.0765 0x04a4 [ FB2FCCC70F7174C7BF64F48E96D3ADF4, 484B4DF0A500CAE8AFA4F3A6393615A3963D91C95939025DF1A172C9A67D951D ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    10:15:08.0781 0x04a4 MRxSmb - ok
    10:15:08.0843 0x04a4 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    10:15:08.0843 0x04a4 MSDTC - ok
    10:15:08.0890 0x04a4 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    10:15:08.0890 0x04a4 Msfs - ok
    10:15:08.0906 0x04a4 MSIServer - ok
    10:15:08.0937 0x04a4 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    10:15:08.0937 0x04a4 MSKSSRV - ok
    10:15:09.0015 0x04a4 [ 0A7F86657755ADA92C57E597BF5151F7, E226DFF12C4930DF1D0F1D2E7CE7BFFDF62F6DC402200EEFE196D14172A59B63 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    10:15:09.0015 0x04a4 MsMpSvc - ok
    10:15:09.0046 0x04a4 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    10:15:09.0046 0x04a4 MSPCLOCK - ok
    10:15:09.0046 0x04a4 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    10:15:09.0062 0x04a4 MSPQM - ok
    10:15:09.0093 0x04a4 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    10:15:09.0093 0x04a4 mssmbios - ok
    10:15:09.0156 0x04a4 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    10:15:09.0156 0x04a4 Mup - ok
    10:15:09.0234 0x04a4 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
    10:15:09.0234 0x04a4 napagent - ok
    10:15:09.0296 0x04a4 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    10:15:09.0312 0x04a4 NDIS - ok
    10:15:09.0328 0x04a4 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    10:15:09.0328 0x04a4 NdisTapi - ok
    10:15:09.0359 0x04a4 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    10:15:09.0359 0x04a4 Ndisuio - ok
    10:15:09.0375 0x04a4 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    10:15:09.0390 0x04a4 NdisWan - ok
    10:15:09.0421 0x04a4 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    10:15:09.0421 0x04a4 NDProxy - ok
    10:15:09.0484 0x04a4 [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    10:15:09.0484 0x04a4 Net Driver HPZ12 - ok
    10:15:09.0500 0x04a4 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    10:15:09.0515 0x04a4 NetBIOS - ok
    10:15:09.0531 0x04a4 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    10:15:09.0531 0x04a4 NetBT - ok
    10:15:09.0546 0x04a4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
    10:15:09.0546 0x04a4 NetDDE - ok
    10:15:09.0562 0x04a4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    10:15:09.0562 0x04a4 NetDDEdsdm - ok
    10:15:09.0562 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
    10:15:09.0562 0x04a4 Netlogon - ok
    10:15:09.0593 0x04a4 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
    10:15:09.0609 0x04a4 Netman - ok
    10:15:09.0656 0x04a4 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:15:09.0671 0x04a4 NetTcpPortSharing - ok
    10:15:09.0703 0x04a4 [ FCEE5FCB99F7C724593365C706D28388, 96A5E34E78934026357945F7CA3D1BBEF284BE76625DF3CB6B4B5EA4B5807136 ] Nla C:\WINDOWS\System32\mswsock.dll
    10:15:09.0703 0x04a4 Nla - ok
    10:15:09.0765 0x04a4 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    10:15:09.0765 0x04a4 Npfs - ok
    10:15:09.0781 0x04a4 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    10:15:09.0828 0x04a4 Ntfs - ok
    10:15:09.0843 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    10:15:09.0843 0x04a4 NtLmSsp - ok
    10:15:09.0875 0x04a4 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    10:15:09.0890 0x04a4 NtmsSvc - ok
    10:15:09.0937 0x04a4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
    10:15:09.0937 0x04a4 Null - ok
    10:15:09.0968 0x04a4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    10:15:09.0968 0x04a4 NwlnkFlt - ok
    10:15:09.0984 0x04a4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    10:15:09.0984 0x04a4 NwlnkFwd - ok
    10:15:10.0031 0x04a4 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    10:15:10.0031 0x04a4 Parport - ok
    10:15:10.0046 0x04a4 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    10:15:10.0046 0x04a4 PartMgr - ok
    10:15:10.0062 0x04a4 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    10:15:10.0078 0x04a4 ParVdm - ok
    10:15:10.0109 0x04a4 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    10:15:10.0125 0x04a4 PCI - ok
    10:15:10.0125 0x04a4 PCIDump - ok
    10:15:10.0171 0x04a4 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    10:15:10.0171 0x04a4 PCIIde - ok
    10:15:10.0203 0x04a4 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    10:15:10.0218 0x04a4 Pcmcia - ok
    10:15:10.0218 0x04a4 PDCOMP - ok
    10:15:10.0218 0x04a4 PDFRAME - ok
    10:15:10.0234 0x04a4 PDRELI - ok
    10:15:10.0234 0x04a4 PDRFRAME - ok
    10:15:10.0281 0x04a4 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] PlugPlay C:\WINDOWS\system32\services.exe
    10:15:10.0281 0x04a4 PlugPlay - ok
    10:15:10.0296 0x04a4 [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    10:15:10.0296 0x04a4 Pml Driver HPZ12 - ok
    10:15:10.0312 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    10:15:10.0312 0x04a4 PolicyAgent - ok
    10:15:10.0375 0x04a4 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    10:15:10.0375 0x04a4 PptpMiniport - ok
    10:15:10.0375 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    10:15:10.0375 0x04a4 ProtectedStorage - ok
    10:15:10.0390 0x04a4 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    10:15:10.0390 0x04a4 PSched - ok
    10:15:10.0453 0x04a4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    10:15:10.0453 0x04a4 Ptilink - ok
    10:15:10.0578 0x04a4 [ AB51E1F08C8E789D6C9E8B94D15BE9A9, 35386087B0D57D181FE39E4AFBFFE4DB5B827DACA6D87F1F5563B26547993E24 ] RapportCerberus_59849 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
    10:15:10.0593 0x04a4 RapportCerberus_59849 - ok
    10:15:10.0703 0x04a4 [ 9D52A4DEB9F28CC41EB61346E3808E4D, 6025F833B27B7A86E2F69F2D6D994DE95DCAD33FFC8FFA52BF45E350417BAAA0 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
    10:15:10.0703 0x04a4 RapportEI - ok
    10:15:10.0718 0x04a4 [ 4136175FABB89CB493DF1D237DB50CF4, F38E6AA084A910D2445CEF53EC7E6FFB74AE3FE518A052562A0AEEC8F1DD37C1 ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys
    10:15:10.0734 0x04a4 RapportKELL - ok
    10:15:10.0828 0x04a4 [ 02396BD77121751A738444325E1F14E8, C9A0B4D423C18014DD6523332B378BD0E85E5EE9F9B33C892DCA5DEECEEF805C ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    10:15:10.0906 0x04a4 RapportMgmtService - ok
    10:15:10.0968 0x04a4 [ A9B99416DE6CADEE2D3C369B634F20F1, A2836B5BD439EE9163317ADA1E10D911F55FF0E3459CF3AEFDC3FBB6C16570ED ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
    10:15:10.0968 0x04a4 RapportPG - ok
    10:15:11.0031 0x04a4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    10:15:11.0031 0x04a4 RasAcd - ok
    10:15:11.0078 0x04a4 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
    10:15:11.0093 0x04a4 RasAuto - ok
    10:15:11.0093 0x04a4 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    10:15:11.0109 0x04a4 Rasl2tp - ok
    10:15:11.0125 0x04a4 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
    10:15:11.0140 0x04a4 RasMan - ok
    10:15:11.0156 0x04a4 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    10:15:11.0156 0x04a4 RasPppoe - ok
    10:15:11.0156 0x04a4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    10:15:11.0171 0x04a4 Raspti - ok
    10:15:11.0187 0x04a4 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    10:15:11.0187 0x04a4 Rdbss - ok
    10:15:11.0203 0x04a4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    10:15:11.0203 0x04a4 RDPCDD - ok
    10:15:11.0265 0x04a4 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    10:15:11.0281 0x04a4 rdpdr - ok
    10:15:11.0343 0x04a4 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    10:15:11.0343 0x04a4 RDPWD - ok
    10:15:11.0406 0x04a4 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    10:15:11.0421 0x04a4 RDSessMgr - ok
    10:15:11.0437 0x04a4 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    10:15:11.0437 0x04a4 redbook - ok
    10:15:11.0500 0x04a4 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    10:15:11.0500 0x04a4 RemoteAccess - ok
    10:15:11.0546 0x04a4 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    10:15:11.0562 0x04a4 RemoteRegistry - ok
    10:15:11.0578 0x04a4 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
    10:15:11.0578 0x04a4 RpcLocator - ok
    10:15:11.0625 0x04a4 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] RpcSs C:\WINDOWS\system32\rpcss.dll
    10:15:11.0625 0x04a4 RpcSs - ok
    10:15:11.0687 0x04a4 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
    10:15:11.0687 0x04a4 RSVP - ok
    10:15:11.0765 0x04a4 [ BA11D5F61A74E156BF6F33DDDD1AD1CE, 54726EB21DF231372CDFA09909C2ACC287FB132B0CCB42E7914CE4785B88FAB2 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
    10:15:11.0796 0x04a4 RTL8192su - ok
    10:15:11.0812 0x04a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
    10:15:11.0812 0x04a4 SamSs - ok
    10:15:11.0859 0x04a4 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    10:15:11.0875 0x04a4 SASDIFSV - ok
    10:15:11.0890 0x04a4 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    10:15:11.0890 0x04a4 SASKUTIL - ok
    10:15:11.0937 0x04a4 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    10:15:11.0953 0x04a4 SCardSvr - ok
    10:15:12.0015 0x04a4 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    10:15:12.0031 0x04a4 Schedule - ok
    10:15:12.0062 0x04a4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    10:15:12.0062 0x04a4 Secdrv - ok
    10:15:12.0109 0x04a4 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
    10:15:12.0109 0x04a4 seclogon - ok
    10:15:12.0187 0x04a4 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
    10:15:12.0234 0x04a4 senfilt - ok
    10:15:12.0250 0x04a4 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
    10:15:12.0265 0x04a4 SENS - ok
    10:15:12.0265 0x04a4 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    10:15:12.0265 0x04a4 serenum - ok
    10:15:12.0281 0x04a4 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    10:15:12.0281 0x04a4 Serial - ok
    10:15:12.0312 0x04a4 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    10:15:12.0312 0x04a4 Sfloppy - ok
    10:15:12.0343 0x04a4 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    10:15:12.0343 0x04a4 SharedAccess - ok
    10:15:12.0390 0x04a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    10:15:12.0406 0x04a4 ShellHWDetection - ok
    10:15:12.0406 0x04a4 Simbad - ok
    10:15:12.0468 0x04a4 [ 0066FF77AEB4AE70066F7E94D5A6D866, 5067FC7F71FD3D1AFF4173D6379EF85DCB2B6B5588897430F3B440F3BB85D967 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    10:15:12.0484 0x04a4 smwdm - ok
    10:15:12.0500 0x04a4 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    10:15:12.0500 0x04a4 splitter - ok
    10:15:12.0562 0x04a4 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    10:15:12.0562 0x04a4 Spooler - ok
    10:15:12.0625 0x04a4 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    10:15:12.0625 0x04a4 sr - ok
    10:15:12.0640 0x04a4 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
    10:15:12.0656 0x04a4 srservice - ok
    10:15:12.0703 0x04a4 [ 9B390283569EA58D43D2586032B892F5, FADC0AD9D8F715290F02A6A59B284A6AD53C5BD13933B1D3ECC03C558C9D5885 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    10:15:12.0703 0x04a4 Srv - ok
    10:15:12.0765 0x04a4 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    10:15:12.0765 0x04a4 ssadbus - ok
    10:15:12.0781 0x04a4 [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
    10:15:12.0781 0x04a4 ssadmdfl - ok
    10:15:12.0812 0x04a4 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
    10:15:12.0812 0x04a4 ssadmdm - ok
    10:15:12.0843 0x04a4 [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
    10:15:12.0859 0x04a4 ssadserd - ok
    10:15:12.0890 0x04a4 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    10:15:12.0890 0x04a4 SSDPSRV - ok
    10:15:12.0953 0x04a4 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    10:15:12.0953 0x04a4 StillCam - ok
    10:15:13.0015 0x04a4 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    10:15:13.0031 0x04a4 stisvc - ok
    10:15:13.0046 0x04a4 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    10:15:13.0046 0x04a4 swenum - ok
    10:15:13.0062 0x04a4 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    10:15:13.0062 0x04a4 swmidi - ok
    10:15:13.0062 0x04a4 SwPrv - ok
    10:15:13.0062 0x04a4 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    10:15:13.0078 0x04a4 sysaudio - ok
    10:15:13.0093 0x04a4 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    10:15:13.0093 0x04a4 SysmonLog - ok
    10:15:13.0125 0x04a4 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    10:15:13.0125 0x04a4 TapiSrv - ok
    10:15:13.0171 0x04a4 [ AD978A1B783B5719720CFF204B666C8E, FA50A3664522C58E1637C06731B9CB9D56FF14F0A5F8AB496A1945585E8A2C16 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    10:15:13.0187 0x04a4 Tcpip - ok
    10:15:13.0234 0x04a4 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    10:15:13.0234 0x04a4 TDPIPE - ok
    10:15:13.0250 0x04a4 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    10:15:13.0250 0x04a4 TDTCP - ok
    10:15:13.0281 0x04a4 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    10:15:13.0281 0x04a4 TermDD - ok
    10:15:13.0312 0x04a4 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
    10:15:13.0328 0x04a4 TermService - ok
    10:15:13.0375 0x04a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
    10:15:13.0390 0x04a4 Themes - ok
    10:15:13.0437 0x04a4 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    10:15:13.0453 0x04a4 TlntSvr - ok
    10:15:13.0453 0x04a4 TosIde - ok
    10:15:13.0468 0x04a4 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    10:15:13.0484 0x04a4 TrkWks - ok
    10:15:13.0500 0x04a4 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    10:15:13.0500 0x04a4 Udfs - ok
    10:15:13.0578 0x04a4 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    10:15:13.0640 0x04a4 Update - ok
    10:15:13.0703 0x04a4 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
    10:15:13.0718 0x04a4 upnphost - ok
    10:15:13.0765 0x04a4 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    10:15:13.0765 0x04a4 usbccgp - ok
    10:15:13.0828 0x04a4 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    10:15:13.0828 0x04a4 usbehci - ok
    10:15:13.0843 0x04a4 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    10:15:13.0843 0x04a4 usbhub - ok
    10:15:13.0890 0x04a4 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    10:15:13.0890 0x04a4 usbprint - ok
    10:15:13.0937 0x04a4 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    10:15:13.0937 0x04a4 usbscan - ok
    10:15:13.0953 0x04a4 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    10:15:13.0953 0x04a4 USBSTOR - ok
    10:15:13.0953 0x04a4 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    10:15:13.0953 0x04a4 usbuhci - ok
    10:15:14.0000 0x04a4 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    10:15:14.0000 0x04a4 VgaSave - ok
    10:15:14.0000 0x04a4 ViaIde - ok
    10:15:14.0031 0x04a4 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    10:15:14.0031 0x04a4 VolSnap - ok
    10:15:14.0062 0x04a4 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
    10:15:14.0062 0x04a4 VSS - ok
    10:15:14.0093 0x04a4 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
    10:15:14.0093 0x04a4 W32Time - ok
    10:15:14.0109 0x04a4 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    10:15:14.0109 0x04a4 Wanarp - ok
    10:15:14.0109 0x04a4 WDICA - ok
    10:15:14.0125 0x04a4 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    10:15:14.0125 0x04a4 wdmaud - ok
    10:15:14.0140 0x04a4 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
    10:15:14.0140 0x04a4 WebClient - ok
    10:15:14.0281 0x04a4 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    10:15:14.0296 0x04a4 winmgmt - ok
    10:15:14.0750 0x04a4 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:15:14.0875 0x04a4 wlidsvc - ok
    10:15:14.0937 0x04a4 [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    10:15:14.0953 0x04a4 WmdmPmSN - ok
    10:15:15.0031 0x04a4 [ C8A6C82F90B055149925DC7526B2D78C, 9E0FA00550229883025E8AD0BC3E3F55457B241D0D259B178935F0B16EC30BB2 ] Wmi C:\WINDOWS\System32\advapi32.dll
    10:15:15.0062 0x04a4 Wmi - ok
    10:15:15.0125 0x04a4 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    10:15:15.0125 0x04a4 WmiApSrv - ok
    10:15:15.0265 0x04a4 [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    10:15:15.0296 0x04a4 WMPNetworkSvc - ok
    10:15:15.0343 0x04a4 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    10:15:15.0343 0x04a4 wscsvc - ok
    10:15:15.0390 0x04a4 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    10:15:15.0406 0x04a4 wuauserv - ok
    10:15:15.0437 0x04a4 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    10:15:15.0437 0x04a4 WudfPf - ok
    10:15:15.0437 0x04a4 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    10:15:15.0453 0x04a4 WudfRd - ok
    10:15:15.0484 0x04a4 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    10:15:15.0484 0x04a4 WudfSvc - ok
    10:15:15.0515 0x04a4 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    10:15:15.0562 0x04a4 WZCSVC - ok
    10:15:15.0625 0x04a4 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    10:15:15.0625 0x04a4 xmlprov - ok
    10:15:15.0640 0x04a4 ================ Scan global ===============================
    10:15:15.0703 0x04a4 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    10:15:15.0765 0x04a4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    10:15:15.0781 0x04a4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    10:15:15.0828 0x04a4 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] C:\WINDOWS\system32\services.exe
    10:15:15.0828 0x04a4 [ Global ] - ok
    10:15:15.0828 0x04a4 ================ Scan MBR ==================================
    10:15:15.0859 0x04a4 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    10:15:16.0062 0x04a4 \Device\Harddisk0\DR0 - ok
    10:15:16.0062 0x04a4 ================ Scan VBR ==================================
    10:15:16.0078 0x04a4 [ 5D81D4768A18FA7D2F5A8797FDAF157D ] \Device\Harddisk0\DR0\Partition1
    10:15:16.0078 0x04a4 \Device\Harddisk0\DR0\Partition1 - ok
    10:15:16.0078 0x04a4 Waiting for KSN requests completion. In queue: 186
    10:15:17.0078 0x04a4 Waiting for KSN requests completion. In queue: 186
    10:15:18.0078 0x04a4 Waiting for KSN requests completion. In queue: 186
    10:15:19.0343 0x04a4 AV detected via SS1: Microsoft Security Essentials, 4.3.0219.0, enabled, updated
    10:15:19.0343 0x04a4 AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
    10:15:19.0359 0x04a4 Win FW state via NFM: enabled
    10:15:21.0781 0x04a4 ============================================================
    10:15:21.0781 0x04a4 Scan finished
    10:15:21.0781 0x04a4 ============================================================
    10:15:21.0796 0x0c20 Detected object count: 0
    10:15:21.0796 0x0c20 Actual detected object count: 0
    10:15:26.0703 0x0d3c Deinitialize success

  5. #5
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Kazashy1,

    You're most welcome!

    I see the forum software is a tad bit slow today. To help prevent double posts, please allow some time for your post to submit before clicking a second time.

    Let's remove the nasties that AdwCleaner found.

    Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished, this time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.



    Next:

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.



    In your next reply, please provide the logs for the following:

    AdwCleaner[S0].txt
    checkup.txt


    In the meantime, I will have a closer look at the above OTL/Extras.txt logs.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. #6
    Member
    Join Date
    Nov 2013
    Posts
    8
    Points
    0

    Default

    Thank you Donna, Sorry for being impatient when posting earlier!

    Here are the two logs.

    # AdwCleaner v3.012 - Report created 14/11/2013 at 17:35:51
    # Updated 11/11/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Any User - MAINPC
    # Running from : C:\Documents and Settings\Any User\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec
    Folder Deleted : C:\Program Files\myfree codec
    Folder Deleted : C:\Documents and Settings\Any User\Application Data\DSite
    File Deleted : C:\WINDOWS\Downloaded Program Files\popcaploader.inf

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
    Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe]
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\Myfree Codec
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v25.0 (en-US)

    [ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\wb6rty6o.default\prefs.js ]


    [ File : C:\Documents and Settings\Any User\Application Data\Mozilla\Firefox\Profiles\6ijq93f8.default-1368782195859\prefs.js ]


    -\\ Google Chrome v31.0.1650.48

    [ File : C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4001 octets] - [14/11/2013 09:14:26]
    AdwCleaner[R1].txt - [4046 octets] - [14/11/2013 10:12:15]
    AdwCleaner[R2].txt - [4106 octets] - [14/11/2013 17:34:29]
    AdwCleaner[S0].txt - [4107 octets] - [14/11/2013 17:35:51]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4167 octets] ##########

    Results of screen317's Security Check version 0.99.77
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.75.0.1300
    CCleaner
    Java(TM) 6 Update 20
    Java 7 Update 45
    Adobe Flash Player 11.9.900.117
    Adobe Reader XI
    Mozilla Firefox (25.0)
    Google Chrome 31.0.1650.48
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 9%
    ````````````````````End of Log``````````````````````

  7. #7
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Thanks Kazashy1,

    Which browser is your default browser?

    What page opens when IE opens on its own?

    Everything looks pretty clean from my angle though we do need to remove an older version of Java:

    Please go to your Add\Remove Programs and uninstall the following:

    Java(TM) 6 Update 20

    Then I would like for you to run the following online scanner, please. If anything is found in the log that is generated that you post for my viewing pleasure I will remove with OTL:

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will, however, need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)
    Last edited by DonnaB; 11-14-2013 at 07:41 PM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  8. #8
    Member
    Join Date
    Nov 2013
    Posts
    8
    Points
    0

    Default

    Hi Donna, Thank you again!

    I don't know what the page is that opens because it hasn't done it today and it's not in the history.

    Here's the log from the ESET scanner

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=af40c0b4ccd7cf46b8e4d69ccc291ce6
    # engine=15892
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-11-15 10:30:03
    # local_time=2013-11-15 10:30:03 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=5892 16777213 88 94 2638197 48686478 0 0
    # scanned=74660
    # found=5
    # cleaned=0
    # scan_time=5707
    sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ application" ac=I fn="C:\Documents and Settings\Any User\Application Data\PDF Reader Packages\uninstaller.exe"
    sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ application" ac=I fn="C:\Documents and Settings\Any User\Local Settings\Temp\1974593.Uninstall\uninstaller.exe"
    sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ application" ac=I fn="C:\Documents and Settings\Any User\Local Settings\Temp\2041640.Uninstall\uninstaller.exe"
    sh=29106BDE8446394D8043FD4125592BF279E8941F ft=1 fh=21c668da5b7929e2 vn="multiple threats" ac=I fn="C:\Documents and Settings\Any User\My Documents\Downloads\pcspeedup_d4d3b874abe141dd8dfbfee2d334334f_.exe"
    sh=916DC38DA2488AF7141574A6C01A32F0A47F26F6 ft=1 fh=600b477993d764dd vn="a variant of Win32/OpenInstall application" ac=I fn="C:\Documents and Settings\Any User\My Documents\Downloads\WinZip170.exe"


    Kaz

  9. #9
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Perfect! You're welcome Kaz!

    No serious malicious files were found. Just a few stragglers from previously installed programs.

    Let's remove those files with OTL before we uninstall our tools:

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      :COMMANDS
      [CREATERESTOREPOINT]

      :OTL
      [2013/11/13 10:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
      [2013/10/21 10:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon

      :Files
      C:\Documents and Settings\Any User\Application Data\PDF Reader Packages\uninstaller.exe
      C:\Documents and Settings\Any User\Local Settings\Temp\1974593.Uninstall\uninstaller.exe
      C:\Documents and Settings\Any User\Local Settings\Temp\2041640.Uninstall\uninstaller.exe
      C:\Documents and Settings\Any User\My Documents\Downloads\pcspeedup_d4d3b874abe141dd8dfbfee2d334334f_.exe
      C:\Documents and Settings\Any User\My Documents\Downloads\WinZip170.exe

      :Commands
      [resethosts]
      [emptytemp]
      [Reboot]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Please post the following logs in your next reply:

    C:\_OTL\Moved Files
    OTL.txt


    Please let me know how the computer is running and if you are still having trouble with IE opening on it's own. If your PC is still running slow, explain in great detail what seems to be generating the slowness.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  10. The Following User Says Thank You to DonnaB For This Useful Post:


  11. #10
    Member
    Join Date
    Nov 2013
    Posts
    8
    Points
    0

    Default

    Hi Donna, Here are the logs you request.

    Everything seems much better now. Thank you so much for your help.

    Kaz

    All processes killed
    ========== COMMANDS ==========
    System Restore Service not available.
    ========== OTL ==========
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Folder move failed. C:\Program Files\Trend Micro\HiJackThis\backups scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trend Micro\HiJackThis scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trend Micro scheduled to be moved on reboot.
    Folder C:\Documents and Settings\All Users\Application Data\Babylon\ not found.
    ========== FILES ==========
    File\Folder C:\Documents and Settings\Any User\Application Data\PDF Reader Packages\uninstaller.exe not found.
    File\Folder C:\Documents and Settings\Any User\Local Settings\Temp\1974593.Uninstall\uninstaller.exe not found.
    File\Folder C:\Documents and Settings\Any User\Local Settings\Temp\2041640.Uninstall\uninstaller.exe not found.
    File\Folder C:\Documents and Settings\Any User\My Documents\Downloads\pcspeedup_d4d3b874abe141dd8dfbfee2d334334f_.exe not found.
    File\Folder C:\Documents and Settings\Any User\My Documents\Downloads\WinZip170.exe not found.
    ========== COMMANDS ==========
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
    Error: Unble to create default HOSTS file!

    [EMPTYTEMP]

    User: All Users

    User: Any User

    User: Default User
    ->Temp folder emptied: 0 bytes
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    ->Temporary Internet Files folder emptied: 33170 bytes
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    ->Flash cache emptied: 56504 bytes

    User: LocalService

    User: NetworkService

    %systemdrive% .tmp files removed: 0 bytes
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    %systemroot% .tmp files removed: 2402797 bytes
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    Unable to locate HKLM\Software\OldTimer Tools\OTL key.
    %systemroot%\System32 .tmp files removed: 558097 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 3.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11152013_125002



    OTL logfile created on: 15/11/2013 13:48:52 - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Any User\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.49 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 55.91% Memory free
    2.83 Gb Paging File | 2.24 Gb Available in Paging File | 78.95% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 28.14 Gb Free Space | 37.77% Space Free | Partition Type: NTFS

    Computer Name: MAINPC | User Name: Any User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/14 08:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    PRC - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/10/17 15:04:30 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/08/12 09:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/05/25 00:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2012/08/31 08:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012/08/31 08:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/08/31 08:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
    PRC - [2009/01/08 08:42:54 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/27 18:36:32 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2013/10/11 12:00:58 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/11 11:57:48 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
    MOD - [2013/10/11 11:57:18 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/11 11:56:46 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bae93d40999e6497d4efb81429d15943\PresentationFramework.ni.dll
    MOD - [2013/10/11 11:55:24 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\065efe0fe58c464f5fb108cb0791e6ad\PresentationCore.ni.dll
    MOD - [2013/10/11 11:54:42 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25798162f0e3229e9754b28f5b6d9dd\WindowsBase.ni.dll
    MOD - [2013/10/10 21:46:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013/08/16 08:03:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/16 08:03:34 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
    MOD - [2013/08/15 21:59:38 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/15 21:59:07 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
    MOD - [2013/08/15 21:56:41 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/07/11 09:31:12 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll
    MOD - [2013/07/10 22:44:07 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2013/03/13 20:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\libcef.dll
    MOD - [2012/11/13 23:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2012/10/01 12:23:56 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Any User\Local Settings\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
    MOD - [2012/08/31 08:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2012/08/31 08:46:26 | 015,342,592 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    MOD - [2012/08/31 08:45:44 | 000,559,616 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    MOD - [2012/08/28 09:23:40 | 000,034,816 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    MOD - [2012/08/28 09:22:46 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    MOD - [2012/08/28 09:06:08 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll
    MOD - [2012/08/28 09:05:16 | 000,659,408 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
    MOD - [2012/08/28 09:05:16 | 000,552,400 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
    MOD - [2012/08/28 09:05:16 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
    MOD - [2012/08/28 09:05:16 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
    MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV - [2013/11/07 11:27:49 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/10/09 17:12:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Disabled | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2009/01/08 08:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/10/27 18:36:10 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
    DRV - [2013/10/17 15:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2013/10/17 15:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/06/27 08:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2012/06/27 08:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
    DRV - [2012/06/27 08:37:56 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
    DRV - [2012/06/27 08:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV - [2011/12/20 02:46:50 | 000,021,504 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/11/25 06:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2009/01/08 08:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2008/05/29 18:33:35 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/05/29 18:31:21 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Sky.com | Your Home for the Latest Sky News, Sports & Entertainment
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sky.com | Your Home for the Latest Sky News, Sports & Entertainment
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/12 11:41:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/07 11:26:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/07 11:27:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/12 11:41:37 | 000,000,000 | ---D | M]

    [2011/06/15 10:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Any User\Application Data\Mozilla\Extensions
    [2013/09/27 11:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Any User\Application Data\Mozilla\Firefox\Profiles\6ijq93f8.default-1368782195859\extensions
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/11/07 11:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/11/07 11:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/11/07 11:27:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: Google
    CHR - Extension: Google Docs = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Docs = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Any User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/11/08 14:24:15 | 000,450,581 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 ???-www.0scan.com-???
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 博彩通,博彩网,金宝博188,博彩通评级,百家乐,奥妙百家乐
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15468 more lines...
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - Startup: C:\Documents and Settings\Any User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Any User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/po...loader_v10.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13E0217E-FF20-4DE9-8EA9-26F219294A5E}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Any User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Any User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/14 14:15:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/15 12:50:02 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/11/15 08:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/11/14 09:14:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/11/14 08:44:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    [2013/11/13 15:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Desktop\Antivirus
    [2013/11/13 11:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [2013/11/13 11:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\SUPERAntiSpyware.com
    [2013/11/13 11:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2013/11/13 11:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/11/13 11:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2013/11/13 10:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Start Menu\Programs\HiJackThis
    [2013/11/13 10:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2013/11/12 09:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013/11/12 09:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
    [2013/11/08 14:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2013/11/08 14:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/11/07 15:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\Malwarebytes
    [2013/11/07 15:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/11/07 15:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/11/07 15:21:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/11/07 15:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/11/07 11:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
    [2013/11/07 11:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
    [2013/11/07 11:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/11/02 14:50:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Any User\Recent
    [2013/10/23 10:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2013/10/23 10:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2013/10/23 10:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
    [2013/10/23 10:18:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer
    [2013/10/21 10:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\SumatraPDF
    [2013/10/21 10:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Any User\Application Data\PDF Reader Packages
    [2013/10/21 10:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
    [2013/10/17 15:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/15 13:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/11/15 13:04:49 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/15 11:24:00 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1556acdf-7763-49da-a160-53035927d014.job
    [2013/11/15 07:56:16 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/11/15 07:46:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/15 07:46:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/11/15 07:45:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/11/14 09:33:44 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2013/11/14 08:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Any User\Desktop\OTL.exe
    [2013/11/13 22:32:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/11/13 14:53:06 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Any User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/11/13 11:24:44 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7ca0f79e-dc93-4383-b046-f9d5dc932607.job
    [2013/11/08 16:40:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/11/08 14:24:15 | 000,450,581 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/10/27 08:08:13 | 000,433,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/10/27 08:08:13 | 000,067,862 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/14 09:33:32 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2013/11/13 22:32:01 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2013/11/13 11:37:30 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/11/13 11:24:44 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7ca0f79e-dc93-4383-b046-f9d5dc932607.job
    [2013/11/13 11:24:44 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1556acdf-7763-49da-a160-53035927d014.job
    [2013/10/22 10:18:04 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
    [2013/10/22 10:18:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
    [2013/04/03 13:47:39 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\Any User\Local Settings\Application Data\recently-used.xbel
    [2012/08/28 09:04:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2012/08/28 09:04:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2012/08/28 09:04:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2012/08/28 09:04:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2012/08/28 09:04:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2012/02/16 09:15:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/02/17 20:54:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/19 10:41:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\$_hpcst$.hpc
    [2010/08/14 11:06:07 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Any User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/14 14:36:05 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Any User\Application Data\Launch Internet Explorer Browser.lnk

    ========== ZeroAccess Check ==========

    [2011/10/22 10:06:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/17 09:43:54 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/10/30 08:57:57 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/08/23 17:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2011/11/24 14:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
    [2013/02/24 15:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    [2011/05/02 16:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2010/12/09 11:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2012/10/01 12:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2012/10/11 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2013/08/03 11:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2010/12/31 09:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2013/10/30 11:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\DAEMON Tools Pro
    [2013/11/15 07:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\Dropbox
    [2012/09/05 16:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\ICAClient
    [2010/08/11 11:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\OpenOffice.org
    [2012/02/01 17:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\OverDrive
    [2013/10/21 10:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\PDF Reader Packages
    [2011/03/01 15:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\RegistryKeys
    [2012/10/01 12:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\Samsung
    [2011/05/04 11:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\ScanSoft
    [2013/10/21 10:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Any User\Application Data\SumatraPDF

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Any User\My Documents\CCCS letter.odt:SummaryInformation
    @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
    @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CCCAD05

    < End of report >

Page 1 of 2 12 LastLast