Solved My Win7 Toshiba has Win/32 Bundled Variant

April 16, 2014 at 02:11:17
Specs: Windows 7
I have run the following programs... First ESET Online Scanner which found 16 instances of the Win32/bundled variant. I ran Adwcleaner, unhide, roguekiller, and defogger. I'm in the process of running Combofix. All logs posted below.

ESET:

C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SPCV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Users\Indy\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Indy\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Indy\Downloads\spotflux-latestPC.exe a variant of Win32/Bunndle potentially unsafe application deleted - quarantined


See More: My Win7 Toshiba has Win/32 Bundled Variant

Report •


✔ Best Answer
April 16, 2014 at 14:47:21
You are clean.

You can Update & run Malwarebytes if you want to confirm.

What ESET found appears to be old AdwCleaner removals, which had never been deleted from Quarantine.

Example:

"ESET:

C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined"



#1
April 16, 2014 at 02:17:12
Adwcleaner:

# AdwCleaner v3.023 - Report created 16/04/2014 at 15:19:58
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Indy - INDYSHIBA
# Running from : C:\Users\Indy\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Indy\AppData\LocalLow\boost_interprocess

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1620 octets] - [03/09/2013 11:11:46]
AdwCleaner[R1].txt - [1329 octets] - [27/10/2013 19:58:57]
AdwCleaner[R2].txt - [1136 octets] - [28/10/2013 13:50:44]
AdwCleaner[R3].txt - [1452 octets] - [13/12/2013 18:58:18]
AdwCleaner[R4].txt - [1377 octets] - [13/12/2013 19:04:54]
AdwCleaner[R5].txt - [1498 octets] - [16/12/2013 13:15:07]
AdwCleaner[R6].txt - [1616 octets] - [22/12/2013 14:48:53]
AdwCleaner[R7].txt - [1728 octets] - [30/12/2013 14:27:53]
AdwCleaner[R8].txt - [2323 octets] - [18/02/2014 15:34:36]
AdwCleaner[R9].txt - [2028 octets] - [16/04/2014 15:18:47]
AdwCleaner[S0].txt - [1723 octets] - [03/09/2013 11:12:36]
AdwCleaner[S1].txt - [1400 octets] - [27/10/2013 20:01:17]
AdwCleaner[S2].txt - [1198 octets] - [28/10/2013 13:53:34]
AdwCleaner[S3].txt - [1523 octets] - [13/12/2013 18:59:56]
AdwCleaner[S4].txt - [1439 octets] - [13/12/2013 19:06:34]
AdwCleaner[S5].txt - [1559 octets] - [16/12/2013 13:16:54]
AdwCleaner[S6].txt - [1677 octets] - [22/12/2013 15:00:51]
AdwCleaner[S7].txt - [1789 octets] - [30/12/2013 14:29:44]
AdwCleaner[S8].txt - [2416 octets] - [18/02/2014 15:37:09]
AdwCleaner[S9].txt - [1953 octets] - [16/04/2014 15:19:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2013 octets] ##########

Unhide:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 04/16/2014 03:30:34 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 265381 files processed.

The C:\Users\Indy\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 04/16/2014 03:39:11 PM
Execution time: 0 hours(s), 8 minute(s), and 37 seconds(s)


Report •

#2
April 16, 2014 at 02:19:02
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Indy [Admin rights]
Mode : Remove -- Date : 04/16/2014 15:56:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC09AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE0731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC08ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73ECE6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73ECD395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB94AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73ECD9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73ED3B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE35E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB51BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBFCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE2FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE06CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC04BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC0473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE2E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC05DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC0FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBCD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBBF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE2932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE2412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBFF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE23B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC06E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBCDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE2350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73ED3FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC3611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC39D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE22E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE3172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73ED3274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE29C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE2BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE2B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC1081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBDF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC3CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBF869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB85B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EB73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73ED3D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE3296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EC0134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73ECCFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EBB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x73EE068D)
[Address] EAT @explorer.exe (DllCanUnloadNow) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74312B3B)
[Address] EAT @explorer.exe (DllGetClassObject) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7432188E)
[Address] EAT @explorer.exe (DllGetVersion) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74312982)
[Address] EAT @explorer.exe (DllRegisterServer) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743A7DC5)
[Address] EAT @explorer.exe (DllUnregisterServer) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743A818F)
[Address] EAT @explorer.exe (Migrate10CachedPackagesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AC744)
[Address] EAT @explorer.exe (Migrate10CachedPackagesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AE1AC)
[Address] EAT @explorer.exe (MsiAdvertiseProductA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B257F)
[Address] EAT @explorer.exe (MsiAdvertiseProductExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B27D7)
[Address] EAT @explorer.exe (MsiAdvertiseProductExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AD6C1)
[Address] EAT @explorer.exe (MsiAdvertiseProductW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AD46F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B8A3F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BB641)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C5903)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C1057)
[Address] EAT @explorer.exe (MsiApplyPatchA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B2D5D)
[Address] EAT @explorer.exe (MsiApplyPatchW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AD943)
[Address] EAT @explorer.exe (MsiBeginTransactionA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C9441)
[Address] EAT @explorer.exe (MsiBeginTransactionW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C39D4)
[Address] EAT @explorer.exe (MsiCloseAllHandles) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D00C3)
[Address] EAT @explorer.exe (MsiCloseHandle) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D0015)
[Address] EAT @explorer.exe (MsiCollectUserInfoA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B1C3A)
[Address] EAT @explorer.exe (MsiCollectUserInfoW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AD16F)
[Address] EAT @explorer.exe (MsiConfigureFeatureA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B1D5A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BD70A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BE41B)
[Address] EAT @explorer.exe (MsiConfigureFeatureW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AD2B7)
[Address] EAT @explorer.exe (MsiConfigureProductA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BF256)
[Address] EAT @explorer.exe (MsiConfigureProductExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BDACA)
[Address] EAT @explorer.exe (MsiConfigureProductExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BE891)
[Address] EAT @explorer.exe (MsiConfigureProductW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BF581)
[Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7432B2E1)
[Address] EAT @explorer.exe (MsiCreateRecord) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1514)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D55D1)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D48EF)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D48A9)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1397)
[Address] EAT @explorer.exe (MsiDatabaseCommit) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D0DEB)
[Address] EAT @explorer.exe (MsiDatabaseExportA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D4792)
[Address] EAT @explorer.exe (MsiDatabaseExportW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1008)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D485D)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1270)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D45FD)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D3C54)
[Address] EAT @explorer.exe (MsiDatabaseImportA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D472E)
[Address] EAT @explorer.exe (MsiDatabaseImportW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D0F1E)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D4643)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D0C8F)
[Address] EAT @explorer.exe (MsiDatabaseMergeA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D4817)
[Address] EAT @explorer.exe (MsiDatabaseMergeW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1111)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D45B7)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D02B7)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BDA7B)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74306286)
[Address] EAT @explorer.exe (MsiDeleteUserDataA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BA367)
[Address] EAT @explorer.exe (MsiDeleteUserDataW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B69EB)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743CD4C5)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743CC559)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743CD9D9)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743CC9E1)
[Address] EAT @explorer.exe (MsiDoActionA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D613D)
[Address] EAT @explorer.exe (MsiDoActionW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D2D61)
[Address] EAT @explorer.exe (MsiEnableLogA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B189B)
[Address] EAT @explorer.exe (MsiEnableLogW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AFBE9)
[Address] EAT @explorer.exe (MsiEnableUIPreview) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D39CD)
[Address] EAT @explorer.exe (MsiEndTransaction) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C3E11)
[Address] EAT @explorer.exe (MsiEnumClientsA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7432EC96)
[Address] EAT @explorer.exe (MsiEnumClientsExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C5D6E)
[Address] EAT @explorer.exe (MsiEnumClientsExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C13A7)
[Address] EAT @explorer.exe (MsiEnumClientsW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74313647)
[Address] EAT @explorer.exe (MsiEnumComponentCostsA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D7847)
[Address] EAT @explorer.exe (MsiEnumComponentCostsW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D7A95)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BCD6D)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7431384D)
[Address] EAT @explorer.exe (MsiEnumComponentsA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B91B9)
[Address] EAT @explorer.exe (MsiEnumComponentsExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C5B08)
[Address] EAT @explorer.exe (MsiEnumComponentsExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C121D)
[Address] EAT @explorer.exe (MsiEnumComponentsW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BBA57)
[Address] EAT @explorer.exe (MsiEnumFeaturesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B9C04)
[Address] EAT @explorer.exe (MsiEnumFeaturesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BC259)
[Address] EAT @explorer.exe (MsiEnumPatchesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C97EB)
[Address] EAT @explorer.exe (MsiEnumPatchesExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C4897)
[Address] EAT @explorer.exe (MsiEnumPatchesExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C0E79)
[Address] EAT @explorer.exe (MsiEnumPatchesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C468E)
[Address] EAT @explorer.exe (MsiEnumProductsA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B9175)
[Address] EAT @explorer.exe (MsiEnumProductsExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C6313)
[Address] EAT @explorer.exe (MsiEnumProductsExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C1729)
[Address] EAT @explorer.exe (MsiEnumProductsW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7431559D)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B9109)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BB9EB)
[Address] EAT @explorer.exe (MsiEvaluateConditionA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D61C6)
[Address] EAT @explorer.exe (MsiEvaluateConditionW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D30C1)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C4FAE)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C4C22)
[Address] EAT @explorer.exe (MsiFormatRecordA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D2A73)
[Address] EAT @explorer.exe (MsiFormatRecordW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D2BF9)
[Address] EAT @explorer.exe (MsiGetActiveDatabase) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D2639)
[Address] EAT @explorer.exe (MsiGetComponentPathA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BEEBD)
[Address] EAT @explorer.exe (MsiGetComponentPathExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C6053)
[Address] EAT @explorer.exe (MsiGetComponentPathExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C1559)
[Address] EAT @explorer.exe (MsiGetComponentPathW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743062DD)
[Address] EAT @explorer.exe (MsiGetComponentStateA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D71E3)
[Address] EAT @explorer.exe (MsiGetComponentStateW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D72DC)
[Address] EAT @explorer.exe (MsiGetDatabaseState) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D0ED9)
[Address] EAT @explorer.exe (MsiGetFeatureCostA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D75FD)
[Address] EAT @explorer.exe (MsiGetFeatureCostW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D7702)
[Address] EAT @explorer.exe (MsiGetFeatureInfoA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B0D1A)
[Address] EAT @explorer.exe (MsiGetFeatureInfoW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AF5EE)
[Address] EAT @explorer.exe (MsiGetFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D6CD5)
[Address] EAT @explorer.exe (MsiGetFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D6DC3)
[Address] EAT @explorer.exe (MsiGetFeatureUsageA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BA111)
[Address] EAT @explorer.exe (MsiGetFeatureUsageW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BC9BD)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D7CC5)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D36EC)
[Address] EAT @explorer.exe (MsiGetFileHashA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B1214)
[Address] EAT @explorer.exe (MsiGetFileHashW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ACA49)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B128C)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ACA9F)
[Address] EAT @explorer.exe (MsiGetFileVersionA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B0EF8)
[Address] EAT @explorer.exe (MsiGetFileVersionW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B3D2F)
[Address] EAT @explorer.exe (MsiGetLanguage) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D2727)
[Address] EAT @explorer.exe (MsiGetLastErrorRecord) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1D69)
[Address] EAT @explorer.exe (MsiGetMode) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D279F)
[Address] EAT @explorer.exe (MsiGetPatchFileListA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743CD25D)
[Address] EAT @explorer.exe (MsiGetPatchFileListW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C8B6E)
[Address] EAT @explorer.exe (MsiGetPatchInfoA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BA24F)
[Address] EAT @explorer.exe (MsiGetPatchInfoExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C55E9)
[Address] EAT @explorer.exe (MsiGetPatchInfoExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C5177)
[Address] EAT @explorer.exe (MsiGetPatchInfoW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BCAFB)
[Address] EAT @explorer.exe (MsiGetProductCodeA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7432EADC)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BED5F)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BF353)
[Address] EAT @explorer.exe (MsiGetProductCodeW) : WTSAPI32.dll -> HOOKED


Report •

#3
April 16, 2014 at 02:19:53

[Address] EAT @explorer.exe (MsiGetProductInfoA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BD362)
[Address] EAT @explorer.exe (MsiGetProductInfoExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C65DE)
[Address] EAT @explorer.exe (MsiGetProductInfoExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C18FF)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B0880)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AF132)
[Address] EAT @explorer.exe (MsiGetProductInfoW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74314273)
[Address] EAT @explorer.exe (MsiGetProductPropertyA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B0B90)
[Address] EAT @explorer.exe (MsiGetProductPropertyW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AF48B)
[Address] EAT @explorer.exe (MsiGetPropertyA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D596D)
[Address] EAT @explorer.exe (MsiGetPropertyW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D5BA3)
[Address] EAT @explorer.exe (MsiGetShortcutTargetA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B2A58)
[Address] EAT @explorer.exe (MsiGetShortcutTargetW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B4689)
[Address] EAT @explorer.exe (MsiGetSourcePathA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D6209)
[Address] EAT @explorer.exe (MsiGetSourcePathW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D640D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D58BD)
[Address] EAT @explorer.exe (MsiGetSummaryInformationW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D4293)
[Address] EAT @explorer.exe (MsiGetTargetPathA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D65F5)
[Address] EAT @explorer.exe (MsiGetTargetPathW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D67F9)
[Address] EAT @explorer.exe (MsiGetUserInfoA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B91FE)
[Address] EAT @explorer.exe (MsiGetUserInfoW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7432E466)
[Address] EAT @explorer.exe (MsiInstallMissingComponentA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B22C7)
[Address] EAT @explorer.exe (MsiInstallMissingComponentW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B43D9)
[Address] EAT @explorer.exe (MsiInstallMissingFileA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B2067)
[Address] EAT @explorer.exe (MsiInstallMissingFileW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B4179)
[Address] EAT @explorer.exe (MsiInstallProductA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B197E)
[Address] EAT @explorer.exe (MsiInstallProductW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ACE4B)
[Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7436D1D3)
[Address] EAT @explorer.exe (MsiIsProductElevatedA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B3306)
[Address] EAT @explorer.exe (MsiIsProductElevatedW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B4A5D)
[Address] EAT @explorer.exe (MsiJoinTransaction) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C3FEB)
[Address] EAT @explorer.exe (MsiLoadStringA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B141F)
[Address] EAT @explorer.exe (MsiLoadStringW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7431AE09)
[Address] EAT @explorer.exe (MsiLocateComponentA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BF19F)
[Address] EAT @explorer.exe (MsiLocateComponentW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BF4CA)
[Address] EAT @explorer.exe (MsiMessageBoxA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B16DA)
[Address] EAT @explorer.exe (MsiMessageBoxExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B1528)
[Address] EAT @explorer.exe (MsiMessageBoxExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ACCB1)
[Address] EAT @explorer.exe (MsiMessageBoxW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ACE24)
[Address] EAT @explorer.exe (MsiNotifySidChangeA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BA306)
[Address] EAT @explorer.exe (MsiNotifySidChangeW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B501B)
[Address] EAT @explorer.exe (MsiOpenDatabaseA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D4691)
[Address] EAT @explorer.exe (MsiOpenDatabaseW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D3D8D)
[Address] EAT @explorer.exe (MsiOpenPackageA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AEDC0)
[Address] EAT @explorer.exe (MsiOpenPackageExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AC63E)
[Address] EAT @explorer.exe (MsiOpenPackageExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AC8E9)
[Address] EAT @explorer.exe (MsiOpenPackageW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AF7AB)
[Address] EAT @explorer.exe (MsiOpenProductA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B8BF2)
[Address] EAT @explorer.exe (MsiOpenProductW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BB857)
[Address] EAT @explorer.exe (MsiPreviewBillboardA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D7D4E)
[Address] EAT @explorer.exe (MsiPreviewBillboardW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D3AEA)
[Address] EAT @explorer.exe (MsiPreviewDialogA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D7D0B)
[Address] EAT @explorer.exe (MsiPreviewDialogW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D3A96)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BCBB2)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BDF39)
[Address] EAT @explorer.exe (MsiProcessMessage) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D2F51)
[Address] EAT @explorer.exe (MsiProvideAssemblyA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BFD5D)
[Address] EAT @explorer.exe (MsiProvideAssemblyW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C0765)
[Address] EAT @explorer.exe (MsiProvideComponentA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BF7B9)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BFAB3)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74314F84)
[Address] EAT @explorer.exe (MsiProvideComponentW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C030C)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7432C385)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7432D411)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74308A47)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74308C86)
[Address] EAT @explorer.exe (MsiQueryComponentStateA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C687C)
[Address] EAT @explorer.exe (MsiQueryComponentStateW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C1AE1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BF6F1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C6A94)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C1CD9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BFC02)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C057D)
[Address] EAT @explorer.exe (MsiQueryFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x7430617D)
[Address] EAT @explorer.exe (MsiQueryProductStateA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BD45D)
[Address] EAT @explorer.exe (MsiQueryProductStateW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743149FE)
[Address] EAT @explorer.exe (MsiRecordClearData) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1D27)
[Address] EAT @explorer.exe (MsiRecordDataSize) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D16E5)
[Address] EAT @explorer.exe (MsiRecordGetFieldCount) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1916)
[Address] EAT @explorer.exe (MsiRecordGetInteger) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D18B5)
[Address] EAT @explorer.exe (MsiRecordGetStringA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D3F1D)
[Address] EAT @explorer.exe (MsiRecordGetStringW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D40CC)
[Address] EAT @explorer.exe (MsiRecordIsNull) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D15F5)
[Address] EAT @explorer.exe (MsiRecordReadStream) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1B6D)
[Address] EAT @explorer.exe (MsiRecordSetInteger) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D17C2)
[Address] EAT @explorer.exe (MsiRecordSetStreamA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D5877)
[Address] EAT @explorer.exe (MsiRecordSetStreamW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1A03)
[Address] EAT @explorer.exe (MsiRecordSetStringA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D561D)
[Address] EAT @explorer.exe (MsiRecordSetStringW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D572E)
[Address] EAT @explorer.exe (MsiReinstallFeatureA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B1EDE)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BD8C2)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BE657)
[Address] EAT @explorer.exe (MsiReinstallFeatureW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74318C24)
[Address] EAT @explorer.exe (MsiReinstallProductA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B1AFE)
[Address] EAT @explorer.exe (MsiReinstallProductW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ACFF1)
[Address] EAT @explorer.exe (MsiRemovePatchesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C9606)
[Address] EAT @explorer.exe (MsiRemovePatchesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C3702)
[Address] EAT @explorer.exe (MsiSequenceA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D6180)
[Address] EAT @explorer.exe (MsiSequenceW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D2E4B)
[Address] EAT @explorer.exe (MsiSetComponentStateA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D73EB)
[Address] EAT @explorer.exe (MsiSetComponentStateW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D74E5)
[Address] EAT @explorer.exe (MsiSetExternalUIA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AC72F)
[Address] EAT @explorer.exe (MsiSetExternalUIRecord) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C336B)
[Address] EAT @explorer.exe (MsiSetExternalUIW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74314E86)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D7001)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D70B4)
[Address] EAT @explorer.exe (MsiSetFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D6E2D)
[Address] EAT @explorer.exe (MsiSetFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D6EDF)
[Address] EAT @explorer.exe (MsiSetInstallLevel) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D3424)
[Address] EAT @explorer.exe (MsiSetInternalUI) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74314FE6)
[Address] EAT @explorer.exe (MsiSetMode) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D28BB)
[Address] EAT @explorer.exe (MsiSetOfflineContextW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D8485)
[Address] EAT @explorer.exe (MsiSetPropertyA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D5DC1)
[Address] EAT @explorer.exe (MsiSetPropertyW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D5F85)
[Address] EAT @explorer.exe (MsiSetTargetPathA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D69DD)
[Address] EAT @explorer.exe (MsiSetTargetPathW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D6B61)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C7136)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C2165)
[Address] EAT @explorer.exe (MsiSourceListAddSourceA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B3037)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C6F13)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C1F43)
[Address] EAT @explorer.exe (MsiSourceListAddSourceW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ADC51)
[Address] EAT @explorer.exe (MsiSourceListClearAllA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B2EF0)
[Address] EAT @explorer.exe (MsiSourceListClearAllExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C7875)
[Address] EAT @explorer.exe (MsiSourceListClearAllExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C281B)
[Address] EAT @explorer.exe (MsiSourceListClearAllW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ADAEB)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C764A)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C260D)
[Address] EAT @explorer.exe (MsiSourceListClearSourceA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C7436)
[Address] EAT @explorer.exe (MsiSourceListClearSourceW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C2405)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C834E)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C31B5)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C7C4B)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C2C07)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B31B8)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C7A6C)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C2A09)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743ADDDB)
[Address] EAT @explorer.exe (MsiSourceListGetInfoA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C7E30)
[Address] EAT @explorer.exe (MsiSourceListGetInfoW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C2DB5)
[Address] EAT @explorer.exe (MsiSourceListSetInfoA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C80F8)
[Address] EAT @explorer.exe (MsiSourceListSetInfoW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C2FAB)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D21B9)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1E3D)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D238B)
[Address] EAT @explorer.exe (MsiSummaryInfoPersist) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D2551)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D5906)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D1F2B)
[Address] EAT @explorer.exe (MsiUseFeatureA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C0D83)
[Address] EAT @explorer.exe (MsiUseFeatureExA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743BF9E8)
[Address] EAT @explorer.exe (MsiUseFeatureExW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74314D3A)
[Address] EAT @explorer.exe (MsiUseFeatureW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743C0DA0)
[Address] EAT @explorer.exe (MsiVerifyDiskSpace) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D3863)
[Address] EAT @explorer.exe (MsiVerifyPackageA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743B07AA)
[Address] EAT @explorer.exe (MsiVerifyPackageW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743AF097)
[Address] EAT @explorer.exe (MsiViewClose) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D0BAF)
[Address] EAT @explorer.exe (MsiViewExecute) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D070F)
[Address] EAT @explorer.exe (MsiViewFetch) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D0833)
[Address] EAT @explorer.exe (MsiViewGetColumnInfo) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D0A91)
[Address] EAT @explorer.exe (MsiViewGetErrorA) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D03F1)
[Address] EAT @explorer.exe (MsiViewGetErrorW) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D05CE)
[Address] EAT @explorer.exe (MsiViewModify) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x743D093F)
[Address] EAT @explorer.exe (QueryInstanceCount) : WTSAPI32.dll -> HOOKED (C:\windows\system32\msi.dll @ 0x74312B2A)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320325AS ATA Device +++++
--- User ---
[MBR] 614046c0c6081d43eb4887f31ca0d874
[BSP] e58067dc9dfe83a00a047cdc68f4fff3 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295636 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608536576 | Size: 8108 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04162014_155621.txt >>
RKreport[0]_S_04162014_155552.txt



Report •

Related Solutions

#4
April 16, 2014 at 02:21:49
There were two more RK files posted after cleaning. Not sure if you want to see those. The 2nd post was a short one and the 3rd is long like the first. I didn't see a log file with defogger. Now running Combofix.


Report •

#5
April 16, 2014 at 02:40:13
ComboFix 14-04-12.01 - Indy 04/16/2014 16:28:01.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.2050 [GMT 7:00]
Running from: c:\users\Indy\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-16 to 2014-04-16 )))))))))))))))))))))))))))))))
.
.
2014-04-16 09:36 . 2014-04-16 09:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-16 09:36 . 2014-04-16 09:36 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-04-16 09:36 . 2014-04-16 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-15 11:09 . 2014-04-15 11:09 -------- d-----w- c:\users\Indy\AppData\Local\twitter
2014-04-15 11:06 . 2014-04-15 11:06 -------- d-----w- c:\program files\Twitter
2014-04-10 15:16 . 2014-04-10 15:32 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-10 15:16 . 2014-04-10 15:32 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-09 10:27 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 08:29 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 08:29 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 08:29 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 08:29 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 08:29 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-01 15:26 . 2014-04-01 15:27 -------- d-----w- c:\users\Indy\AppData\Roaming\TrueCrypt
2014-04-01 09:48 . 2014-04-01 09:48 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-04-01 09:48 . 2014-04-01 09:48 -------- d-----w- c:\program files\TrueCrypt
2014-03-25 12:39 . 2014-03-25 12:39 126976 ----a-r- c:\users\Indy\AppData\Roaming\Microsoft\Installer\{69967F97-E880-44B9-8383-5278BBC8809B}\ARPPRODUCTICON.exe
2014-03-25 12:39 . 2014-03-25 12:39 126976 ----a-r- c:\users\Indy\AppData\Roaming\Microsoft\Installer\{69967F97-E880-44B9-8383-5278BBC8809B}\Adobe_Playpanel.ex_33150184BB80439A9CEA48D662560D96.exe
2014-03-25 12:39 . 2014-03-25 12:39 126976 ----a-r- c:\users\Indy\AppData\Roaming\Microsoft\Installer\{69967F97-E880-44B9-8383-5278BBC8809B}\Adobe_Playpanel.ex_1E7E95B53A024F3695AE7B9EB4A54E1D.exe
2014-03-24 18:33 . 2014-03-24 18:33 -------- d-----w- c:\users\Indy\AppData\Roaming\com.bwsf.DragonAgeLegends
2014-03-24 18:19 . 2014-03-24 18:20 -------- d-----w- c:\program files\BioWare
2014-03-19 23:40 . 2014-03-20 05:36 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-03 02:01 . 2013-06-18 09:15 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2014-04-03 02:01 . 2013-06-18 09:15 363504 ----a-w- c:\windows\system32\guard32.dll
2014-03-25 19:22 . 2013-06-18 09:16 92656 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-03-25 19:22 . 2013-06-18 09:16 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-03-25 19:22 . 2013-06-18 09:16 607168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2014-03-25 19:22 . 2013-06-18 09:16 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-03-25 19:22 . 2013-06-18 09:15 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-03-25 19:22 . 2013-06-18 09:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2014-03-01 04:10 . 2014-03-17 00:07 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52 . 2014-03-17 00:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51 . 2014-03-17 00:07 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38 . 2014-03-17 00:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38 . 2014-03-17 00:07 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37 . 2014-03-17 00:07 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31 . 2014-03-17 00:07 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14 . 2014-03-17 00:07 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00 . 2014-03-17 00:07 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32 . 2014-03-17 00:07 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07 . 2014-03-12 09:59 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-12 09:59 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 09:59 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06 . 2014-03-12 19:01 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07 . 2014-03-12 09:59 185344 ----a-w- c:\windows\system32\wwansvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 20:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 15:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2009-11-11 09:17 771360 ----a-w- c:\program files\AirPort\APAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 14:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 10:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-09-11 03:09 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-08-29 00:23 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 11:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 09:48 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-08-16 02:07 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 06:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 06:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 01:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-08-12 00:09 1324384 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-08-04 01:17 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]
2009-08-07 01:05 611672 ----a-w- c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-21 17:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoxOx]
2013-02-15 00:48 8720384 ----a-w- c:\program files\VoxOx\VoxOx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 ALSysIO;ALSysIO;c:\users\Indy\AppData\Local\Temp\ALSysIO.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-14 1343400]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2014-03-25 20072]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2014-03-25 607168]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2014-03-25 43728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024]
S2 SpotfluxUpdateService;Spotflux Update Service;c:\program files\Spotflux\services\SpotfluxUpdateService.exe [2013-11-25 28160]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys [2013-05-28 33728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10 15:32]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165395240-540117260-740471157-1000Core.job
- c:\users\Indy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07 13:31]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165395240-540117260-740471157-1000UA.job
- c:\users\Indy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.244.0.3 209.244.0.4
TCP: Interfaces\{DDEB6388-A067-4BC4-BCE4-FD02039AADFE}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\
FF - prefs.js: browser.startup.homepage - google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(596)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(4072)
c:\windows\system32\guard32.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\MsftEdit.dll
.
Completion time: 2014-04-16 16:38:58
ComboFix-quarantined-files.txt 2014-04-16 09:38
ComboFix2.txt 2013-12-16 07:07
ComboFix3.txt 2013-10-28 08:02
ComboFix4.txt 2013-09-03 04:40
ComboFix5.txt 2014-04-16 09:26
.
Pre-Run: 209,053,626,368 bytes free
Post-Run: 209,028,374,528 bytes free
.
- - End Of File - - 5D6562617B1B09A3AE741F00003FBE15
5B5E648D12FCADC244C1EC30318E1EB9

Report •

#6
April 16, 2014 at 02:51:58
The plan will be to run Junkware Removal Tool next and the Wise programs. First I'll wait to see if someone has a chance to review the above. After that... re-run ESET. Thx

message edited by Bangkokindy


Report •

#7
April 16, 2014 at 03:32:36
" First I'll wait to see if someone has a chance to review the above"
Just going through them now, I helped you last year.

After you Have run Junkware, Wise, rerun ESET & posted logs. Run OTL please.

Download OTL, save & run from your Desktop.
http://oldtimer.geekstogo.com/OTL.exe
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
1: When the window appears, underneath Output at the top, make sure Standard output is selected.
2: Select Scan all users
3: Change Drivers to All
4: Under the Extra Registry section, check Use SafeList
5: In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
6: Click Run Scan and let the program run uninterrupted.
Screenshots ( SS ) of 1 - 6
http://i.imgur.com/rvTDUlL.gif
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Upload the logs using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the links please.

Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

Free file sharing sites come & go, if Imgur.com & load.to are too busy ( or not working ) here are others to try.
free file upload no account needed
http://is.gd/ije9W6
http://www.zippyshare.com/
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.sendspace.com/
http://www.megafileupload.com/

message edited by Johnw


Report •

#8
April 16, 2014 at 03:54:25
I ran JRT but forgot to close out SRWARE IRON first. Not sure if it made a difference. Can re-run if you want.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Indy on Wed 04/16/2014 at 17:42:37.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Indy\AppData\Roaming\mozilla\firefox\profiles\976omnfo.default\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at 17:52:16.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#9
April 16, 2014 at 08:01:44
I ran the Wise programs and ran ESET and it found nothing. Now will run OTL.

Report •

#10
April 16, 2014 at 08:20:26
OTL #1

OTL logfile created on: 4/16/2014 10:03:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Indy\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 29.83% Memory free
6.86 Gb Paging File | 4.61 Gb Available in Paging File | 67.18% Paging File free
Paging file location(s): c:\pagefile.sys 4218 6058 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 194.92 Gb Free Space | 67.52% Space Free | Partition Type: NTFS

Computer Name: INDYSHIBA | User Name: Indy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/04/16 22:03:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Indy\Downloads\OTL.exe
PRC - [2014/03/29 09:43:24 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/26 02:22:38 | 005,302,384 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2014/03/26 02:22:14 | 007,555,288 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe
PRC - [2014/03/26 02:22:14 | 001,864,408 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2014/03/26 02:22:14 | 001,225,944 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
PRC - [2014/03/20 06:40:10 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/29 18:03:16 | 000,833,536 | ---- | M] (SRWare) -- C:\Program Files\SRWare Iron\iron.exe
PRC - [2013/11/26 03:37:50 | 000,028,160 | ---- | M] (Microsoft) -- C:\Program Files\Spotflux\services\SpotfluxUpdateService.exe
PRC - [2013/08/02 07:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/02/07 12:35:46 | 000,546,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2012/11/23 09:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/07 14:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/08/22 00:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/12 07:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/11 10:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/07/30 14:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 14:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/29 11:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 05:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/14 06:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/04/10 22:16:05 | 016,351,920 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_182.dll
MOD - [2014/03/29 09:43:23 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/20 06:40:12 | 003,018,864 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2014/03/20 06:40:12 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/03/20 06:40:12 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013/11/18 21:30:22 | 000,102,912 | ---- | M] () -- C:\Program Files\SRWare Iron\libEGL.dll
MOD - [2013/11/18 21:20:34 | 000,880,128 | ---- | M] () -- C:\Program Files\SRWare Iron\libGLESv2.dll
MOD - [2013/11/18 20:42:22 | 000,873,472 | ---- | M] () -- C:\Program Files\SRWare Iron\ffmpegsumo.dll
MOD - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2014/04/10 22:32:54 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/29 09:43:23 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/26 02:22:38 | 005,302,384 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2014/03/26 02:22:15 | 001,663,192 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2014/03/01 10:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/26 03:37:50 | 000,028,160 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Spotflux\services\SpotfluxUpdateService.exe -- (SpotfluxUpdateService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 11:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/15 01:43:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/07 14:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/22 00:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/18 01:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/12 07:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/11 10:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/07 08:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/04 08:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 14:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/29 05:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 08:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


Report •

#11
April 16, 2014 at 08:21:17
OTL #2


[color=#E56717]========== Driver Services (All) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2014/04/01 16:48:47 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2014/03/26 02:22:48 | 000,092,656 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2014/03/26 02:22:48 | 000,043,728 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2014/03/26 02:22:47 | 000,607,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2014/03/26 02:22:47 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2014/02/04 09:07:50 | 000,234,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2014/01/24 09:18:22 | 001,212,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2013/11/27 08:14:25 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2013/11/27 08:13:44 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2013/11/27 08:13:41 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2013/11/27 08:13:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2013/11/27 08:13:36 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2013/09/25 09:01:08 | 000,136,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2013/09/25 09:01:06 | 000,067,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2013/09/14 07:48:58 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2013/09/08 09:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2013/09/08 09:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2013/08/01 18:03:36 | 000,729,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2013/07/12 17:08:19 | 000,146,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo)
DRV - [2013/07/12 17:07:54 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2013/07/04 19:16:47 | 000,369,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV - [2013/07/04 16:48:52 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2013/07/03 11:02:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2013/06/26 05:56:40 | 000,527,064 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2013/06/15 10:38:43 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2013/05/29 06:12:28 | 000,033,728 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapSF0901.sys -- (tapSF0901)
DRV - [2013/01/24 11:47:07 | 000,196,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV - [2012/10/03 22:21:38 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2012/08/23 21:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 21:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/23 00:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2012/08/21 13:01:22 | 000,026,840 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/07/26 09:33:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2012/07/26 09:32:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2012/04/28 10:17:07 | 000,183,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/03/17 14:27:18 | 000,056,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/03/01 12:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2012/02/17 11:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2011/07/09 09:30:00 | 000,223,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/06/10 06:34:52 | 000,394,856 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2011/04/29 09:46:33 | 000,311,808 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011/04/29 09:46:15 | 000,310,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/29 09:46:10 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/27 09:17:28 | 000,096,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/27 09:17:22 | 000,123,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/03/11 12:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/11 12:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/11 12:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/11 12:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/11 12:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV - [2011/03/11 11:01:12 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2011/02/23 11:47:33 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2010/11/20 19:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2010/11/20 19:30:16 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2010/11/20 19:30:14 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/20 19:30:12 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2010/11/20 19:30:10 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/20 19:30:10 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2010/11/20 19:30:06 | 000,153,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2010/11/20 19:30:04 | 000,116,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2010/11/20 19:30:01 | 000,130,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2010/11/20 19:30:01 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2010/11/20 19:30:00 | 000,078,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2010/11/20 19:29:53 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/20 19:29:15 | 000,274,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2010/11/20 17:22:19 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2010/11/20 17:21:10 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2010/11/20 17:07:50 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2010/11/20 17:07:45 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2010/11/20 17:07:45 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2010/11/20 17:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/11/20 17:06:41 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2010/11/20 17:06:36 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2010/11/20 17:01:12 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/20 17:00:24 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2010/11/20 17:00:21 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2010/11/20 16:59:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2010/11/20 16:59:29 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2010/11/20 16:50:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2010/11/20 16:50:21 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/20 16:50:10 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2010/11/20 16:29:49 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appid.sys -- (AppID)
DRV - [2010/11/20 16:24:56 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/20 16:19:15 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2010/11/20 15:47:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/11/20 15:44:05 | 000,242,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2010/11/20 15:42:32 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2010/11/20 15:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/11/20 15:40:21 | 000,513,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/11/20 15:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2010/11/20 15:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/11/20 15:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/07/31 07:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/31 03:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/29 12:02:42 | 002,735,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/07/25 06:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/21 08:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/15 06:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 08:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2009/07/14 08:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2009/07/14 08:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/14 08:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2009/07/14 08:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 08:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 08:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2009/07/14 08:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2009/07/14 08:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2009/07/14 08:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2009/07/14 08:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2009/07/14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2009/07/14 08:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009/07/14 08:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/14 08:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/07/14 08:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/07/14 08:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2009/07/14 08:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/07/14 08:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 08:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2009/07/14 08:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/07/14 08:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2009/07/14 08:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 08:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 08:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 08:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 08:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 08:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2009/07/14 08:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009/07/14 08:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2009/07/14 08:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2009/07/14 08:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2009/07/14 08:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2009/07/14 08:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/07/14 08:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 08:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 08:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009/07/14 08:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV - [2009/07/14 08:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 08:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/14 08:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (Disk)
DRV - [2009/07/14 08:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/14 08:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 08:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2009/07/14 08:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/14 08:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2009/07/14 08:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2009/07/14 08:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 08:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/14 08:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2009/07/14 08:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2009/07/14 08:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 08:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 08:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 08:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2009/07/14 08:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stexstor.sys -- (stexstor)
DRV - [2009/07/14 08:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2009/07/14 08:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2009/07/14 08:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009/07/14 07:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid)
DRV - [2009/07/14 07:41:26 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bridge.sys -- (BridgeMP)
DRV - [2009/07/14 07:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2009/07/14 07:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 07:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/14 07:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 07:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 07:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 07:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009/07/14 06:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009/07/14 06:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/14 06:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn)
DRV - [2009/07/14 06:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/07/14 06:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/07/14 06:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2009/07/14 06:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009/07/14 06:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009/07/14 06:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2009/07/14 06:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009/07/14 06:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009/07/14 06:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)


Report •

#12
April 16, 2014 at 08:21:53
OTL #3

DRV - [2009/07/14 06:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009/07/14 06:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009/07/14 06:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009/07/14 06:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 06:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/07/14 06:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009/07/14 06:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009/07/14 06:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009/07/14 06:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009/07/14 06:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 06:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 06:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 06:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/14 06:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 06:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/14 06:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2009/07/14 06:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2009/07/14 06:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/07/14 06:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2009/07/14 06:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 06:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2009/07/14 06:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009/07/14 06:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 06:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2009/07/14 06:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2009/07/14 06:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009/07/14 06:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2009/07/14 06:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2009/07/14 06:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2009/07/14 06:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2009/07/14 06:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 06:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2009/07/14 06:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2009/07/14 06:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2009/07/14 06:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2009/07/14 06:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/07/14 06:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009/07/14 06:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/07/14 06:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/07/14 06:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009/07/14 06:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009/07/14 06:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/14 06:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009/07/14 06:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 06:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/14 06:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2009/07/14 06:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2009/07/14 06:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2009/07/14 06:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/14 06:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2009/07/14 06:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009/07/14 06:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/07/14 06:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/07/14 06:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009/07/14 06:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/07/14 06:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009/07/14 06:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/07/14 06:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/14 06:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\null.sys -- (Null)
DRV - [2009/07/14 06:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2009/07/14 06:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/07/14 06:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2009/07/14 06:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 06:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2009/07/14 05:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 05:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 05:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 05:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 05:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 05:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 05:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 05:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 05:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 05:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/14 05:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 04:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2009/07/14 03:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/07/09 03:00:00 | 000,045,200 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2009/07/07 23:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/20 10:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 15:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)


Report •

#13
April 16, 2014 at 08:22:33
OTL #4

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searc...
IE - HKLM\..\SearchScopes\{0EF3D5EE-B833-43EC-8265-E0B5C71D50AB}: "URL" = http://www.google.com/search?source...


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-165395240-540117260-740471157-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-165395240-540117260-740471157-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-165395240-540117260-740471157-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 DF 1B 31 25 48 CF 01 [binary data]
IE - HKU\S-1-5-21-165395240-540117260-740471157-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-165395240-540117260-740471157-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searc...
IE - HKU\S-1-5-21-165395240-540117260-740471157-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-165395240-540117260-740471157-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.14.755
FF - prefs.js..extensions.enabledAddons: %7B01A8CA0A-4C96-465b-A49B-65C46FAD54F9%7D:6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Indy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Indy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Indy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Indy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013/05/14 10:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/29 09:43:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/29 09:43:06 | 000,000,000 | ---D | M]

[2013/02/16 00:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Indy\AppData\Roaming\Mozilla\Extensions
[2014/04/10 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\extensions
[2013/04/27 23:20:33 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/07/03 06:08:44 | 000,345,379 | ---- | M] () (No name found) -- C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2014/04/10 15:35:28 | 000,872,680 | ---- | M] () (No name found) -- C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
[2014/02/26 15:33:38 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/29 09:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/29 09:43:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/14 10:07:30 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={...
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?o...
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\Indy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Disabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U51 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Indy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Disabled) = C:\Users\Indy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\Indy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Disabled) = C:\Users\Indy\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2013/09/09 17:50:58 | 000,000,055 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-165395240-540117260-740471157-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-165395240-540117260-740471157-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-165395240-540117260-740471157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pu... (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/... (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/ji... (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/ji... (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/ji... (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8850A270-1B5C-4DB7-B86C-E9F82F92368F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDEB6388-A067-4BC4-BCE4-FD02039AADFE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDEB6388-A067-4BC4-BCE4-FD02039AADFE}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4001626-C772-4588-9410-C88929402B50}: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Report •

#14
April 16, 2014 at 08:23:17
OTL #5

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/04/16 16:39:02 | 000,000,000 | ---D | C] -- C:\windows\temp
[2014/04/16 16:38:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/04/16 15:52:30 | 000,000,000 | ---D | C] -- C:\Users\Indy\Desktop\RK_Quarantine
[2014/04/15 18:09:32 | 000,000,000 | ---D | C] -- C:\Users\Indy\AppData\Local\twitter
[2014/04/15 18:06:42 | 000,000,000 | ---D | C] -- C:\Users\Indy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck
[2014/04/15 18:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Twitter
[2014/04/10 22:29:16 | 000,000,000 | ---D | C] -- C:\Users\Indy\Documents\Main Files
[2014/04/10 22:16:05 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2014/04/10 22:16:05 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2014/04/09 17:27:07 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014/04/09 15:29:33 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2014/04/09 15:29:33 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2014/04/09 15:29:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iologmsg.dll
[2014/04/01 22:26:28 | 000,000,000 | ---D | C] -- C:\Users\Indy\AppData\Roaming\TrueCrypt
[2014/04/01 16:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2014/04/01 16:48:47 | 000,231,760 | ---- | C] (TrueCrypt Foundation) -- C:\windows\System32\drivers\truecrypt.sys
[2014/04/01 16:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2014/03/29 09:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/28 09:37:13 | 000,000,000 | ---D | C] -- C:\Users\Indy\Desktop\ADM 540
[2014/03/25 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\Indy\Documents\Dragon Age Legends
[2014/03/25 01:33:03 | 000,000,000 | ---D | C] -- C:\Users\Indy\AppData\Roaming\com.bwsf.DragonAgeLegends
[2014/03/25 01:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioWare
[2014/03/25 01:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\BioWare
[2014/03/20 06:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/04/16 22:11:03 | 001,474,832 | ---- | M] () -- C:\windows\System32\drivers\sfi.dat
[2014/04/16 21:35:39 | 000,662,634 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014/04/16 21:35:39 | 000,122,470 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014/04/16 21:33:07 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-165395240-540117260-740471157-1000UA.job
[2014/04/16 21:31:49 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/16 18:15:01 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2014/04/16 18:08:51 | 000,015,792 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/16 18:08:51 | 000,015,792 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/16 18:01:34 | 003,775,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2014/04/16 18:01:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/16 18:01:06 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/16 12:33:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-165395240-540117260-740471157-1000Core.job
[2014/04/15 18:06:43 | 000,002,064 | ---- | M] () -- C:\Users\Indy\Desktop\TweetDeck.lnk
[2014/04/10 22:32:53 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2014/04/10 22:32:53 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2014/04/03 22:28:46 | 000,003,052 | ---- | M] () -- C:\windows\System32\drivers\fvstore.dat
[2014/04/03 21:11:41 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2014/04/03 09:01:58 | 000,036,000 | ---- | M] (COMODO) -- C:\windows\System32\cmdcsr.dll
[2014/04/03 09:01:31 | 000,363,504 | ---- | M] (COMODO) -- C:\windows\System32\guard32.dll
[2014/04/01 16:49:03 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2014/04/01 16:48:47 | 000,231,760 | ---- | M] (TrueCrypt Foundation) -- C:\windows\System32\drivers\truecrypt.sys
[2014/03/31 07:13:30 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014/03/28 09:24:44 | 000,002,231 | ---- | M] () -- C:\Users\Indy\Desktop\Kindle.lnk
[2014/03/26 02:22:48 | 000,092,656 | ---- | M] (COMODO) -- C:\windows\System32\drivers\inspect.sys
[2014/03/26 02:22:48 | 000,043,728 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmdhlp.sys
[2014/03/26 02:22:47 | 000,607,168 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmdguard.sys
[2014/03/26 02:22:47 | 000,020,072 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmderd.sys
[2014/03/26 02:22:25 | 000,284,888 | ---- | M] (COMODO) -- C:\windows\System32\cmdvrt32.dll
[2014/03/26 02:22:23 | 000,040,664 | ---- | M] (COMODO) -- C:\windows\System32\cmdkbd32.dll
[2014/03/25 01:21:00 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age Legends.lnk
[2014/03/24 21:08:34 | 000,004,026 | ---- | M] () -- C:\Users\Indy\Desktop\index.html
[2014/03/24 19:17:22 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
[2014/03/21 21:34:32 | 000,000,863 | ---- | M] () -- C:\Users\Indy\Desktop\µTorrent.lnk
[2014/03/21 21:34:32 | 000,000,843 | ---- | M] () -- C:\Users\Indy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/03/21 18:05:00 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/20 12:36:05 | 000,002,023 | ---- | M] () -- C:\Users\Indy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/03/19 05:51:57 | 000,136,058 | ---- | M] () -- C:\Users\Indy\Documents\f1040ez.pdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/04/16 18:01:07 | 003,775,128 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2014/04/15 18:06:43 | 000,002,064 | ---- | C] () -- C:\Users\Indy\Desktop\TweetDeck.lnk
[2014/04/10 22:16:09 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/01 16:49:03 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2014/03/25 01:21:00 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age Legends.lnk
[2014/03/24 21:08:34 | 000,004,026 | ---- | C] () -- C:\Users\Indy\Desktop\index.html
[2014/03/23 05:40:20 | 000,079,081 | ---- | C] () -- C:\Users\Indy\Documents\chk_org_studies.pdf
[2014/03/23 05:40:17 | 000,143,592 | ---- | C] () -- C:\Users\Indy\Documents\2011AppealRequestform.pdf
[2014/03/21 21:34:32 | 000,000,863 | ---- | C] () -- C:\Users\Indy\Desktop\µTorrent.lnk
[2014/03/19 05:51:54 | 000,136,058 | ---- | C] () -- C:\Users\Indy\Documents\f1040ez.pdf
[2013/11/19 15:43:39 | 000,686,026 | ---- | C] () -- C:\Users\Indy\IRS pg 2 001.tif
[2013/11/19 15:43:32 | 000,692,948 | ---- | C] () -- C:\Users\Indy\IRS pg 1 001.tif
[2013/11/19 14:48:42 | 000,001,456 | ---- | C] () -- C:\Users\Indy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/09/25 21:24:22 | 000,003,052 | ---- | C] () -- C:\windows\System32\drivers\fvstore.dat
[2013/09/09 17:52:09 | 002,260,437 | ---- | C] () -- C:\Users\Indy\sports echo 002.psd
[2013/09/09 17:51:44 | 000,232,144 | ---- | C] () -- C:\Users\Indy\sports echo 002.jpg
[2013/09/09 17:25:51 | 000,809,727 | ---- | C] () -- C:\Users\Indy\sports echo 001.jpg
[2013/09/03 20:27:01 | 001,474,832 | ---- | C] () -- C:\windows\System32\drivers\sfi.dat
[2013/09/03 11:23:52 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/09/03 11:23:52 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/09/03 11:23:52 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/09/03 11:23:52 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/09/03 11:23:52 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/08/20 15:52:47 | 000,454,719 | ---- | C] () -- C:\Users\Indy\Funding Request Form db.pdf
[2013/05/18 01:55:17 | 000,015,179 | ---- | C] () -- C:\Users\Indy\SSR_TSRPT.pdf
[2013/04/28 21:17:44 | 000,000,000 | ---- | C] () -- C:\Users\Indy\defogger_reenable
[2013/04/26 10:08:29 | 000,645,632 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2013/04/26 10:08:29 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2013/04/12 22:06:44 | 000,006,144 | ---- | C] () -- C:\Users\Indy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/17 22:04:59 | 000,007,606 | ---- | C] () -- C:\Users\Indy\AppData\Local\Resmon.ResmonCfg
[2013/02/15 14:45:38 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2013/02/15 14:26:37 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2013/02/15 14:26:37 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2013/02/15 14:22:29 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2013/02/14 23:50:44 | 000,000,016 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 08:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2014/04/16 04:22:16 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\.spotflux
[2013/12/09 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\.Torrent Stream
[2013/04/13 00:03:27 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Audacity
[2014/01/24 14:13:26 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Barnes & Noble
[2013/09/06 15:55:11 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Canon
[2014/03/25 01:33:29 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\com.bwsf.DragonAgeLegends
[2013/07/30 07:48:04 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\DonationCoder
[2013/04/17 19:23:21 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Opera
[2013/09/07 16:24:36 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Oracle
[2013/08/02 20:15:00 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Process Hacker 2
[2013/02/25 12:49:57 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Sling Media
[2013/04/27 23:33:28 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Spotflux
[2013/08/03 20:43:14 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\StreamTorrent
[2013/05/15 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Thai2English
[2013/02/19 18:34:59 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Thunderbird
[2013/11/01 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\toshiba
[2014/04/01 22:27:58 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\TrueCrypt
[2014/03/23 04:16:27 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\uTorrent
[2014/01/15 17:59:05 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\VoxOx2
[2013/02/14 23:50:23 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\WinBatch
[2014/04/16 17:59:48 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Wise Disk Cleaner
[2013/10/28 16:49:10 | 000,000,000 | ---D | M] -- C:\Users\Indy\AppData\Roaming\Wise Registry Cleaner

[color=#E56717]========== Purity Check ==========[/color]

< End of report >


Report •

#15
April 16, 2014 at 08:24:03
Extras OTL #1

OTL Extras logfile created on: 4/16/2014 10:03:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Indy\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 29.83% Memory free
6.86 Gb Paging File | 4.61 Gb Available in Paging File | 67.18% Paging File free
Paging file location(s): c:\pagefile.sys 4218 6058 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 194.92 Gb Free Space | 67.52% Space Free | Partition Type: NTFS

Computer Name: INDYSHIBA | User Name: Indy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

[HKEY_USERS\S-1-5-21-165395240-540117260-740471157-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTM] -- C:\Program Files\SRWare Iron\iron.exe (SRWare)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]


Report •

#16
April 16, 2014 at 08:24:52
Extras OTL #2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ACD061-67A5-447C-BDF0-160EB8759C08}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{029C78D4-8D6A-4867-8666-29CC56AA2410}" = lport=5001 | protocol=6 | dir=in | name=sling |
"{04DAAB8B-4434-4DFB-8063-9CF9795CC720}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1448B532-4657-4048-A1BF-E686B00241C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14782C9D-6451-4E22-A0F3-AF89A1A4F275}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1F5E410A-3038-429D-B6A8-9B82693DC8B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{208F2980-C09F-478E-893F-701A1B2BFC79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C6CF868-D9B2-47AD-9855-FDE8723C1CCF}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D335439-272E-45FA-833A-09BBFC7BDF5C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{42E8D8D9-4580-4003-9C39-AA2E6CF5B154}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F984E7C-294E-4F0D-A5F5-2EEA32C03869}" = rport=445 | protocol=6 | dir=out | app=system |
"{55FF3A7C-FC27-40CE-9F31-4D294CC849C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{611160B2-BFC3-4550-998C-0491751E8ECD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{638CDE4E-6F09-4F30-97B0-BCBA9521F96A}" = lport=137 | protocol=17 | dir=in | app=system |
"{6AA5AC83-37DF-4F14-9AA8-F6D782BD1DFD}" = lport=138 | protocol=17 | dir=in | app=system |
"{78194178-2A27-4CD7-8DD4-A39CB1D326E2}" = rport=139 | protocol=6 | dir=out | app=system |
"{83AF20A9-37C0-43F3-BFEF-02C098EFE11B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85BAF7F6-06B0-4FBD-A581-43850C94AD3C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{86805E1C-06B5-43D0-B0B7-F8ABB070576B}" = lport=139 | protocol=6 | dir=in | app=system |
"{935C6B62-11B9-451C-A81F-3A10591BCD40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D8F0EAF-ABB3-46D7-88B5-F95FDE3EF97D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AAFDA30A-A414-4026-B2BE-55E7EE13CBC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B99CFA43-69C9-4FD7-B3D4-614F9EF98152}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9C90BE7-455F-4C2B-8AAA-41EEE4D9A4B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBD00433-E529-405B-9587-CADF80FDB4F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC224135-EE21-4477-8037-A2C68E20B094}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE19FC5D-B007-4264-9073-00EB77D5AB83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9342CC4-E881-4A82-8E1C-76D9B111C84A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DABE9B98-2934-45F0-B1D4-6F21CF4B00A7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD5C647E-3374-476A-9934-57BCD9E7D1F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E2979FA1-579A-4374-9460-C272FF542C9C}" = rport=137 | protocol=17 | dir=out | app=system |
"{F190261B-44F3-4578-B6CE-31276AD51AA6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F465571E-17DB-45AA-BA3E-108021C57CA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0187A5DA-329E-4C19-839C-A63A3BB24B4C}" = dir=in | app=c:\users\indy\appdata\local\microsoft\skydrive\skydrive.exe |
"{0E37C0E7-FABF-44B9-A631-2BA81F0B888D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E967466-1415-4E7E-8F23-2D2087CEF22F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{12B14E0A-5161-4128-B09D-1D410CF7FA4A}" = protocol=17 | dir=in | app=c:\users\indy\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1A7B9E74-D887-459C-A75B-0FAB1B941DB2}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{1E3AA42A-872D-40C4-A37B-FA31838263F1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1FF59C12-E621-40BE-A298-BC4B56719EB0}" = protocol=17 | dir=in | app=c:\users\indy\appdata\roaming\utorrent\utorrent.exe |
"{232094A8-3F40-41AC-B1D2-A5E3A5E80BFE}" = dir=in | app=c:\program files\airport\apagent.exe |
"{2E5CF4A0-CCCD-420A-920B-64C3BB019A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C59699A-90C7-4BFF-B21E-F9BE4BECEFDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F3EF61E-9162-4030-9D56-310B3A0C6DC4}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{438531CE-ABC4-4934-9F79-640FCF7FA448}" = protocol=6 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |
"{4809AB88-D291-4735-9E2D-1793CF05C835}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4A71D456-917F-40D4-B321-030BEBDFAE08}" = protocol=6 | dir=out | app=system |
"{4B83C533-306C-48A7-A2F2-69A01BE8A9DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51589E00-6F05-4DE1-9950-5E3FC394CEDE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{54CCBD42-2531-4A0D-86DB-2CD561317B2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5878F867-9D35-452C-9036-DCFF375F3D31}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A44AE74-5A87-4435-B7A5-E7BBF73AA490}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5EF216F6-4A36-410B-9E94-0A92694A4D01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{62A5D4A2-4120-4E79-B0B7-769A5A5061E6}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{6B3A14A7-A7D6-45FA-88C8-392E4BFB968D}" = protocol=17 | dir=in | app=c:\program files\sling media\slingagent\slingagentservice.exe |
"{751DFAEE-1D29-41C2-9F68-9D62FA85CC2D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{76AF1F04-E2C1-4835-95D9-C8C8731968A1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{79B78324-A7AB-4861-943F-FE3300D8EF63}" = protocol=6 | dir=in | app=c:\users\indy\appdata\roaming\utorrent\utorrent.exe |
"{7A126EB5-9307-4C86-81EB-FAC275E43A48}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{7DFC42BF-3F2F-4A76-8523-C51DC9B764F0}" = protocol=17 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |
"{8214D2DF-34D4-4F72-8B5D-454774DC6AFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BFA485F-07DE-44A0-A1D9-4E11ECC21097}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{8D2BCE58-7BE7-4848-8CD0-8FB15644FA5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E5A2897-33A3-471D-A7A0-51E85C94D288}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90369860-F834-493F-AE9B-AA4BF6E3C683}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{93CFB27F-3C5F-47AA-AF92-03602B370F43}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9806A1FC-269E-493F-A644-1568A6B19199}" = protocol=6 | dir=in | app=c:\program files\sling media\slingagent\slingagentservice.exe |
"{A3D2D7EB-7420-4E62-A831-FE53235BFAC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4854041-70C8-4C3F-B0C9-0E7D896E570E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC359376-8569-41C5-972D-EBDBD14A234F}" = protocol=17 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |
"{B21CD8E6-779F-4815-93EE-AE21E909DC54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2806760-4872-44DF-A33C-A5E39883A9FF}" = protocol=17 | dir=in | app=c:\program files\sling media\slingagent\slingagentservice.exe |
"{C2923C45-3015-44CA-BD1B-3136BC4F5D85}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C58BE0C2-6C57-442B-A7D4-B0E80A7F1C62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA658D09-4DD3-408B-AC2E-0015183682B3}" = protocol=17 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |
"{CD5DB91C-866A-4E66-87D7-6761D8AA7A95}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D0294D54-6A17-4E5E-95F7-A5C88D859BCB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6E260E7-5065-4353-975A-0060C91D4724}" = protocol=6 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |
"{DA2A98C3-A931-4B99-A5EE-B6A919700463}" = protocol=6 | dir=in | app=c:\program files\sling media\slingagent\slingagentservice.exe |
"{DBCF8D27-90A7-485E-B57B-00991485F4E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DEC543EC-59A2-45D2-BBC8-B138BB52F388}" = protocol=6 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |
"{E156F8E0-44AD-422B-B6AD-ADDFC234474C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4BDA734-B421-4F70-9DDA-1A0D59A6EE7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EAFBD15C-9663-4401-AE46-38FE4A3198F4}" = protocol=6 | dir=in | app=c:\users\indy\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F4BEE36D-422C-4D0E-B16F-F463FF907825}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{065BB860-68D5-4C63-B86E-462BFE74E845}C:\program files\voxox\voxox.exe" = protocol=6 | dir=in | app=c:\program files\voxox\voxox.exe |
"TCP Query User{27AFB267-8396-4DE5-BAB4-92EC0ABB8DE8}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{91C9901A-4D9A-4E06-BE72-10E5FA475C36}C:\program files\voxox\voxox.exe" = protocol=6 | dir=in | app=c:\program files\voxox\voxox.exe |
"TCP Query User{C5C7992E-A33D-4DE4-8689-D32551AE8359}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{1C115A42-3C26-4C47-A039-1B5000DD113F}C:\program files\voxox\voxox.exe" = protocol=17 | dir=in | app=c:\program files\voxox\voxox.exe |
"UDP Query User{519E621E-9357-4A85-B840-8084F9B0112E}C:\program files\voxox\voxox.exe" = protocol=17 | dir=in | app=c:\program files\voxox\voxox.exe |
"UDP Query User{C7D3F8CA-D277-4280-A8E2-18D698073951}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{C98CD043-BA2A-4E0F-818C-FC3225AB3CF1}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |


Report •

#17
April 16, 2014 at 08:25:34
Extras OTL #3

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{44BD21C2-9132-48DB-B65B-23817E4C6F4B}" = Snagit 11
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69967F97-E880-44B9-8383-5278BBC8809B}" = Adobe Playpanel
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81955A9C-7132-C4E0-DCAC-723CE4068BB7}" = Dragon Age Legends
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Internet Security Premium
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C4ADB67B-C908-4D94-B85E-585D2F3F9118}" = TweetDeck
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version SRWare Iron 31.0.1700.0


Report •

#18
April 16, 2014 at 08:26:14
Extras OTL #4

"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 3.0" = Adobe Digital Editions 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Audacity_is1" = Audacity 2.0.3
"BN_DesktopReader" = NOOK for PC
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.bwsf.DragonAgeLegends" = Dragon Age Legends
"DivX Setup" = DivX Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Capture" = FastStone Capture 7.5
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GridMove_is1" = GridMove V1.19.62
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"Mozilla Thunderbird 24.4.0 (x86 en-US)" = Mozilla Thunderbird 24.4.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NOOK Study" = NOOK Study
"Process_Hacker2_is1" = Process Hacker 2.33 (r5590)
"Spotflux" = Spotflux
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"Ultravnc2_is1" = UltraVNC 1.0.5
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 2.0.5
"VoxOx" = VoxOx 2.9.1
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 8.06
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 8.03
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-165395240-540117260-740471157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"SkyDriveSetup.exe" = Microsoft SkyDrive
"uTorrent" = µTorrent

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ OSession Events ]
Error - 10/6/2013 3:15:45 AM | Computer Name = Indyshiba | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 298
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/16/2014 7:01:16 AM | Computer Name = Indyshiba | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/16/2014 7:01:16 AM | Computer Name = Indyshiba | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >


Report •

#19
April 16, 2014 at 14:47:21
✔ Best Answer
You are clean.

You can Update & run Malwarebytes if you want to confirm.

What ESET found appears to be old AdwCleaner removals, which had never been deleted from Quarantine.

Example:

"ESET:

C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined"


Report •

#20
April 16, 2014 at 22:19:05
Thanks JohnW I appreciate it. I noticed that as well and wondered why it said that. Thanks for the explanation.

Report •

Ask Question