# Lavasoft Search redirect hijack



## Tartansprite (Feb 22, 2013)

Please help any tech guy/girl,

My computer is infected with the Lavasoft Securesearch/Delta Search Redirect Hijack.

I have deleted all visible and hidden files which relate to Lavasoft ( I believe ) and Lavasoft no longer appears in my search settings. My firewall was being turned off regularly and registry settings attempted to be altered (Spybot S and D alerting me to that)

Unfortunately GMER keeps crashing so I cannot post the log of that one.

I should be Most grateful for any assistance in delivering my computer from this affliction!!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2036 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 320 Mb
Hard Drives: C: Total - 228113 MB, Free - 101274 MB; D: Total - 10239 MB, Free - 6147 MB;
Motherboard: Dell Inc., 0K216C
Antivirus: Kaspersky Internet Security, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:32:50, on 22/02/2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\millymatt\Downloads\HijackThis.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 3482 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.19088
Run by millymatt at 20:56:40 on 2013-02-27
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.44.1033.18.2036.297 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=9D8690EDDF2C1B978CD2A85126B4E0FB
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60195
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6080702
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AddLyrics: {4145006D-47F8-42F2-8186-2225AAFECDD3} - 
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NSeries.PCSync] c:\program files\nokia\nseries pc suite\system utilities\PcSync2.exe /NoDialog
uRun: [Boots Insert Detect] c:\program files\boots f2cd\picture suite\InsDetect.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SearchProtection] c:\programdata\search protection\_run.bat
StartupFolder: c:\users\millym~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7BE2A03A-D429-4EBA-AD07-186B52FAA70D} : DHCPNameServer = 192.168.1.1
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\google\google~2\goec62~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-2-21 13560]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 206448]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-22 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-22 682344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-2-21 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-22 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f1c17e3d4712;Google Update Service (gupdate1c9f1c17e3d4712);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-2 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-27 08:45:13	--------	d-----w-	c:\windows\system32\EventProviders
2013-02-26 08:11:58	6954968	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{70ef4817-1bf8-4a2c-80d3-08f707c0984b}\mpengine.dll
2013-02-22 03:38:03	--------	d-----w-	c:\users\millymatt\appdata\roaming\Malwarebytes
2013-02-22 03:37:21	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-22 03:37:20	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-22 03:37:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-22 02:55:17	--------	d-----w-	c:\program files\CCleaner
2013-02-22 00:05:29	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2013-02-22 00:04:18	--------	d-----w-	c:\users\millymatt\appdata\roaming\LavasoftStatistics
2013-02-21 23:59:54	--------	d-----w-	c:\programdata\Search Protection
2013-02-21 23:59:43	--------	d-----w-	c:\users\millymatt\appdata\roaming\SecureSearch
2013-02-21 23:58:07	--------	d-----w-	c:\programdata\Downloaded Installations
2013-02-21 23:57:12	44424	----a-w-	c:\windows\system32\sbbd.exe
2013-02-21 23:57:12	13560	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-02-21 23:57:11	--------	d-----w-	c:\users\millymatt\appdata\roaming\Ad-Aware Antivirus
2013-02-21 22:31:00	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2013-02-21 18:42:58	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-02-21 18:42:32	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-02-21 18:06:08	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-21 18:04:54	--------	d-----w-	c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-02-21 18:04:45	--------	d-----w-	c:\program files\common files\Wise Installation Wizard
2013-02-21 16:06:42	--------	d-----w-	c:\windows\system32\searchplugins
2013-02-21 16:06:42	--------	d-----w-	c:\windows\system32\Extensions
2013-02-21 16:06:35	--------	d-----w-	c:\programdata\BrowserProtect
2013-02-15 22:31:23	186432	----a-w-	c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-01-17 01:28:58	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-10 15:48:52	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-10 15:48:51	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:59:37.59 ===============

DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 02/07/2008 04:34:30
System Uptime: 27/02/2013 20:28:51 (0 hours ago)
.
Motherboard: Dell Inc. | | 0K216C
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 98.633 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.003 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia N95 8GB
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95 8GB
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6)
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Bonjour
Boots F2CD Picture Suite
Canon MP Navigator EX 1.0
Canon MP610 series
Canon MP610 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CD-LabelPrint
Compatibility Pack for the 2007 Office system
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center
Drug Calculations for Health Professionals
EDocs
Forte Free 2.0
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.11.0
Internet From BT
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Internet Security 2012
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.5
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia Software Launcher
Nokia Software Updater
OpenOffice.org 3.3
PC Connectivity Solution
PHOTOfunSTUDIO -viewer-
PIXMA Extended Survey Program
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Sheet Music Plus Digital Print
SILKYPIX Developer Studio 3.0 SE
Skype Click to Call
Skype 5.10
Spybot - Search & Destroy
Tiscali Internet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.0.1
Wireless Manager
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Software Update
.
==== End Of File ===========================


----------



## Mark1956 (May 7, 2011)

There are a few items remaining including a hijack of your Search page.

This should clean out the hijack and other related files, then we can remove anything that remains.

*SCAN 1*
Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.










*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## Mark1956 (May 7, 2011)

Please also tell me why Vista is not updated to Service Pack 2.


----------



## Tartansprite (Feb 22, 2013)

Thank you so much for your post. I must get to bed now however (plastering ceilings tomorrow) and can sleep easier knowing a likely solution at hand. Will attend to this tomorrow eve.


----------



## Mark1956 (May 7, 2011)

Ok, plastering ceilings, the one job I love to hate. 

Please don't miss my question in post 3.


----------



## Tartansprite (Feb 22, 2013)

p.s I tried updating twice (in last day ) but it failed for some reason and haven't tried it again. I can be slow to update some things and in fact my laptop was running mysteriously slow for long time and I scoured forums seeking advice til I found a note to keep updates updated ! QED!


----------



## Tartansprite (Feb 22, 2013)

pps this problem is desktop!


----------



## Mark1956 (May 7, 2011)

Service Pack 2 for Vista was released a long time ago April 2009 and your install date was July 2008, so there is something wrong or you had Windows Update turned off all that time which leaves your system vulnerable to infection due to the lack of security updates.

We will look into the update issue as we go along, but for now I have added another scan to my earlier post.


----------



## Tartansprite (Feb 22, 2013)

Hi Mark ,

Two problems,
Firstly, I accidentally deleted the log from Adw cleaner because the computer shut down twice (I did not realise I had dwnloaded twice and got mixed up with the screens!

Secondly, Kaspersky tells me that Rogue Killer contains a virus and will not allow me to continue. Hoping all is not lost!!!
Awaiting your best advice! Many thanks.


----------



## Tartansprite (Feb 22, 2013)

ps.. I tried again to upgrade to Vista Service Pack 2 but the installation failed as before...


----------



## Tartansprite (Feb 22, 2013)

pps Took courage after reviewing roguekiller and disabled Kaspersky allowing the following log to be created:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : millymatt [Admin rights]
Mode : Scan -- Date : 02/28/2013 22:12:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


----------



## Mark1956 (May 7, 2011)

I can assure you that any tools you are asked to run are completely safe and free from any infections.

RogueKiller found one suspicious startup entry, very likely related to your problem.

Please run RogueKiller again, once you have completed the scan hit the Delete button, then the Report button and post the log.

For your problem with ADWCleaner it should have saved a copy of the log on your C: drive, it will be listed as ADWCLeaner[S1].txt the number in the brackets may be different, if you ran it more than once please post the log from the first scan you did.


----------



## Tartansprite (Feb 22, 2013)

So here is ADW Cleaner's log and in a minute will rune roguekiller again and post. Thanks so much for your attendance on my troubles!

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 18:54:48
# Updated 23/02/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : millymatt - MILLYMATT-PC
# Boot Mode : Normal
# Running from : C:\Users\millymatt\Downloads\adwcleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\search protection

***** [Registry] *****

Key Deleted : HKCU\Software\5c28fdeb36aed44
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\5c28fdeb36aed44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60195 --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.97

File : C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3480] : urls_to_restore_on_startup = [ "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepag[...]

*************************

AdwCleaner[S1].txt - [4516 octets] - [28/02/2013 18:54:48]

########## EOF - C:\AdwCleaner[S1].txt - [4576 octets] ##########


----------



## Tartansprite (Feb 22, 2013)

So here is ADW Cleaner's log and in a minute will rune roguekiller again and post. Thanks so much for your attendance on my troubles!

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 18:54:48
# Updated 23/02/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : millymatt - MILLYMATT-PC
# Boot Mode : Normal
# Running from : C:\Users\millymatt\Downloads\adwcleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\search protection

***** [Registry] *****

Key Deleted : HKCU\Software\5c28fdeb36aed44
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\5c28fdeb36aed44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60195 --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.97

File : C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3480] : urls_to_restore_on_startup = [ "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepag[...]

*************************

AdwCleaner[S1].txt - [4516 octets] - [28/02/2013 18:54:48]

########## EOF - C:\AdwCleaner[S1].txt - [4576 octets] ##########


----------



## Tartansprite (Feb 22, 2013)

... And here's the roguekiller log

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : millymatt [Admin rights]
Mode : Remove -- Date : 02/28/2013 23:00:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] 8b5b659faa81e45c42691f1b52e1dc96
[BSP] 7d4755e7c820a24a8f2162a6ed0543bc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21100544 | Size: 228114 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_02282013_02d2300.txt >>
RKreport[1]_S_02282013_02d2212.txt ; RKreport[2]_S_02282013_02d2258.txt ; RKreport[3]_D_02282013_02d2300.txt


----------



## Tartansprite (Feb 22, 2013)

ps.. just being nosey Mark, do you get paid for this somehow on this site, or do you also work on other sites for which you do get paid for, or is this an expert hobby of yours or ...??!


----------



## Mark1956 (May 7, 2011)

It's just a hobby as is the case for all the helpers.

How is the system running now, the logs indicate the redirect has been removed.


----------



## Tartansprite (Feb 22, 2013)

ps I still can't install Vista Service Pack 2 but everything else looks good to me and the hijack has indeed been cleared out!


----------



## Mark1956 (May 7, 2011)

Good news with the hijack, there are some other things that need to be dealt with then we shall see about the update issue. You have multiple outdated versions of Java installed, please run this scan which will also show us if anything else that poses a security risk needs updating.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.


----------



## Tartansprite (Feb 22, 2013)

Thank you very much Mark for your continued voluntary assistance!

Results of screen317's Security Check version 0.99.60 
Windows Vista Service Pack 1 x86 (UAC is enabled) 
*Out of date service pack!!* 
Internet Explorer 8 *Out of date!* 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Disabled! 
Kaspersky Internet Security 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Spybot - Search & Destroy 
Malwarebytes Anti-Malware version 1.70.0.1100 
CCleaner 
Java(TM) 6 Update 22 
Java(TM) 6 Update 5 
Java(TM) 6 Update 7 
*Java version out of Date!* 
Adobe Reader 10.1.6 *Adobe Reader out of Date!* 
Google Chrome 24.0.1312.57 
Google Chrome 25.0.1364.97 
*````````Process Check: objlist.exe by Laurent````````* 
Windows Defender MSASCui.exe 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe 
Windows Defender MSASCui.exe 
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0 % 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

You're most welcome.

Follow these guides to update Adobe Reader and Java, you can leave IE9 until after we fix the SP2 issue.

Let me know when done and we shall continue.

*Adobe*
Close any programs you may have running - especially your web browser.
Click on Start







> *Control Panel*, double-click on Programs and Features and uninstall the following Adobe entries:

*Adobe Reader 10.1.6*

*NOTE:* For *XP* click on







> *Control Panel*, double-click on *Add or Remove Programs* and continue as above.

Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.










You will now see a page similar to this one:










All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for *Windows* Operating Systems and for *Internet Explorer* in *English*. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of *Windows* to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

============================================================

*How to update Java:*
Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement. 
End user licence agreement

First uninstall all existing versions of Java.


Go to Start > Control Panel double-click on *Add/Remove programs *(or Programs and Features) and click on any item with *Java, Java(TM), JRE* or *J2SE* in the name.
Click the *Uninstall*, *Remove* or *Change/Remove* button and allow it to uninstall. 
If a *User Account Control* warning appears click on *Allow*.
Repeat as many times as necessary to remove each and every item. 
Reboot your computer once all Java components are removed. 

*NOTE:* If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below, 
but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?. 
If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.

*How to install the latest version.*


Open the browser that you normally use and click on this link: Java Download
Click on the big red button *Free Java Download*
On the next page click on the big red button *Agree and Start Free Download*
Select *Run* whenever the option appears. If no *Run* option appears click on *Save* and then when the download completes click on *Run*. If a *User Account Control* warning appears click on *Continue*.
When the *Welcome to Java* window appears click on* Install*.
It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
If any error messages appear click on OK and then click on the *Agree and start free download* button again.
Please wait for the *Java Setup* window to appear. Uncheck the box to install the *Ask Toolbar* and then click on *Next*.
*NOTE: *The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
You will then see the *Java Setup Progress* window and another will appear for *JavaFX* (on some systems the JavaFX will not appear or be installed). Finally the *Java Setup Complete* window will appear, click on *Close*.
If a Java page then appears with a button to *Verify Java Version* click on it and it will verify the installation.
The Installation is now complete, please reboot the system.
*NOTE:* The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.


----------



## Tartansprite (Feb 22, 2013)

Ok so that is done. Adobe would not install so i both disabled Kaspersky and moved to Explorer from Chrome. I missed out putting it into desktop but it installed anyway.

The bad news - using internet explorer meant that I was facing Lavasoft secure search again 

I managed to change the settings though and it doesn't seem to have come back. Phew!


----------



## Mark1956 (May 7, 2011)

So the Lavasoft bug is still on the system, you didn't state what settings you changed, but go into IE, click on Tools then Manage Add-ons, see if there is anything showing for Lavasoft or Ad-Aware and disable it. Let me know what you find.

Now lets see if we can fix the update problem. We will start with this:

*Step 1: Verify the relevant Windows Update services*
=======================================


Click on *Start*, type *services.msc* in the open box and click *OK*. 
Double click the service *Background Intelligent Transfer Service*. 
Click on the *General* tab; make sure the *Startup Type* is set to Automatic. Then please click the *Start* button under *Service Status *to start the service. 
Please repeat the above steps with another service: *Windows Update*

*NOTE:* If one of the two services is missing, please let me know.

*Step 2: Rename the Windows Update Softwaredistribution folder*
=================================================
One possible cause is that Windows Update's temporary folder contains corrupted files. This step will remove the *Download* folder, which contains the update installation files. After renaming this folder a new one will automatically be created. This will have no negative effect on your computer's performance.


Click *Start* and type *cmd* in the Search box then right click on cmd in the pop up and select *Run as Administrator*. This will open the *Command Prompt* window, at the Command Prompt, type *net stop wuauserv* and press *Enter* (Leave the *Command Prompt* open).
Click *Start* and type *%windir%* in the Search box and press *Enter*.
Double-click the *SoftwareDistribution* folder.
In the opened folder, rename the folder *Download* to *Download.old*.
Go back to the *Command Prompt* and type *net start WuAuServ *and press Enter.
Close all the open windows and see if the update problem is resolved.

*NOTE*: After resolving this Windows Update issue, please feel free to delete the Download.old folder.

If that fails, click on *Start* and type:

*%windir%\WindowsUpdate.log *

in the search box & press Enter, *Copy & Paste* the last 100-150 lines in your next reply.


----------



## Tartansprite (Feb 22, 2013)

uh oh ... I see AddLyrics come up under the tools section !!! Do I need to cancel my bank card since I used it on Chrome thinking I was now safe?


----------



## Tartansprite (Feb 22, 2013)

ps... Windows still failed to install updates after carrying out above instructions. Eagerly awaiting next advice re this and AddLyrics! Never a dull moment!

2013-03-02	20:22:42:282	1260	8cc	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:43:296	1260	bfc	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:43:325	1260	bfc	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:44:310	1260	bfc	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:45:324	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:45:337	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:46:338	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:47:351	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:47:371	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:48:365	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:49:363	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:49:379	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:50:394	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:51:374	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:51:407	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:52:421	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:53:388	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:53:435	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:54:459	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:55:401	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:55:462	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:56:477	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:57:384	1260	1268	Agent * Added update {A6BB1C02-B874-4A1C-9B00-16E9B1C42473}.103 to search result
2013-03-02	20:22:57:384	1260	1268	Agent * Added update {0BC0E502-52B6-492E-8856-14B84973C615}.106 to search result
2013-03-02	20:22:57:384	1260	1268	Agent * Added update {7A25C7EC-3798-4413-A493-57A259D18959}.104 to search result
2013-03-02	20:22:57:384	1260	1268	Agent	Update {FF434E78-8B6A-4860-BD0F-4AC472E29063}.101 is pruned out due to potential supersedence
2013-03-02	20:22:57:384	1260	1268	Agent	Update {566B95D4-66F6-47BA-8953-02CAEA29022C}.101 is pruned out due to potential supersedence
2013-03-02	20:22:57:384	1260	1268	Agent	Update {B932D155-4C7F-4CBC-8527-D5DF17B0A220}.101 is pruned out due to potential supersedence
2013-03-02	20:22:57:384	1260	1268	Agent	Update {B6C0F3C6-C368-4A76-A3BF-BE068C7358F0}.101 is pruned out due to potential supersedence
2013-03-02	20:22:57:384	1260	1268	Agent * Added update {3A780427-54C3-4BD3-815C-2E2B1095DE45}.103 to search result
2013-03-02	20:22:57:384	1260	1268	Agent * Added update {AAE5E2C7-3498-4F43-AF66-AEC06A59713F}.102 to search result
2013-03-02	20:22:57:385	1260	1268	Agent * Added update {2E15FA43-F122-4FD5-9EB0-D46E430A7439}.111 to search result
2013-03-02	20:22:57:385	1260	1268	Agent * Added update {87E3E2FA-70E5-4B90-83EE-A16F41569A11}.111 to search result
2013-03-02	20:22:57:385	1260	1268	Agent * Added update {58342C71-E20B-47F1-A04A-BC973A3B9F2E}.103 to search result
2013-03-02	20:22:57:385	1260	1268	Agent	Update {D6F5EEF2-B0B3-4939-8E72-52DF78032FA4}.102 is pruned out due to potential supersedence
2013-03-02	20:22:57:385	1260	1268	Agent * Added update {3A434D1C-BC51-4762-A37F-50ECACD9CEF4}.102 to search result
2013-03-02	20:22:57:385	1260	1268	Agent * Added update {7EB1975D-D046-486B-B6C3-328BDDFC6AF3}.200 to search result
2013-03-02	20:22:57:385	1260	1268	Agent * Added update {C291A8B1-7657-47ED-B7C5-D4F4A9CD1E28}.203 to search result
2013-03-02	20:22:57:385	1260	1268	Agent * Added update {B9337BD8-6297-477A-BB03-3E10BF677D8C}.104 to search result
2013-03-02	20:22:57:385	1260	1268	Agent * Added update {5BD72FC8-8BDB-458A-95B8-4372212FE3CE}.201 to search result
2013-03-02	20:22:57:385	1260	1268	Agent * Found 13 updates and 78 categories in search; evaluated appl. rules of 1273 out of 2588 deployed entities
2013-03-02	20:22:57:412	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:57:490	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:59:223	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:59:423	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:22:59:519	1260	1750	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:00:419	1260	1268	Agent	*********
2013-03-02	20:23:00:419	1260	1268	Agent	** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-03-02	20:23:00:419	1260	1268	Agent	*************
2013-03-02	20:23:00:450	1260	1664	AU	>>## RESUMED ## AU: Search for updates [CallId = {C9A2F978-C271-40B9-BA23-635CBA4DE8A7}]
2013-03-02	20:23:00:467	1260	1268	Report	REPORT EVENT: {F552E738-9926-426D-8F75-40EE61628ABA}	2013-03-02 20:21:13:546-0000	1	188	102	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Content Install	Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ‎03 ‎March ‎2013 at 03:00: - Security Update for Microsoft Office 2007 suites (KB2596615) - Security Update for Microsoft Office 2007 suites (KB2596785) - Update for Microsoft Office 2007 suites (KB2596848) - Security Update for Microsoft Office 2007 suites (KB2596672) - Security Update for Microsoft Office 2007 suites (KB2687499) - Security Update for Microsoft Office PowerPoint 2007 (KB2596843)
2013-03-02	20:23:00:467	1260	1268	Report	REPORT EVENT: {C813D9D5-99FF-4DE2-BB80-6DB85D510D1D}	2013-03-02 20:21:16:180-0000	1	202	102	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Content Install	Reboot completed.
2013-03-02	20:23:00:468	1260	1664	AU # 13 updates detected
2013-03-02	20:23:00:526	1260	1664	AU	#########
2013-03-02	20:23:00:526	1260	1664	AU	## END ## AU: Search for updates [CallId = {C9A2F978-C271-40B9-BA23-635CBA4DE8A7}]
2013-03-02	20:23:00:526	1260	1664	AU	#############
2013-03-02	20:23:00:526	1260	1664	AU	No featured updates notifications to show
2013-03-02	20:23:00:527	1260	1664	AU	Currently showing Progress UX client - so not launching any other client
2013-03-02	20:23:02:689	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:02:713	1260	8d8	AU	Getting featured update notifications. fIncludeDismissed = true
2013-03-02	20:23:02:713	1260	8d8	AU	No featured updates available.
2013-03-02	20:23:02:940	1260	1268	Report	CWERReporter finishing event handling. (00000000)
2013-03-02	20:23:03:320	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:03:322	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:03:325	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:03:335	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:03:450	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:03:576	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:03:997	1260	e50	DnldMgr	WARNING: Preparing update for install, updateId = {B37927ED-A1B4-4269-B132-A3D2CC63FB9A}.102 (using payload from revision 101).
2013-03-02	20:23:04:232	1260	e50	DnldMgr	WARNING: Update invalid. Error is 0x80246007.
2013-03-02	20:23:04:234	1260	1664	AU	>>## RESUMED ## AU: Installing update [UpdateId = {3A434D1C-BC51-4762-A37F-50ECACD9CEF4}]
2013-03-02	20:23:04:235	1260	1664	AU # WARNING: Install failed, error = 0x80246007 / 0x80246007
2013-03-02	20:23:04:589	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:05:460	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:05:603	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:05:828	1260	e50	DnldMgr	WARNING: Preparing update for install, updateId = {FEF8DF4E-E48C-49B0-8970-C9722CC10D29}.111 (using payload from revision 106).
2013-03-02	20:23:05:834	1260	e50	DnldMgr	WARNING: Update invalid. Error is 0x80246007.
2013-03-02	20:23:05:838	1260	1664	AU	>>## RESUMED ## AU: Installing update [UpdateId = {2E15FA43-F122-4FD5-9EB0-D46E430A7439}]
2013-03-02	20:23:05:838	1260	1664	AU # WARNING: Install failed, error = 0x80246007 / 0x80246007
2013-03-02	20:23:05:875	1260	e50	DnldMgr	Preparing update for install, updateId = {A090C88E-5E6F-4BE0-A9D3-604DD20720F0}.200.
2013-03-02	20:23:05:878	1260	e50	DnldMgr	WARNING: Update invalid. Error is 0x80246007.
2013-03-02	20:23:05:879	1260	1664	AU	>>## RESUMED ## AU: Installing update [UpdateId = {7EB1975D-D046-486B-B6C3-328BDDFC6AF3}]
2013-03-02	20:23:05:879	1260	1664	AU # WARNING: Install failed, error = 0x80246007 / 0x80246007
2013-03-02	20:23:05:968	1260	e50	DnldMgr	WARNING: Preparing update for install, updateId = {1A45A928-F39F-4118-9434-E8336A889535}.103 (using payload from revision 102).
2013-03-02	20:23:05:990	1260	e50	DnldMgr	WARNING: Update invalid. Error is 0x80246007.
2013-03-02	20:23:05:993	1260	1664	AU	>>## RESUMED ## AU: Installing update [UpdateId = {58342C71-E20B-47F1-A04A-BC973A3B9F2E}]
2013-03-02	20:23:05:993	1260	1664	AU # WARNING: Install failed, error = 0x80246007 / 0x80246007
2013-03-02	20:23:06:029	1260	e50	DnldMgr	Preparing update for install, updateId = {23F516A7-9724-4A1D-B181-DA197C4BD994}.201.
2013-03-02	20:23:06:046	1260	e50	DnldMgr	WARNING: Update invalid. Error is 0x80246007.
2013-03-02	20:23:06:049	1260	1664	AU	>>## RESUMED ## AU: Installing update [UpdateId = {5BD72FC8-8BDB-458A-95B8-4372212FE3CE}]
2013-03-02	20:23:06:050	1260	1664	AU # WARNING: Install failed, error = 0x80246007 / 0x80246007
2013-03-02	20:23:06:051	1260	1268	Report	REPORT EVENT: {709891A5-38BE-4CAD-A4EB-07F85370AEE8}	2013-03-02 20:23:04:233-0000	1	182	101	{3A434D1C-BC51-4762-A37F-50ECACD9CEF4}	102	80246007	AutomaticUpdates	Failure	Content Install	Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2596615).
2013-03-02	20:23:06:051	1260	1268	Report	REPORT EVENT: {CD775C44-DC18-42AF-96C7-E91423A2F083}	2013-03-02 20:23:05:835-0000	1	182	101	{2E15FA43-F122-4FD5-9EB0-D46E430A7439}	111	80246007	AutomaticUpdates	Failure	Content Install	Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2596785).
2013-03-02	20:23:06:051	1260	1268	Report	REPORT EVENT: {16513D2F-8C9E-48C0-93E7-2DAE07A10C4C}	2013-03-02 20:23:05:879-0000	1	182	101	{7EB1975D-D046-486B-B6C3-328BDDFC6AF3}	200	80246007	AutomaticUpdates	Failure	Content Install	Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office 2007 suites (KB2596848).
2013-03-02	20:23:06:051	1260	1268	Report	REPORT EVENT: {F62D84AB-C1B4-4161-B2BE-2A14B5D791F7}	2013-03-02 20:23:05:992-0000	1	182	101	{58342C71-E20B-47F1-A04A-BC973A3B9F2E}	103	80246007	AutomaticUpdates	Failure	Content Install	Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2596672).
2013-03-02	20:23:06:051	1260	1268	Report	REPORT EVENT: {F347FF22-3BEC-4A93-9026-9B9913679E37}	2013-03-02 20:23:06:047-0000	1	182	101	{5BD72FC8-8BDB-458A-95B8-4372212FE3CE}	201	80246007	AutomaticUpdates	Failure	Content Install	Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2687499).
2013-03-02	20:23:06:080	1260	e50	DnldMgr	WARNING: Preparing update for install, updateId = {73837D4F-8B1D-45BB-AC0C-1AD28EB982C2}.111 (using payload from revision 106).
2013-03-02	20:23:06:108	1260	e50	DnldMgr	WARNING: Update invalid. Error is 0x80246007.
2013-03-02	20:23:06:110	1260	1664	AU	>>## RESUMED ## AU: Installing update [UpdateId = {87E3E2FA-70E5-4B90-83EE-A16F41569A11}]
2013-03-02	20:23:06:110	1260	1664	AU # WARNING: Install failed, error = 0x80246007 / 0x80246007
2013-03-02	20:23:06:141	1260	e50	Agent	*********
2013-03-02	20:23:06:141	1260	1664	AU	Install call completed.
2013-03-02	20:23:06:141	1260	e50	Agent	** END ** Agent: Installing updates [CallerId = AutomaticUpdates]
2013-03-02	20:23:06:142	1260	1664	AU # WARNING: Install call completed, reboot required = No, error = 0x00000000
2013-03-02	20:23:06:142	1260	e50	Agent	*************
2013-03-02	20:23:06:142	1260	1664	AU	#########
2013-03-02	20:23:06:142	1260	1664	AU	## END ## AU: Installing updates [CallId = {F8F5B4C8-9F21-41CE-ADD8-FBC3CA811136}]
2013-03-02	20:23:06:142	1260	1664	AU	#############
2013-03-02	20:23:06:142	1260	1664	AU	Install complete for all calls, reboot NOT needed
2013-03-02	20:23:06:143	1260	1664	AU	Setting AU scheduled install time to 2013-03-03 03:00:00
2013-03-02	20:23:06:200	1260	8d8	AU	Getting featured update notifications. fIncludeDismissed = true
2013-03-02	20:23:06:200	1260	8d8	AU	No featured updates available.
2013-03-02	20:23:06:284	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:06:704	1260	1268	Report	CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-03-02	20:23:06:704	1260	1268	Report	WER Report sent: 7.4.7600.226 0x80246007 3A434D1C-BC51-4762-A37F-50ECACD9CEF4 Install 101 Unmanaged
2013-03-02	20:23:06:778	1260	1268	Report	CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-03-02	20:23:06:779	1260	1268	Report	WER Report sent: 7.4.7600.226 0x80246007 2E15FA43-F122-4FD5-9EB0-D46E430A7439 Install 101 Unmanaged
2013-03-02	20:23:06:874	1260	1268	Report	CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-03-02	20:23:06:874	1260	1268	Report	WER Report sent: 7.4.7600.226 0x80246007 7EB1975D-D046-486B-B6C3-328BDDFC6AF3 Install 101 Unmanaged
2013-03-02	20:23:06:954	1260	1268	Report	CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-03-02	20:23:06:954	1260	1268	Report	WER Report sent: 7.4.7600.226 0x80246007 58342C71-E20B-47F1-A04A-BC973A3B9F2E Install 101 Unmanaged
2013-03-02	20:23:07:037	1260	1268	Report	CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-03-02	20:23:07:037	1260	1268	Report	WER Report sent: 7.4.7600.226 0x80246007 5BD72FC8-8BDB-458A-95B8-4372212FE3CE Install 101 Unmanaged
2013-03-02	20:23:07:037	1260	1268	Report	CWERReporter finishing event handling. (00000000)
2013-03-02	20:23:07:473	1260	8d8	AU	All updates already downloaded, setting percent complete to 100
2013-03-02	20:23:07:476	1260	1750	AU	No featured updates notifications to show
2013-03-02	20:23:07:482	1260	1750	AU	UpdateDownloadProperties: 0 download(s) are still in progress.
2013-03-02	20:23:07:494	1260	1750	AU	Triggering Offline detection (non-interactive)
2013-03-02	20:23:07:498	1260	1750	AU	AU setting pending client directive to 'Install Complete Ux'
2013-03-02	20:23:07:508	1260	1750	AU	Changing existing AU client directive from 'Progress Ux' to 'Install Complete Ux', session id = 0x1
2013-03-02	20:23:07:512	1260	1750	AU	AU setting pending client directive to 'Install Approval'
2013-03-02	20:23:07:520	1260	1750	AU	Changing existing AU client directive from 'Install Complete Ux' to 'Install Approval', session id = 0x1
2013-03-02	20:23:07:651	1260	16cc	AU	#############
2013-03-02	20:23:07:651	1260	16cc	AU	## START ## AU: Search for updates
2013-03-02	20:23:07:651	1260	16cc	AU	#########
2013-03-02	20:23:07:661	1260	16cc	AU	<<## SUBMITTED ## AU: Search for updates [CallId = {2456DC49-B702-42FD-9A22-5E6922966A22}]
2013-03-02	20:23:07:662	1260	1268	Agent	*************
2013-03-02	20:23:07:662	1260	1268	Agent	** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-03-02	20:23:07:662	1260	1268	Agent	*********
2013-03-02	20:23:07:662	1260	1268	Agent * Online = No; Ignore download priority = No
2013-03-02	20:23:07:662	1260	1268	Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-03-02	20:23:07:662	1260	1268	Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-03-02	20:23:07:662	1260	1268	Agent * Search Scope = {Machine}
2013-03-02	20:23:45:645	1260	1268	Driver	Matched driver to device PCI\VEN_8086&DEV_29C2&SUBSYS_020D1028&REV_02
2013-03-02	20:23:45:645	1260	1268	Driver	Status: 0x180200a, ProblemNumber: 00000000
2013-03-02	20:23:45:646	1260	1268	Driver	Matched driver to device HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1028020D&REV_1000
2013-03-02	20:23:45:646	1260	1268	Driver	Status: 0x180200a, ProblemNumber: 00000000
2013-03-02	20:23:45:646	1260	1268	Driver	Matched driver to device MONITOR\DELD017
2013-03-02	20:23:45:646	1260	1268	Driver	Status: 0x180600a, ProblemNumber: 00000000
2013-03-02	20:23:47:285	1260	1268	Agent	WARNING: Failed to evaluate Installable rule, updateId = {DEA79BA4-19AA-4013-903E-AD2A16AE96D0}.101, hr = 80070663
2013-03-02	20:23:50:353	1260	1268	Agent	WARNING: Failed to evaluate Installable rule, updateId = {99BFDF7D-BF40-4E12-BA30-FD74DF6097CA}.102, hr = 80070663
2013-03-02	20:23:50:584	1260	1268	Agent	WARNING: Failed to evaluate Installable rule, updateId = {E5F58086-4B7B-4395-BC39-5009AAA81AB4}.111, hr = 80070663
2013-03-02	20:23:50:613	1260	1268	Agent	WARNING: Failed to evaluate Installable rule, updateId = {180A5369-1037-4E82-B720-527D8A86C5BF}.101, hr = 80070663
2013-03-02	20:23:50:633	1260	1268	Agent	WARNING: Failed to evaluate Installable rule, updateId = {F7DD590E-C8D4-4474-B619-3B80A0D04CE9}.103, hr = 80070663
2013-03-02	20:23:51:220	1260	1268	Agent	WARNING: Failed to evaluate Installable rule, updateId = {A671CE03-B748-4EE3-B961-13C925E1D381}.200, hr = 80070663


----------



## Mark1956 (May 7, 2011)

First thing, you didn't fully respond to this: So the Lavasoft bug is still on the system, you didn't state what settings you changed, but go into IE, click on Tools then Manage Add-ons, see if there is anything showing for Lavasoft or Ad-Aware and disable it. Let me know what you find.

I see AddLyrics come up under the tools section. Under the Tools section where? Or do you mean in the Add-ons list in IE, did you uninstall/disable it?

Your credit card details should be quite safe, it is only bad Malware like Rootkits that can steel personal details.

Follow this guide and see if doing a manual install will work: SP2

On the bottom of this page it shows the site time, are you on the same time zone, if not how far before or after?


----------



## Tartansprite (Feb 22, 2013)

Easy answers first... Time zone is GMT. Greenwich is up the road 15 miles away.

AddLyrics came up under tool bars and extensions. It is enabled and the disable option is disabled. There is nothing about lavasoft/delta search or add aware under tool bars or search providers. I disabled the lavasoft search by right click over Search and left click over the spanner bringing up search options. I think a couple of boxes were unticked. Set and keep google as default search engine, and make Google my home page. My recollection is I had to tick both in that order to finally rid the Lavasoft,

That's a relief re the bank cards.


----------



## Tartansprite (Feb 22, 2013)

ps Good news Windows updated successfully overnight.


----------



## Mark1956 (May 7, 2011)

Great news about SP2, now go into Windows update and check for any new updates that might be available and see if it will install them.

AddLyrics is known Adware so we need to deal with it, have a look in Programs & Features and see if it shows in the list, if so uninstall it. Regardless of you finding it, then run ADWCleaner and post the log.


----------



## Tartansprite (Feb 22, 2013)

Here's ADW log then. Addlyrics is hiding from programs and features so nothing to report from there. What next I wonder? Also are you in sunny Spain as reported by Tech Guy.....noseyme!

# AdwCleaner v2.113 - Logfile created 03/03/2013 at 15:57:38
# Updated 23/02/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : millymatt - MILLYMATT-PC
# Boot Mode : Normal
# Running from : C:\Users\millymatt\Desktop\adwcleaner (4).exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-3469522661-2701585936-2328360242-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1292 octets] - [03/03/2013 15:57:38]
AdwCleaner[S1].txt - [4645 octets] - [28/02/2013 18:54:48]
AdwCleaner[S2].txt - [870 octets] - [28/02/2013 18:59:02]

########## EOF - C:\AdwCleaner[R1].txt - [1471 octets] ##########


----------



## Mark1956 (May 7, 2011)

Yes, it has been sunny today but only got to about 15ºC, we live inland up in the mountains, had an inch of snow on Wednesday, but Spring is just around the corner and temps normally start to hit 30ºC by the end of March.

You ran ADWCleaner without using the Delete button so the items it found have not been removed, run it again using Delete.

Lets see if a search for Addlyrics will turn anything up or we will have to run another tool to try and locate and then delete it.

Please download *SystemLook* from one of the links below and save it to your Desktop.


*Link 1: SystemLook (32-bit)*
Link 2: SystemLook (32-bit)


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*addlyrics*
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## Tartansprite (Feb 22, 2013)

Unfortunately 6 windows security updates will not install. Here's the systemlook log however. 30 degrees in March!!!. Will be lucky to get that in Zambia where I 'll be month end!

SystemLook 30.07.11 by jpshortstuff
Log created at 08:35 on 04/03/2013 by millymatt
Administrator - Elevation successful

========== filefind ==========

Searching for "*addlyrics*"
C:\Users\millymatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0CQEVILC\Adware.AddLyrics[1].jpg	--a---- 31595 bytes	[19:40 02/03/2013]	[19:40 02/03/2013] 6B7D2989FE7AEE98862EAA99A6607BA4
C:\Users\millymatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9LLKU1JN\remove-addlyrics-virus[1].htm	--a---- 17001 bytes	[19:41 02/03/2013]	[19:41 02/03/2013] 52806D74DB01307BBEC356035E0E4E0B
C:\Users\millymatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NZ291096\addlyrics-dll[1].htm	--a---- 22765 bytes	[19:38 02/03/2013]	[19:38 02/03/2013] C19D29D3B204A9CDB1A2FAC78DE26AF3
C:\Users\millymatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTX16PN3\addlyrics-130218045354-phpapp01-thumbnail-2[1].jpg	--a---- 5715 bytes	[16:05 03/03/2013]	[16:05 03/03/2013] CFA266DD4EE7D33DD4BEB90A5B26594E
C:\Users\millymatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTX16PN3\addlyrics-dll[2].htm	--a---- 11320 bytes	[19:37 02/03/2013]	[19:37 02/03/2013] 3AA19409C3C7DD2C4BA87BBC1882EA9E
C:\Users\millymatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTX16PN3\Adware.AddLyrics[1].jpg	--a---- 31595 bytes	[19:38 02/03/2013]	[19:38 02/03/2013] 6B7D2989FE7AEE98862EAA99A6607BA4
C:\Windows\System32\Tasks\AddLyrics update	--a---- 3014 bytes	[16:05 21/02/2013]	[16:10 21/02/2013] 26172AFAB8D85153C39EDA7A596ED389
C:\Windows\Tasks\AddLyrics update.job	--a---- 358 bytes	[16:05 21/02/2013]	[08:21 04/03/2013] 565129436F8910B30DA592D12FDD2E1E

-= EOF =-


----------



## Mark1956 (May 7, 2011)

It can get very hot here, June to August it often hits 40ºC+.

That scan shows most of its results are temporary files so we will clean all of them out and delete the two files found in the system.

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

Then run this:

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Services
:Files
C:\Windows\Tasks\AddLyrics update.job
C:\Windows\System32\Tasks\AddLyrics update
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles 

Let me know the outcome.


----------



## Tartansprite (Feb 22, 2013)

The following log came up on reboot. However, I had to switch off the computer to get it to reboot: a message came up saying that it couldn't do something to C:. After waiting an age (20 minutesplus) I just switched the computer off...Hmmmm?


Files moved on Reboot...
C:\Windows\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...


----------



## Mark1956 (May 7, 2011)

When something appears to be going wrong and you see an error message come up on screen please record it word for word or I have very little to go on but guess work.

Please repeat the process and tell me exactly what the message was that you saw.


----------



## Tartansprite (Feb 22, 2013)

I did try to copy and paste it but lost control and lost the screen.

Cannot create file C:\Windows\System 32\drivers\etc\Hosts.

...was the message


----------



## Mark1956 (May 7, 2011)

Ok see if you can find the log as per the instructions:

-- Note: The logs are saved here: C:\_OTM\MovedFiles


----------



## Tartansprite (Feb 22, 2013)

Files moved on Reboot...
C:\Windows\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...

You have seen this in my previous post. Did you miss it?


----------



## Mark1956 (May 7, 2011)

That is always shown at the end of the log.


----------



## Tartansprite (Feb 22, 2013)

That is all it said.


----------



## Mark1956 (May 7, 2011)

Must have been a bit tired when I made my last post the log result you posted is fine.

Did you do another run with ADWCleaner using the Delete button as I suggested in post 32, you didn't respond.

How are things running now? Has anything changed with the updates that would not install?


----------



## Tartansprite (Feb 22, 2013)

Windows update encountered an unknown error meaning that 6 out of 9 updates failed.


----------



## Tartansprite (Feb 22, 2013)

ps I did do another run with ADW cleaner and deleted as instructed. Most of the Windows updates were security updates which failed , though some security updates succeeded in being installed.


----------



## Mark1956 (May 7, 2011)

Keep trying, as some updates did install that is a good sign, the rest may be OK with a few more attempts.


----------



## Tartansprite (Feb 22, 2013)

None of the original 6 updates will install. Having installed Vista service pack 2 there were three more updates that became available. Only those have i been able to install.

AddLyrics still appears under toolbars and extensions. Is this a problem?


----------



## Mark1956 (May 7, 2011)

Go back through the STEP 2 instruction in post 23 and post the log if it still doesn't work.

Addlyrics is only an item of Adware so as long as you keep it disabled it won't do any harm.


----------



## Tartansprite (Feb 22, 2013)

No joy unfortunately! Does that mean we're scratching around now?! ...or is the solution on the cusp of being revealed? Awaiting the next advice with baited breath......

But seriously, well done so far and many thanks from delivering my computer from nasties and glad that AddLyrics seems to be inert for the moment at least (not that I can disable it anyway as that option isn't known to me! It is enabled at the moment as a browser helper object ??)

Here's the log - maybe 200 lines as lost count!

2013-03-07	08:54:35:086	1228	f0c	Driver	Status: 0x180600a, ProblemNumber: 00000000
2013-03-07	08:54:37:486	1228	f0c	Agent	WARNING: Failed to evaluate Installable rule, updateId = {DEA79BA4-19AA-4013-903E-AD2A16AE96D0}.101, hr = 80070663
2013-03-07	08:54:41:592	1228	f0c	Agent	WARNING: Failed to evaluate Installable rule, updateId = {99BFDF7D-BF40-4E12-BA30-FD74DF6097CA}.102, hr = 80070663
2013-03-07	08:54:41:831	1228	f0c	Agent	WARNING: Failed to evaluate Installable rule, updateId = {E5F58086-4B7B-4395-BC39-5009AAA81AB4}.111, hr = 80070663
2013-03-07	08:54:41:851	1228	f0c	Agent	WARNING: Failed to evaluate Installable rule, updateId = {180A5369-1037-4E82-B720-527D8A86C5BF}.101, hr = 80070663
2013-03-07	08:54:41:872	1228	f0c	Agent	WARNING: Failed to evaluate Installable rule, updateId = {F7DD590E-C8D4-4474-B619-3B80A0D04CE9}.103, hr = 80070663
2013-03-07	08:54:42:684	1228	f0c	Agent	WARNING: Failed to evaluate Installable rule, updateId = {A671CE03-B748-4EE3-B961-13C925E1D381}.200, hr = 80070663
2013-03-07	08:54:48:523	1228	f0c	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-07	08:54:48:545	1228	f0c	Misc Microsoft signed: Yes
2013-03-07	08:54:48:613	1228	f0c	Misc	Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-07	08:54:48:640	1228	f0c	Misc Microsoft signed: Yes
2013-03-07	08:54:48:655	1228	f0c	PT	+++++++++++ PT: Synchronizing extended update info +++++++++++
2013-03-07	08:54:48:655	1228	f0c	PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-03-07	08:55:13:629	1228	f0c	Agent * Added update {A6BB1C02-B874-4A1C-9B00-16E9B1C42473}.103 to search result
2013-03-07	08:55:13:629	1228	f0c	Agent * Added update {087B85DE-3627-4A1F-BF1B-E6D3BCEA03F0}.101 to search result
2013-03-07	08:55:13:629	1228	f0c	Agent	Update {FF434E78-8B6A-4860-BD0F-4AC472E29063}.101 is pruned out due to potential supersedence
2013-03-07	08:55:13:629	1228	f0c	Agent	Update {566B95D4-66F6-47BA-8953-02CAEA29022C}.101 is pruned out due to potential supersedence
2013-03-07	08:55:13:629	1228	f0c	Agent	Update {B932D155-4C7F-4CBC-8527-D5DF17B0A220}.101 is pruned out due to potential supersedence
2013-03-07	08:55:13:629	1228	f0c	Agent	Update {B6C0F3C6-C368-4A76-A3BF-BE068C7358F0}.101 is pruned out due to potential supersedence
2013-03-07	08:55:13:629	1228	f0c	Agent * Added update {AAE5E2C7-3498-4F43-AF66-AEC06A59713F}.102 to search result
2013-03-07	08:55:13:629	1228	f0c	Agent * Added update {2E15FA43-F122-4FD5-9EB0-D46E430A7439}.111 to search result
2013-03-07	08:55:13:629	1228	f0c	Agent * Added update {87E3E2FA-70E5-4B90-83EE-A16F41569A11}.111 to search result
2013-03-07	08:55:13:629	1228	f0c	Agent * Added update {58342C71-E20B-47F1-A04A-BC973A3B9F2E}.103 to search result
2013-03-07	08:55:13:630	1228	f0c	Agent	Update {D6F5EEF2-B0B3-4939-8E72-52DF78032FA4}.102 is pruned out due to potential supersedence
2013-03-07	08:55:13:630	1228	f0c	Agent * Added update {3A434D1C-BC51-4762-A37F-50ECACD9CEF4}.102 to search result
2013-03-07	08:55:13:630	1228	f0c	Agent * Added update {7EB1975D-D046-486B-B6C3-328BDDFC6AF3}.200 to search result
2013-03-07	08:55:13:630	1228	f0c	Agent * Added update {C291A8B1-7657-47ED-B7C5-D4F4A9CD1E28}.203 to search result
2013-03-07	08:55:13:630	1228	f0c	Agent * Added update {B9337BD8-6297-477A-BB03-3E10BF677D8C}.104 to search result
2013-03-07	08:55:13:630	1228	f0c	Agent * Added update {5BD72FC8-8BDB-458A-95B8-4372212FE3CE}.201 to search result
2013-03-07	08:55:13:630	1228	f0c	Agent * Added update {3A780427-54C3-4BD3-815C-2E2B1095DE45}.104 to search result
2013-03-07	08:55:13:630	1228	f0c	Agent * Found 12 updates and 77 categories in search; evaluated appl. rules of 1935 out of 2993 deployed entities
2013-03-07	08:55:14:283	1228	f0c	Agent	*********
2013-03-07	08:55:14:283	1228	f0c	Agent	** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-03-07	08:55:14:283	1228	f0c	Agent	*************
2013-03-07	08:55:14:322	1228	f0c	Report	REPORT EVENT: {2AC312D3-E884-4219-8445-F8772C476323}	2013-03-07 08:55:14:277-0000	1	147	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Software Synchronization	Windows Update Client successfully detected 12 updates.
2013-03-07	08:55:14:323	1228	1688	AU	>>## RESUMED ## AU: Search for updates [CallId = {C62EE578-8E72-459D-AA31-BB92ECA25CB1}]
2013-03-07	08:55:14:323	1228	1688	AU # 12 updates detected
2013-03-07	08:55:14:323	1228	f0c	Report	CWERReporter finishing event handling. (00000000)
2013-03-07	08:55:14:349	1228	1688	AU	#########
2013-03-07	08:55:14:349	1228	1688	AU	## END ## AU: Search for updates [CallId = {C62EE578-8E72-459D-AA31-BB92ECA25CB1}]
2013-03-07	08:55:14:349	1228	1688	AU	#############
2013-03-07	08:55:14:350	1228	1688	AU	#############
2013-03-07	08:55:14:350	1228	1688	AU	## START ## AU: Refresh featured updates info
2013-03-07	08:55:14:350	1228	1688	AU	#########
2013-03-07	08:55:14:350	1228	1688	AU	No featured updates available.
2013-03-07	08:55:14:350	1228	1688	AU	#########
2013-03-07	08:55:14:350	1228	1688	AU	## END ## AU: Refresh featured updates info
2013-03-07	08:55:14:350	1228	1688	AU	#############
2013-03-07	08:55:14:350	1228	1688	AU	AU setting next detection timeout to 2013-03-08 03:17:14
2013-03-07	08:55:14:351	1228	1688	AU	Setting AU scheduled install time to 2013-03-08 03:00:00
2013-03-07	08:55:19:282	1228	f0c	Report	CWERReporter finishing event handling. (00000000)
2013-03-07	10:25:46:481	1228	1040	AU	AU successfully set to wake up the machine for Scheduled install at:2013-03-08 03:00:10
2013-03-07	19:19:04:503	1228	1040	AU	AU setting next sqm report timeout to 2013-03-08 19:19:04
2013-03-07	21:14:20:774	1228	1040	AU	AU successfully set to wake up the machine for Scheduled install at:2013-03-08 03:00:10
2013-03-07	21:40:08:028	1228	1040	AU	########### AU: Uninitializing Automatic Updates ###########
2013-03-07	21:40:08:604	1228	1040	Report	CWERReporter finishing event handling. (00000000)
2013-03-07	21:40:08:729	1228	1040	Service	*********
2013-03-07	21:40:08:729	1228	1040	Service	** END ** Service: Service exit [Exit code = 0x240001]
2013-03-07	21:40:08:729	1228	1040	Service	*************
2013-03-07	21:44:03:495	1228	1b4	Misc	=========== Logging initialized (build: 7.6.7600.256, tz: -0000) ===========
2013-03-07	21:44:03:495	1228	1b4	Misc = Process: C:\Windows\system32\svchost.exe
2013-03-07	21:44:03:495	1228	1b4	Misc = Module: c:\windows\system32\wuaueng.dll
2013-03-07	21:44:03:495	1228	1b4	Service	*************
2013-03-07	21:44:03:495	1228	1b4	Service	** START ** Service: Service startup
2013-03-07	21:44:03:495	1228	1b4	Service	*********
2013-03-07	21:44:03:504	1228	1b4	Agent * WU client version 7.6.7600.256
2013-03-07	21:44:03:505	1228	1b4	Agent * Base directory: C:\Windows\SoftwareDistribution
2013-03-07	21:44:03:505	1228	1b4	Agent * Access type: No proxy
2013-03-07	21:44:03:506	1228	1b4	Agent * Network state: Connected
2013-03-07	21:44:48:748	1228	1b4	Report	CWERReporter::Init succeeded
2013-03-07	21:44:48:748	1228	1b4	Agent	*********** Agent: Initializing Windows Update Agent ***********
2013-03-07	21:44:48:748	1228	1b4	Agent	*********** Agent: Initializing global settings cache ***********
2013-03-07	21:44:48:748	1228	1b4	Agent * WSUS server: <NULL>
2013-03-07	21:44:48:748	1228	1b4	Agent * WSUS status server: <NULL>
2013-03-07	21:44:48:748	1228	1b4	Agent * Target group: (Unassigned Computers)
2013-03-07	21:44:48:748	1228	1b4	Agent * Windows Update access disabled: No
2013-03-07	21:44:48:766	1228	1b4	DnldMgr	Download manager restoring 0 downloads
2013-03-07	21:44:48:799	1228	1b4	AU	########### AU: Initializing Automatic Updates ###########
2013-03-07	21:44:48:801	1228	1b4	AU # Approval type: Scheduled (User preference)
2013-03-07	21:44:48:801	1228	1b4	AU # Scheduled install day/time: Every day at 3:00
2013-03-07	21:44:48:801	1228	1b4	AU # Auto-install minor updates: Yes (User preference)
2013-03-07	21:44:49:320	1228	1b4	AU	Setting AU scheduled install time to 2013-03-08 03:00:00
2013-03-07	21:44:49:950	1228	1b4	Report	*********** Report: Initializing static reporting data ***********
2013-03-07	21:44:49:951	1228	1b4	Report * OS Version = 6.0.6002.2.0.66304
2013-03-07	21:44:49:951	1228	1b4	Report * OS Product Type = 0x00000003
2013-03-07	21:44:50:006	1228	1b4	Report * Computer Brand = Dell Inc.
2013-03-07	21:44:50:006	1228	1b4	Report * Computer Model = Inspiron 530
2013-03-07	21:44:50:013	1228	1b4	Report * Bios Revision = 1.0.13
2013-03-07	21:44:50:013	1228	1b4	Report * Bios Name = Phoenix - AwardBIOS v6.00PG
2013-03-07	21:44:50:013	1228	1b4	Report * Bios Release Date = 2008-03-20T00:00:00
2013-03-07	21:44:50:013	1228	1b4	Report * Locale ID = 2057
2013-03-07	21:44:50:016	1228	1b4	AU	Initializing featured updates
2013-03-07	21:44:50:016	1228	1b4	AU	Found 0 cached featured updates
2013-03-07	21:44:50:016	1228	1b4	AU	AU setting pending client directive to 'Install Approval'
2013-03-07	21:44:50:051	1228	1b4	AU	AU finished delayed initialization
2013-03-07	21:44:55:016	1228	d4c	Report	REPORT EVENT: {2E6599B2-347A-4A8D-9936-B8D95F9AC816}	2013-03-07 21:44:49:421-0000	1	188	102	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Content Install	Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ‎08 ‎March ‎2013 at 03:00: - Security Update for Microsoft Office 2007 suites (KB2596615) - Security Update for Microsoft Office 2007 suites (KB2596785) - Update for Microsoft Office 2007 suites (KB2596848) - Security Update for Microsoft Office 2007 suites (KB2596672) - Security Update for Microsoft Office 2007 suites (KB2687499) - Security Update for Microsoft Office PowerPoint 2007 (KB2596843)
2013-03-07	21:44:55:087	1228	d4c	Report	CWERReporter finishing event handling. (00000000)
2013-03-07	21:45:05:130	1228	1b4	AU	Launched new AU client for directive 'Install Approval', session id = 0x1
2013-03-07	21:45:19:387	1228	e00	AU	Getting featured update notifications. fIncludeDismissed = true
2013-03-07	21:45:19:387	1228	e00	AU	No featured updates available.
2013-03-07	21:45:23:069	1228	e00	AU	AU received approval from Ux for 6 updates
2013-03-07	21:45:23:070	1228	e00	AU	AU setting pending client directive to 'Progress Ux'
2013-03-07	21:45:23:123	1228	e00	AU	BeginInteractiveInstall invoked for Download
2013-03-07	21:45:23:123	1228	e00	AU	Auto-approved 0 update(s) for download (for Ux)
2013-03-07	21:45:23:125	1228	e00	AU	UpdateDownloadProperties: 0 download(s) are still in progress.
2013-03-07	21:45:23:125	1228	e00	AU	#############
2013-03-07	21:45:23:125	1228	e00	AU	## START ## AU: Download updates
2013-03-07	21:45:23:125	1228	e00	AU	#########
2013-03-07	21:45:23:125	1228	e00	AU # Found no download approved updates.
2013-03-07	21:45:23:125	1228	e00	AU	#########
2013-03-07	21:45:23:125	1228	e00	AU	## END ## AU: Download updates
2013-03-07	21:45:23:125	1228	e00	AU	#############
2013-03-07	21:45:23:126	1228	e00	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:23:127	1228	e00	AU	BeginInteractiveInstall invoked for Install
2013-03-07	21:45:23:130	1228	e00	AU	Auto-approving update for install, updateId = {3A434D1C-BC51-4762-A37F-50ECACD9CEF4}.102, ForUx=1, IsOwnerUx=1, HasDeadline=0, IsMinor=0
2013-03-07	21:45:23:130	1228	e00	AU	Auto-approving update for install, updateId = {2E15FA43-F122-4FD5-9EB0-D46E430A7439}.111, ForUx=1, IsOwnerUx=1, HasDeadline=0, IsMinor=0
2013-03-07	21:45:23:130	1228	e00	AU	Auto-approving update for install, updateId = {7EB1975D-D046-486B-B6C3-328BDDFC6AF3}.200, ForUx=1, IsOwnerUx=1, HasDeadline=0, IsMinor=0
2013-03-07	21:45:23:130	1228	e00	AU	Auto-approving update for install, updateId = {58342C71-E20B-47F1-A04A-BC973A3B9F2E}.103, ForUx=1, IsOwnerUx=1, HasDeadline=0, IsMinor=0
2013-03-07	21:45:23:130	1228	e00	AU	Auto-approving update for install, updateId = {5BD72FC8-8BDB-458A-95B8-4372212FE3CE}.201, ForUx=1, IsOwnerUx=1, HasDeadline=0, IsMinor=0
2013-03-07	21:45:23:131	1228	e00	AU	Auto-approving update for install, updateId = {87E3E2FA-70E5-4B90-83EE-A16F41569A11}.111, ForUx=1, IsOwnerUx=1, HasDeadline=0, IsMinor=0
2013-03-07	21:45:23:131	1228	e00	AU	Auto-approved 6 update(s) for install (for Ux), installType=1
2013-03-07	21:45:23:131	1228	e00	AU	#############
2013-03-07	21:45:23:131	1228	e00	AU	## START ## AU: Install updates
2013-03-07	21:45:23:131	1228	e00	AU	#########
2013-03-07	21:45:23:134	1228	e00	AU # Initiating manual install
2013-03-07	21:45:23:134	1228	e00	AU # Approved updates = 6
2013-03-07	21:45:23:180	1228	e00	AU	<<## SUBMITTED ## AU: Install updates / installing updates [CallId = {E29BF4C5-5F48-42D9-A58E-446C3D8C65FB}]
2013-03-07	21:45:23:181	1228	d68	Agent	*************
2013-03-07	21:45:23:181	1228	d68	Agent	** START ** Agent: Installing updates [CallerId = AutomaticUpdates]
2013-03-07	21:45:23:181	1228	d68	Agent	*********
2013-03-07	21:45:23:181	1228	d68	Agent * Updates to install = 6
2013-03-07	21:45:23:498	1228	e00	AU	Getting featured update notifications. fIncludeDismissed = true
2013-03-07	21:45:23:498	1228	e00	AU	No featured updates available.
2013-03-07	21:45:23:923	1228	d68	Agent * Title = Security Update for Microsoft Office 2007 suites (KB2596615)
2013-03-07	21:45:23:923	1228	d68	Agent * UpdateId = {3A434D1C-BC51-4762-A37F-50ECACD9CEF4}.102
2013-03-07	21:45:23:923	1228	d68	Agent * Bundles 1 updates:
2013-03-07	21:45:23:923	1228	d68	Agent * {B37927ED-A1B4-4269-B132-A3D2CC63FB9A}.102
2013-03-07	21:45:23:923	1228	d68	Agent * Title = Security Update for Microsoft Office 2007 suites (KB2596785)
2013-03-07	21:45:23:923	1228	d68	Agent * UpdateId = {2E15FA43-F122-4FD5-9EB0-D46E430A7439}.111
2013-03-07	21:45:23:923	1228	d68	Agent * Bundles 1 updates:
2013-03-07	21:45:23:923	1228	d68	Agent * {FEF8DF4E-E48C-49B0-8970-C9722CC10D29}.111
2013-03-07	21:45:23:923	1228	d68	Agent * Title = Update for Microsoft Office 2007 suites (KB2596848)
2013-03-07	21:45:23:923	1228	d68	Agent * UpdateId = {7EB1975D-D046-486B-B6C3-328BDDFC6AF3}.200
2013-03-07	21:45:23:923	1228	d68	Agent * Bundles 1 updates:
2013-03-07	21:45:23:923	1228	d68	Agent * {A090C88E-5E6F-4BE0-A9D3-604DD20720F0}.200
2013-03-07	21:45:23:923	1228	d68	Agent * Title = Security Update for Microsoft Office 2007 suites (KB2596672)
2013-03-07	21:45:23:923	1228	d68	Agent * UpdateId = {58342C71-E20B-47F1-A04A-BC973A3B9F2E}.103
2013-03-07	21:45:23:924	1228	d68	Agent * Bundles 1 updates:
2013-03-07	21:45:23:924	1228	d68	Agent * {1A45A928-F39F-4118-9434-E8336A889535}.103
2013-03-07	21:45:23:924	1228	d68	Agent * Title = Security Update for Microsoft Office 2007 suites (KB2687499)
2013-03-07	21:45:23:924	1228	d68	Agent * UpdateId = {5BD72FC8-8BDB-458A-95B8-4372212FE3CE}.201
2013-03-07	21:45:23:924	1228	d68	Agent * Bundles 1 updates:
2013-03-07	21:45:23:924	1228	d68	Agent * {23F516A7-9724-4A1D-B181-DA197C4BD994}.201
2013-03-07	21:45:23:924	1228	d68	Agent * Title = Security Update for Microsoft Office PowerPoint 2007 (KB2596843)
2013-03-07	21:45:23:924	1228	d68	Agent * UpdateId = {87E3E2FA-70E5-4B90-83EE-A16F41569A11}.111
2013-03-07	21:45:23:924	1228	d68	Agent * Bundles 1 updates:
2013-03-07	21:45:23:924	1228	d68	Agent * {73837D4F-8B1D-45BB-AC0C-1AD28EB982C2}.111
2013-03-07	21:45:23:987	1228	e00	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:25:001	1228	e00	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:25:127	1228	e00	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:27:137	1228	e00	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:29:165	1228	cbc	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:31:178	1228	cbc	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:33:191	1228	cbc	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:35:202	1228	cbc	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:37:214	1228	e00	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:39:229	1228	cbc	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:41:239	1228	cbc	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:43:253	1228	898	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:45:266	1228	898	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:46:963	1228	d68	DnldMgr	WARNING: Preparing update for install, updateId = {B37927ED-A1B4-4269-B132-A3D2CC63FB9A}.102 (using payload from revision 101).
2013-03-07	21:45:47:015	2316	11c8	Misc	=========== Logging initialized (build: 7.6.7600.256, tz: -0000) ===========
2013-03-07	21:45:47:015	2316	11c8	Misc = Process: C:\Windows\system32\wuauclt.exe
2013-03-07	21:45:47:015	2316	11c8	Misc = Module: C:\Windows\system32\wuaueng.dll
2013-03-07	21:45:47:010	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:47:015	2316	11c8	Handler	:: START :: Handler: MSI Install
2013-03-07	21:45:47:035	2316	11c8	Handler	:::::::::
2013-03-07	21:45:47:035	2316	11c8	Handler : Updates to install = 1
2013-03-07	21:45:47:043	2316	11c8	Handler : WARNING: Operation failed at update 0, Exit code = 0x80242006
2013-03-07	21:45:47:043	2316	11c8	Handler	:::::::::
2013-03-07	21:45:47:043	2316	11c8	Handler	:: END :: Handler: MSI Install
2013-03-07	21:45:47:043	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:47:044	1228	598	AU	>>## RESUMED ## AU: Installing update [UpdateId = {3A434D1C-BC51-4762-A37F-50ECACD9CEF4}]
2013-03-07	21:45:47:044	1228	598	AU # WARNING: Install failed, error = 0x80242006 / 0x00000000
2013-03-07	21:45:47:276	1228	898	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:48:484	1228	d68	DnldMgr	WARNING: Preparing update for install, updateId = {FEF8DF4E-E48C-49B0-8970-C9722CC10D29}.111 (using payload from revision 106).
2013-03-07	21:45:48:488	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:488	2316	11c8	Handler	:: START :: Handler: MSI Install
2013-03-07	21:45:48:488	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:488	2316	11c8	Handler : Updates to install = 1
2013-03-07	21:45:48:498	2316	11c8	Handler : WARNING: Operation failed at update 0, Exit code = 0x80242006
2013-03-07	21:45:48:498	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:498	2316	11c8	Handler	:: END :: Handler: MSI Install
2013-03-07	21:45:48:498	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:499	1228	598	AU	>>## RESUMED ## AU: Installing update [UpdateId = {2E15FA43-F122-4FD5-9EB0-D46E430A7439}]
2013-03-07	21:45:48:499	1228	598	AU # WARNING: Install failed, error = 0x80242006 / 0x00000000
2013-03-07	21:45:48:534	1228	d68	DnldMgr	Preparing update for install, updateId = {A090C88E-5E6F-4BE0-A9D3-604DD20720F0}.200.
2013-03-07	21:45:48:584	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:584	2316	11c8	Handler	:: START :: Handler: MSI Install
2013-03-07	21:45:48:584	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:584	2316	11c8	Handler : Updates to install = 1
2013-03-07	21:45:48:596	2316	11c8	Handler : WARNING: Operation failed at update 0, Exit code = 0x80242006
2013-03-07	21:45:48:596	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:596	2316	11c8	Handler	:: END :: Handler: MSI Install
2013-03-07	21:45:48:596	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:596	1228	598	AU	>>## RESUMED ## AU: Installing update [UpdateId = {7EB1975D-D046-486B-B6C3-328BDDFC6AF3}]
2013-03-07	21:45:48:596	1228	598	AU # WARNING: Install failed, error = 0x80242006 / 0x00000000
2013-03-07	21:45:48:641	1228	d68	DnldMgr	WARNING: Preparing update for install, updateId = {1A45A928-F39F-4118-9434-E8336A889535}.103 (using payload from revision 102).
2013-03-07	21:45:48:678	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:679	2316	11c8	Handler	:: START :: Handler: MSI Install
2013-03-07	21:45:48:679	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:679	2316	11c8	Handler : Updates to install = 1
2013-03-07	21:45:48:689	2316	11c8	Handler : WARNING: Operation failed at update 0, Exit code = 0x80242006
2013-03-07	21:45:48:689	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:689	2316	11c8	Handler	:: END :: Handler: MSI Install
2013-03-07	21:45:48:689	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:691	1228	598	AU	>>## RESUMED ## AU: Installing update [UpdateId = {58342C71-E20B-47F1-A04A-BC973A3B9F2E}]
2013-03-07	21:45:48:691	1228	598	AU # WARNING: Install failed, error = 0x80242006 / 0x00000000
2013-03-07	21:45:48:746	1228	d68	DnldMgr	Preparing update for install, updateId = {23F516A7-9724-4A1D-B181-DA197C4BD994}.201.
2013-03-07	21:45:48:778	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:779	2316	11c8	Handler	:: START :: Handler: MSI Install
2013-03-07	21:45:48:779	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:779	2316	11c8	Handler : Updates to install = 1
2013-03-07	21:45:48:789	2316	11c8	Handler : WARNING: Operation failed at update 0, Exit code = 0x80242006
2013-03-07	21:45:48:789	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:789	2316	11c8	Handler	:: END :: Handler: MSI Install
2013-03-07	21:45:48:789	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:790	1228	598	AU	>>## RESUMED ## AU: Installing update [UpdateId = {5BD72FC8-8BDB-458A-95B8-4372212FE3CE}]
2013-03-07	21:45:48:791	1228	598	AU # WARNING: Install failed, error = 0x80242006 / 0x00000000
2013-03-07	21:45:48:824	1228	d68	DnldMgr	WARNING: Preparing update for install, updateId = {73837D4F-8B1D-45BB-AC0C-1AD28EB982C2}.111 (using payload from revision 106).
2013-03-07	21:45:48:827	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:827	2316	11c8	Handler	:: START :: Handler: MSI Install
2013-03-07	21:45:48:827	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:827	2316	11c8	Handler : Updates to install = 1
2013-03-07	21:45:48:837	2316	11c8	Handler : WARNING: Operation failed at update 0, Exit code = 0x80242006
2013-03-07	21:45:48:837	2316	11c8	Handler	:::::::::
2013-03-07	21:45:48:837	2316	11c8	Handler	:: END :: Handler: MSI Install
2013-03-07	21:45:48:837	2316	11c8	Handler	:::::::::::::
2013-03-07	21:45:48:838	1228	598	AU	>>## RESUMED ## AU: Installing update [UpdateId = {87E3E2FA-70E5-4B90-83EE-A16F41569A11}]
2013-03-07	21:45:48:838	1228	598	AU # WARNING: Install failed, error = 0x80242006 / 0x00000000
2013-03-07	21:45:48:859	1228	d68	Agent	*********
2013-03-07	21:45:48:859	1228	d68	Agent	** END ** Agent: Installing updates [CallerId = AutomaticUpdates]
2013-03-07	21:45:48:859	1228	d68	Agent	*************
2013-03-07	21:45:48:859	1228	598	AU	Install call completed.
2013-03-07	21:45:48:860	1228	598	AU # WARNING: Install call completed, reboot required = No, error = 0x00000000
2013-03-07	21:45:48:860	1228	598	AU	#########
2013-03-07	21:45:48:860	1228	598	AU	## END ## AU: Installing updates [CallId = {E29BF4C5-5F48-42D9-A58E-446C3D8C65FB}]
2013-03-07	21:45:48:860	1228	598	AU	#############
2013-03-07	21:45:48:862	1228	598	AU	Install complete for all calls, reboot NOT needed
2013-03-07	21:45:48:863	1228	598	AU	Setting AU scheduled install time to 2013-03-08 03:00:00
2013-03-07	21:45:49:290	1228	898	AU	All updates already downloaded, setting percent complete to 100
2013-03-07	21:45:49:410	1228	898	AU	No featured updates notifications to show
2013-03-07	21:45:49:411	1228	898	AU	UpdateDownloadProperties: 0 download(s) are still in progress.
2013-03-07	21:45:49:412	1228	898	AU	Triggering Offline detection (non-interactive)
2013-03-07	21:45:49:414	1228	898	AU	AU setting pending client directive to 'Install Complete Ux'
2013-03-07	21:45:49:415	1228	898	AU	Changing existing AU client directive from 'Progress Ux' to 'Install Complete Ux', session id = 0x1
2013-03-07	21:45:49:449	1228	1b4	AU	#############
2013-03-07	21:45:49:449	1228	1b4	AU	## START ## AU: Search for updates
2013-03-07	21:45:49:450	1228	1b4	AU	#########
2013-03-07	21:45:49:730	1228 1b4	AU	<<## SUBMITTED ## AU: Search for updates [CallId = {90E3DCA8-5BA0-4769-9455-C4145BCBC860}]
2013-03-07	21:45:49:731	1228	d4c	Agent	*************
2013-03-07	21:45:49:731	1228	d4c	Agent	** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-03-07	21:45:49:731	1228	d4c	Agent	*********
2013-03-07	21:45:49:731	1228	d4c	Agent * Online = No; Ignore download priority = No
2013-03-07	21:45:49:731	1228	d4c	Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-03-07	21:45:49:731	1228	d4c	Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-03-07	21:45:49:731	1228	d4c	Agent * Search Scope = {Machine}
2013-03-07	21:45:49:743	1228	898	AU	No featured updates notifications to show
2013-03-07	21:45:49:908	1228	1b4	AU	AU received handle event
2013-03-07	21:45:50:459	1228	898	AU	Getting featured update notifications. fIncludeDismissed = true
2013-03-07	21:45:50:459	1228	898	AU	No featured updates available.
2013-03-07	21:45:51:041	1228	898	AU	WARNING: Returning due to error from GetDownloadProgressUx, error = 0x8024000C
2013-03-07	21:45:51:042	1228	898	AU	WARNING: GetInteractiveInstallProgress failed, error = 0x8024000C


----------



## Mark1956 (May 7, 2011)

We usually hope to be on the cusp of a breakthrough, but predicting when that will actually happen is another matter. The same problem on another PC might get solved quickly then on another machine we find more hurdles to jump over to solve the same issue, all part of the fun.

That log is confusing to say the least, it starts off showing 6 updates ready to install and scheduled for installation tomorrow at 3AM in the morning, then later it shows they tried to install and all of them failed.

I think we need to run a tool called OTL, it produces a log like DDS but ten times bigger, it may reveal something not yet found, it could also give the opportunity to find the full location of AddLyrics so we can remove it.


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.


----------



## Tartansprite (Feb 22, 2013)

There we are then. Some more bedtime reading!!! Many thanks for battling on on my behalf! Do the paid experts have access to a larger database of specific tools to eliminate the baddies? It is interesting to observe the chase on this one!

OTL logfile created on: 08/03/2013 06:15:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\millymatt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.76% Memory free
4.22 Gb Paging File | 2.70 Gb Available in Paging File | 63.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 96.69 Gb Free Space | 43.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.00 Gb Free Space | 60.03% Space Free | Partition Type: NTFS

Computer Name: MILLYMATT-PC | User Name: millymatt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\millymatt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsu****a Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp ()
MOD - C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll ()
MOD - C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()

========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AFGSp50) -- C:\Windows\System32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6080702
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1738940B-35C2-4305-88EA-C074222DF068}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=AC47666001CA7F1D00B5DC9B&install_time=17-12-2009:13:34&src_id=11262&camp_id=735&tb_version=2.5.7000.477
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\millymatt\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:41:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:41:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:41:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AddLyrics\FF\

[2013/02/21 16:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\millymatt\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Kaspersky URL Advisor = C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Anti-Banner = C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

Hosts file not found
O2 - BHO: (AddLyrics) - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Program Files\AddLyrics\AddLyrics.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
O4 - HKCU..\Run: [NSeries.PCSync] C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe /NoDialog File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\millymatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BE2A03A-D429-4EBA-AD07-186B52FAA70D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\millymatt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\millymatt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9ff66670-1c98-11e2-9ec4-001ec97468f6}\Shell - "" = AutoRun
O33 - MountPoints2\{9ff66670-1c98-11e2-9ec4-001ec97468f6}\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/08 06:13:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\millymatt\Desktop\OTL.exe
[2013/03/04 17:00:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/03/04 16:58:00 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\millymatt\Desktop\OTM.exe
[2013/03/04 16:53:25 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\millymatt\Desktop\TFC.exe
[2013/03/04 09:58:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/03/04 09:58:25 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/03/04 09:58:25 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/03/04 09:58:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/03/04 09:58:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/03/04 09:58:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/03/04 04:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2013/03/04 04:15:10 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2013/03/04 04:15:10 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/03/04 04:15:09 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2013/03/04 04:12:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2013/03/04 04:12:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2013/03/04 04:12:57 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2013/03/04 04:12:55 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2013/03/04 04:12:55 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2013/03/04 04:12:55 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013/03/04 04:12:55 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2013/03/04 04:12:55 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2013/03/04 04:12:55 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2013/03/04 04:12:55 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2013/03/04 04:12:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2013/03/04 04:12:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2013/03/04 03:47:19 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/03/04 03:47:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/04 03:47:18 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/03/04 03:47:18 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/03/04 03:47:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/03/04 03:47:18 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/03/04 03:47:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/04 03:47:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/03/04 03:47:17 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/03/04 03:47:17 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/03/04 03:47:17 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/03/04 03:47:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/03/04 03:47:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/04 03:47:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/04 03:47:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/03/04 03:47:16 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/03/04 03:47:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/04 03:47:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/03/04 03:47:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/03/04 03:47:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/03/04 03:47:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/03/04 03:47:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/03/04 03:47:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/03/04 03:47:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/03/04 03:47:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/04 03:47:15 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/04 03:47:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/03/04 03:47:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/03/04 03:47:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/04 03:47:15 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/03/04 03:47:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/03/04 03:47:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/03/04 03:47:15 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/03/04 03:47:14 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/03/04 03:47:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/03/04 03:47:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/03/04 03:47:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/03/04 03:45:31 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2013/03/04 03:45:31 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2013/03/04 03:45:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2013/03/04 03:45:30 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013/03/04 03:45:30 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2013/03/04 03:45:30 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2013/03/04 03:45:30 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013/03/04 03:45:27 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/03/04 03:45:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2013/03/04 03:45:26 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/03/04 03:45:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/03/04 03:45:26 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/03/04 03:45:25 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2013/03/04 03:45:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/03/04 03:45:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2013/03/04 03:45:24 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2013/03/04 03:45:24 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2013/03/04 03:44:05 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/03/04 03:44:05 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2013/03/04 03:44:05 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2013/03/04 03:44:04 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/03/04 03:44:04 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013/03/04 03:44:04 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/03/04 03:16:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/03/04 03:16:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013/03/04 03:15:59 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/03/04 03:15:57 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/03/04 03:15:55 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/03/04 03:15:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/03/04 03:09:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/04 03:02:46 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/03/04 03:02:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/03/03 16:05:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013/03/03 16:05:42 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013/03/03 16:05:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2013/03/03 16:05:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2013/03/03 16:05:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2013/03/03 16:02:46 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/03/03 16:02:40 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013/03/03 16:02:35 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/03/03 16:02:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/03/03 16:02:01 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/03/03 16:01:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/03/03 16:01:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2013/03/03 15:59:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/03/03 15:59:53 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/03/03 15:59:11 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/03/03 15:58:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/03/03 15:58:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/03/03 15:58:28 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/03/03 15:58:14 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2013/03/03 15:58:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2013/03/03 15:57:05 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/03/03 15:57:04 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/03/03 15:55:40 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013/03/03 15:32:41 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2013/03/03 10:34:00 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013/03/03 10:34:00 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013/03/03 10:33:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013/03/03 10:33:20 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013/03/03 10:33:20 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013/03/03 10:33:11 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013/03/03 10:33:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/03/03 02:43:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013/03/03 02:43:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013/03/03 02:43:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013/03/03 02:35:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013/03/03 02:09:03 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2013/03/03 02:08:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2013/03/03 02:07:27 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2013/03/03 02:07:26 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2013/03/03 02:07:26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2013/03/03 02:07:25 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2013/03/03 02:07:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2013/03/03 02:07:24 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2013/03/03 02:07:23 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013/03/03 02:07:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2013/03/03 02:07:20 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2013/03/03 02:07:20 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2013/03/03 02:07:19 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2013/03/03 02:07:19 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2013/03/03 02:07:19 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2013/03/03 02:07:19 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2013/03/03 02:07:19 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2013/03/03 02:07:19 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2013/03/03 02:07:19 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/03/03 02:07:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2013/03/03 02:07:19 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2013/03/03 02:07:19 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2013/03/03 02:07:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2013/03/03 02:07:17 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2013/03/03 02:07:17 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2013/03/03 02:07:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2013/03/03 02:07:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2013/03/03 02:07:16 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2013/03/03 02:07:15 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2013/03/03 02:07:14 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2013/03/03 02:07:14 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2013/03/03 02:07:14 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2013/03/03 02:07:13 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2013/03/03 02:07:13 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2013/03/03 02:07:13 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2013/03/03 02:07:12 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2013/03/03 02:07:12 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2013/03/03 02:07:11 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2013/03/03 02:07:11 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2013/03/03 02:07:10 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2013/03/03 02:07:10 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2013/03/03 02:07:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2013/03/03 02:07:10 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2013/03/03 02:07:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2013/03/03 02:07:09 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2013/03/03 02:07:09 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/03/03 02:07:09 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2013/03/03 02:07:09 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2013/03/03 02:07:09 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2013/03/03 02:07:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2013/03/03 02:07:08 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013/03/03 02:07:08 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2013/03/03 02:07:08 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013/03/03 02:07:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2013/03/03 02:07:07 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2013/03/03 02:07:07 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/03/03 02:07:05 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2013/03/03 02:07:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013/03/03 02:07:04 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2013/03/03 02:06:57 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2013/03/03 02:06:49 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2013/03/03 02:06:49 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2013/03/03 02:06:44 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2013/03/03 02:06:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2013/03/03 02:06:43 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2013/03/03 02:06:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2013/03/03 02:06:42 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2013/03/03 02:06:42 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2013/03/03 02:06:42 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2013/03/03 02:06:42 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2013/03/03 02:06:42 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2013/03/03 02:06:41 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/03/03 02:06:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2013/03/03 02:06:40 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2013/03/03 02:06:40 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2013/03/03 02:06:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013/03/03 02:06:40 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2013/03/03 02:06:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2013/03/03 02:06:39 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2013/03/03 02:06:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2013/03/03 02:06:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2013/03/03 02:06:38 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2013/03/03 02:06:38 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2013/03/03 02:06:38 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2013/03/03 02:06:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2013/03/03 02:06:38 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2013/03/03 02:06:38 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2013/03/03 02:06:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2013/03/03 02:06:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2013/03/03 02:06:38 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2013/03/03 02:06:37 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2013/03/03 02:06:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2013/03/03 02:06:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2013/03/03 02:06:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2013/03/03 02:06:36 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2013/03/03 02:06:36 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2013/03/03 02:06:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2013/03/03 02:06:35 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2013/03/03 02:06:35 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2013/03/03 02:06:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2013/03/03 02:06:35 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2013/03/03 02:06:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/03/03 02:06:34 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013/03/03 02:06:34 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2013/03/03 02:06:33 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2013/03/03 02:06:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2013/03/03 02:06:33 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2013/03/03 02:06:33 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2013/03/03 02:06:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2013/03/03 02:06:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2013/03/03 02:06:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2013/03/03 02:06:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2013/03/03 02:06:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2013/03/03 02:06:33 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2013/03/03 02:06:32 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2013/03/03 02:06:31 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2013/03/03 02:06:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2013/03/03 02:06:31 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2013/03/03 02:06:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2013/03/03 02:06:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2013/03/03 02:06:30 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/03/03 02:06:30 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/03/03 02:06:29 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/03/03 02:06:29 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2013/03/03 02:06:29 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2013/03/03 02:06:29 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2013/03/03 02:06:29 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2013/03/03 02:06:29 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/03/03 02:06:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2013/03/03 02:06:29 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2013/03/03 02:06:28 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2013/03/03 02:06:28 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2013/03/03 02:06:27 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2013/03/03 02:06:26 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2013/03/03 02:06:26 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2013/03/03 02:06:26 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2013/03/03 02:06:25 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2013/03/03 02:06:25 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2013/03/03 02:06:25 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2013/03/03 02:06:24 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2013/03/03 02:06:22 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2013/03/03 02:06:21 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2013/03/03 02:06:20 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2013/03/03 02:06:19 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2013/03/03 02:06:19 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2013/03/03 02:06:19 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2013/03/03 02:06:18 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013/03/03 02:06:17 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2013/03/03 02:06:16 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2013/03/03 02:06:16 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2013/03/03 02:06:15 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2013/03/03 02:06:15 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2013/03/03 02:06:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2013/03/03 02:06:15 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2013/03/03 02:06:15 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013/03/03 02:06:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2013/03/03 02:06:14 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2013/03/03 02:06:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/03/03 02:06:14 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2013/03/03 02:06:13 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2013/03/03 02:06:13 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2013/03/03 02:06:13 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2013/03/03 02:06:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2013/03/03 02:06:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2013/03/03 02:06:12 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2013/03/03 02:06:12 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2013/03/03 02:06:12 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2013/03/03 02:06:12 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2013/03/03 02:06:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2013/03/03 02:06:12 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2013/03/03 02:06:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2013/03/03 02:06:11 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/03/03 02:06:11 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2013/03/03 02:06:11 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2013/03/03 02:06:11 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2013/03/03 02:06:10 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2013/03/03 02:06:10 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2013/03/03 02:06:10 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2013/03/03 02:06:10 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2013/03/03 02:06:08 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013/03/03 02:06:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2013/03/03 02:06:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2013/03/03 02:06:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2013/03/03 02:06:04 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2013/03/03 02:06:04 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2013/03/03 02:06:03 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2013/03/03 02:06:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2013/03/03 02:06:02 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013/03/03 02:06:02 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013/03/03 02:06:01 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2013/03/03 02:06:01 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2013/03/03 02:06:01 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2013/03/03 02:06:01 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013/03/03 02:05:58 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2013/03/03 02:05:58 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2013/03/03 02:05:57 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2013/03/03 02:05:57 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2013/03/03 02:05:55 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2013/03/03 02:05:55 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2013/03/03 02:05:55 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2013/03/03 02:05:55 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2013/03/03 02:05:55 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2013/03/03 02:05:55 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2013/03/03 02:05:55 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013/03/03 02:05:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2013/03/03 02:05:55 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013/03/03 02:05:54 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2013/03/03 02:05:54 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2013/03/03 02:05:54 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2013/03/03 02:05:54 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2013/03/03 02:05:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2013/03/03 02:05:53 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2013/03/03 02:05:53 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2013/03/03 02:05:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2013/03/03 02:05:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2013/03/03 02:05:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2013/03/03 02:05:52 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2013/03/03 02:05:52 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2013/03/03 02:05:52 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2013/03/03 02:05:51 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013/03/03 02:05:51 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013/03/03 02:05:51 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2013/03/03 02:05:51 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013/03/03 02:05:51 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2013/03/03 02:05:51 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013/03/03 02:05:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2013/03/03 02:05:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013/03/03 02:05:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2013/03/03 02:05:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2013/03/03 02:05:50 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2013/03/03 02:05:50 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013/03/03 02:05:50 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013/03/03 02:05:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2013/03/03 02:05:49 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2013/03/03 02:05:48 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2013/03/03 02:05:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2013/03/03 02:05:47 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2013/03/03 02:05:46 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2013/03/03 02:05:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2013/03/03 02:05:45 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2013/03/03 02:05:45 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2013/03/03 02:05:45 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013/03/03 02:05:45 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2013/03/03 02:05:45 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2013/03/03 02:05:45 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2013/03/03 02:05:45 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2013/03/03 02:05:45 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2013/03/03 02:05:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2013/03/03 02:05:45 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2013/03/03 02:05:45 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013/03/03 02:05:44 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2013/03/03 02:05:44 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2013/03/03 02:05:44 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2013/03/03 02:05:41 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2013/03/03 02:05:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013/03/03 02:05:40 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2013/03/03 02:05:40 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2013/03/03 02:05:40 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2013/03/03 02:05:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2013/03/03 02:05:40 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2013/03/03 02:05:40 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2013/03/03 02:05:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2013/03/03 02:05:39 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2013/03/03 02:05:39 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2013/03/03 02:05:39 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013/03/03 02:05:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2013/03/03 02:05:39 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2013/03/03 02:05:39 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2013/03/03 02:05:39 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2013/03/03 02:05:38 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013/03/03 02:05:38 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013/03/03 02:05:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2013/03/03 02:05:37 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2013/03/03 02:05:37 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2013/03/03 02:05:36 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2013/03/03 02:05:36 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2013/03/03 02:05:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2013/03/03 02:05:34 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2013/03/03 02:05:28 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2013/03/03 02:05:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2013/03/03 02:05:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2013/03/03 02:05:24 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2013/03/03 02:05:21 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2013/03/03 02:05:21 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2013/03/03 02:05:17 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2013/03/03 02:05:16 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2013/03/03 02:05:16 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2013/03/03 02:05:15 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2013/03/03 02:05:14 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/03/03 02:05:13 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2013/03/03 02:05:12 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2013/03/03 02:05:08 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2013/03/03 02:05:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2013/03/03 02:05:07 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2013/03/03 02:05:07 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2013/03/03 02:04:57 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2013/03/03 02:04:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2013/03/03 02:04:57 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2013/03/03 02:04:49 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2013/03/03 02:04:49 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2013/03/03 02:04:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2013/03/03 02:04:48 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2013/03/03 02:04:46 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2013/03/03 02:04:45 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2013/03/03 02:04:43 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2013/03/03 02:04:43 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2013/03/03 02:04:34 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2013/03/03 02:04:34 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2013/03/03 02:04:33 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2013/03/03 02:04:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2013/03/03 02:04:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2013/03/03 02:04:30 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2013/03/03 02:04:30 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2013/03/03 02:04:30 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2013/03/03 02:04:30 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2013/03/03 02:04:30 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2013/03/03 02:04:29 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2013/03/03 02:04:29 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013/03/03 02:04:29 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2013/03/03 02:04:29 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2013/03/03 02:04:28 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013/03/03 02:04:27 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2013/03/03 02:04:27 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2013/03/03 02:04:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2013/03/03 02:04:27 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2013/03/03 02:04:26 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2013/03/03 02:04:26 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013/03/03 02:04:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013/03/03 02:04:24 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2013/03/03 02:04:24 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2013/03/03 02:04:23 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2013/03/03 02:04:23 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/03/03 02:04:22 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2013/03/03 02:04:22 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2013/03/03 02:04:22 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2013/03/03 02:04:22 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2013/03/03 02:04:22 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2013/03/03 02:04:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2013/03/03 02:04:21 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2013/03/03 02:04:21 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2013/03/03 02:04:21 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2013/03/03 02:04:21 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2013/03/03 02:04:21 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2013/03/03 02:04:21 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2013/03/03 02:04:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2013/03/03 02:04:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013/03/03 02:04:20 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2013/03/03 02:04:20 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2013/03/03 02:04:20 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2013/03/03 02:04:20 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2013/03/03 02:04:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2013/03/03 02:04:20 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2013/03/03 02:04:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2013/03/03 02:04:19 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2013/03/03 02:04:19 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2013/03/03 02:04:19 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2013/03/03 02:04:18 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2013/03/03 02:04:18 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2013/03/03 02:04:18 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2013/03/03 02:04:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/03 02:04:17 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2013/03/03 02:04:17 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2013/03/03 02:04:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2013/03/03 02:04:14 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013/03/03 02:04:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2013/03/03 02:04:13 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2013/03/03 02:04:13 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2013/03/03 02:04:13 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2013/03/02 13:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/03/02 13:03:33 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/03/02 13:03:33 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/02 13:02:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/02 13:02:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/02 13:02:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/28 22:09:28 | 000,000,000 | ---D | C] -- C:\Users\millymatt\Desktop\RK_Quarantine
[2013/02/27 08:45:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013/02/22 03:38:03 | 000,000,000 | ---D | C] -- C:\Users\millymatt\AppData\Roaming\Malwarebytes
[2013/02/22 03:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/22 02:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/02/22 02:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/02/22 00:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/02/22 00:04:18 | 000,000,000 | ---D | C] -- C:\Users\millymatt\AppData\Roaming\LavasoftStatistics
[2013/02/21 23:59:43 | 000,000,000 | ---D | C] -- C:\Users\millymatt\AppData\Roaming\SecureSearch
[2013/02/21 23:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/02/21 23:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/21 23:57:12 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/02/21 23:57:12 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/21 23:57:11 | 000,000,000 | ---D | C] -- C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus
[2013/02/21 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/02/21 22:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/02/21 18:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/21 18:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/02/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/02/21 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/02/21 16:06:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013/02/21 16:06:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013/02/21 16:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/03/08 06:14:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\millymatt\Desktop\OTL.exe
[2013/03/08 06:10:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/08 06:07:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 06:07:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 06:07:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/08 03:07:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/06 19:28:16 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/06 19:28:16 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/06 19:21:46 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 19:20:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/03/06 19:18:14 | 000,597,667 | ---- | M] () -- C:\Users\millymatt\Desktop\adwcleaner (5).exe
[2013/03/06 08:00:17 | 000,000,096 | ---- | M] () -- C:\Users\millymatt\Desktop\1.htm
[2013/03/06 07:48:49 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/04 16:58:00 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\millymatt\Desktop\OTM.exe
[2013/03/04 16:53:27 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\millymatt\Desktop\TFC.exe
[2013/03/04 08:33:36 | 000,139,264 | ---- | M] () -- C:\Users\millymatt\Desktop\SystemLook.exe
[2013/03/04 07:49:44 | 000,000,945 | ---- | M] () -- C:\Users\millymatt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/04 04:56:39 | 000,302,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/04 04:52:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013/03/04 04:51:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013/03/04 03:47:33 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2013/03/04 03:47:33 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2013/03/04 03:47:19 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/03/04 03:47:18 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/04 03:47:18 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/03/04 03:47:18 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/03/04 03:47:18 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/03/04 03:47:18 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/03/04 03:47:18 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/04 03:47:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/03/04 03:47:17 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/03/04 03:47:17 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/03/04 03:47:17 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/03/04 03:47:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/03/04 03:47:16 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/04 03:47:16 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/04 03:47:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/03/04 03:47:16 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/03/04 03:47:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/04 03:47:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/03/04 03:47:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/03/04 03:47:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/03/04 03:47:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/03/04 03:47:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/03/04 03:47:16 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/03/04 03:47:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/03/04 03:47:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/03/04 03:47:15 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/04 03:47:15 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/04 03:47:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/03/04 03:47:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/03/04 03:47:15 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/04 03:47:15 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/03/04 03:47:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/03/04 03:47:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/03/04 03:47:15 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/03/04 03:47:14 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/03/04 03:47:14 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/03/04 03:47:14 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/03/04 03:47:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/03/04 03:45:31 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2013/03/04 03:45:31 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2013/03/04 03:45:31 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2013/03/04 03:45:30 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013/03/04 03:45:30 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2013/03/04 03:45:30 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2013/03/04 03:45:30 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013/03/04 03:45:27 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/03/04 03:45:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2013/03/04 03:45:26 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/03/04 03:45:26 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/03/04 03:45:26 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/03/04 03:45:25 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2013/03/04 03:45:25 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/03/04 03:45:25 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2013/03/04 03:45:24 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2013/03/04 03:45:24 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2013/03/04 03:44:05 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/03/04 03:44:05 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2013/03/04 03:44:05 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2013/03/04 03:44:05 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2013/03/04 03:44:04 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/03/04 03:44:04 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013/03/04 03:44:04 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/03/03 18:40:25 | 000,017,166 | ---- | M] () -- C:\Users\millymatt\AppData\Roaming\wklnhst.dat
[2013/03/02 13:33:24 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/03/02 13:02:18 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/02 13:02:17 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/03/02 13:02:17 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/02 13:02:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/02 13:02:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/02 13:02:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/01 21:36:44 | 000,881,950 | ---- | M] () -- C:\Users\millymatt\Desktop\SecurityCheck.exe
[2013/02/28 20:14:22 | 000,011,050 | ---- | M] () -- C:\Users\millymatt\Desktop\roguekiller.php
[2013/02/27 22:00:40 | 215,235,146 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/22 11:49:38 | 000,013,589 | ---- | M] () -- C:\Users\millymatt\Documents\hijackthis scan result
[2013/02/22 02:55:18 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/22 00:25:19 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2013/02/21 23:57:12 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/02/21 23:57:12 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/02/21 22:31:06 | 000,001,081 | ---- | M] () -- C:\Users\millymatt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/02/21 22:31:06 | 000,001,057 | ---- | M] () -- C:\Users\millymatt\Desktop\Spybot - Search & Destroy.lnk
[2013/02/20 15:34:54 | 000,014,336 | ---- | M] () -- C:\Users\millymatt\Documents\Gift Aid Template.xlr
[2013/02/20 11:43:40 | 000,012,288 | ---- | M] () -- C:\Users\millymatt\Documents\letter.wps
[2013/02/08 11:08:28 | 000,010,752 | ---- | M] () -- C:\Users\millymatt\Documents\le.wps

========== Files Created - No Company Name ==========

[2013/03/06 19:18:00 | 000,597,667 | ---- | C] () -- C:\Users\millymatt\Desktop\adwcleaner (5).exe
[2013/03/06 08:00:14 | 000,000,096 | ---- | C] () -- C:\Users\millymatt\Desktop\1.htm
[2013/03/04 08:33:33 | 000,139,264 | ---- | C] () -- C:\Users\millymatt\Desktop\SystemLook.exe
[2013/03/04 07:49:44 | 000,000,945 | ---- | C] () -- C:\Users\millymatt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/04 04:52:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013/03/04 04:51:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013/03/04 03:47:16 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/04 03:16:34 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/04 03:16:34 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/03/03 02:07:13 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2013/03/03 02:07:09 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2013/03/03 02:07:09 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2013/03/03 02:06:44 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2013/03/03 02:06:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/03/03 02:06:38 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2013/03/03 02:05:25 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/03/03 02:04:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/03/03 02:04:22 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2013/03/03 02:04:21 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2013/03/03 02:04:17 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013/03/02 13:33:24 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/03/02 13:33:24 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/03/01 21:36:34 | 000,881,950 | ---- | C] () -- C:\Users\millymatt\Desktop\SecurityCheck.exe
[2013/02/28 20:14:21 | 000,011,050 | ---- | C] () -- C:\Users\millymatt\Desktop\roguekiller.php
[2013/02/27 21:38:41 | 215,235,146 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/22 11:49:37 | 000,013,589 | ---- | C] () -- C:\Users\millymatt\Documents\hijackthis scan result
[2013/02/22 02:55:18 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/22 01:47:37 | 2136,133,632 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/22 00:25:19 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2013/02/21 22:31:06 | 000,001,081 | ---- | C] () -- C:\Users\millymatt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/02/21 22:31:06 | 000,001,057 | ---- | C] () -- C:\Users\millymatt\Desktop\Spybot - Search & Destroy.lnk
[2013/02/20 11:43:39 | 000,012,288 | ---- | C] () -- C:\Users\millymatt\Documents\letter.wps
[2013/02/08 11:08:28 | 000,010,752 | ---- | C] () -- C:\Users\millymatt\Documents\le.wps
[2012/12/19 14:21:41 | 004,238,974 | ---- | C] () -- C:\Users\millymatt\Hillsong Kids - Open the eyes of my heart.mp3
[2012/12/19 14:19:24 | 003,688,103 | ---- | C] () -- C:\Users\millymatt\Hillsong Kids - One Way.mp3
[2012/12/19 14:12:55 | 002,052,629 | ---- | C] () -- C:\Users\millymatt\My God Is So Big - Faithkids.mp3
[2012/05/29 21:36:26 | 355,801,418 | ---- | C] () -- C:\Users\millymatt\Jessica Pictures.zip
[2012/03/28 08:35:23 | 000,024,206 | ---- | C] () -- C:\Users\millymatt\AppData\Roaming\UserTile.png
[2011/07/10 19:35:42 | 000,017,408 | ---- | C] () -- C:\Users\millymatt\AppData\Local\WebpageIcons.db
[2011/07/10 19:33:17 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/10 19:33:16 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/03/11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/02/10 19:58:24 | 000,131,974 | ---- | C] () -- C:\Users\millymatt\Optimized-P1020311.JPG
[2011/02/10 19:55:44 | 000,167,112 | ---- | C] () -- C:\Users\millymatt\Optimized-P1020308.JPG
[2011/01/04 21:51:16 | 000,001,940 | ---- | C] () -- C:\Users\millymatt\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/05 00:50:11 | 000,842,752 | ---- | C] () -- C:\Users\millymatt\principles of care of individuals with kidney disease
[2010/10/31 20:44:17 | 024,548,316 | ---- | C] () -- C:\Users\millymatt\40th party.zip
[2010/10/31 20:39:51 | 041,429,392 | ---- | C] () -- C:\Users\millymatt\attachments_31_10_2010 Matt's 40th.zip
[2010/10/31 20:35:28 | 018,301,761 | ---- | C] () -- C:\Users\millymatt\attachments_31_10_2010 3 Matthew's 40th party.zip
[2010/10/31 20:32:14 | 025,939,020 | ---- | C] () -- C:\Users\millymatt\attachments_31_10_2010 2.zip
[2010/10/29 22:48:35 | 001,323,071 | ---- | C] () -- C:\Users\millymatt\Jessica Dedication - 06.jpeg
[2010/10/25 15:10:10 | 005,075,409 | ---- | C] () -- C:\Users\millymatt\P1010885.JPG
[2010/10/25 15:09:37 | 004,965,190 | ---- | C] () -- C:\Users\millymatt\P1020021.JPG
[2010/10/25 15:09:16 | 003,322,610 | ---- | C] () -- C:\Users\millymatt\P1020028.JPG
[2010/10/24 22:20:49 | 004,065,303 | ---- | C] () -- C:\Users\millymatt\milly 071.JPG
[2010/10/24 22:20:02 | 002,921,865 | ---- | C] () -- C:\Users\millymatt\117 Jessica.JPG
[2010/09/26 16:43:13 | 000,132,628 | ---- | C] () -- C:\Users\millymatt\Optimized-P1020127.JPG
[2009/11/07 23:58:57 | 000,017,166 | ---- | C] () -- C:\Users\millymatt\AppData\Roaming\wklnhst.dat
[2009/06/20 22:45:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/03 19:12:49 | 001,610,354 | ---- | C] () -- C:\Users\millymatt\P1000883.MOV
[2009/05/03 19:12:44 | 031,316,482 | ---- | C] () -- C:\Users\millymatt\P1000882.MOV
[2009/05/03 19:12:36 | 052,012,062 | ---- | C] () -- C:\Users\millymatt\P1000962.MOV
[2009/05/03 19:12:27 | 060,858,770 | ---- | C] () -- C:\Users\millymatt\P1000881.MOV
[2009/05/03 19:11:17 | 455,594,214 | ---- | C] () -- C:\Users\millymatt\P1000870.MOV
[2009/05/03 19:10:18 | 386,124,806 | ---- | C] () -- C:\Users\millymatt\P1000930.MOV
[2009/05/03 18:25:11 | 004,320,927 | ---- | C] () -- C:\Users\millymatt\P1000865(1).JPG
[2009/05/03 18:25:11 | 004,057,911 | ---- | C] () -- C:\Users\millymatt\P1000874(1).JPG
[2009/05/03 18:25:11 | 004,034,316 | ---- | C] () -- C:\Users\millymatt\P1000928(1).JPG
[2009/05/03 18:25:10 | 004,285,713 | ---- | C] () -- C:\Users\millymatt\P1000829.JPG
[2009/05/03 18:25:09 | 004,598,749 | ---- | C] () -- C:\Users\millymatt\P1000847.JPG
[2009/05/03 18:25:08 | 004,320,927 | ---- | C] () -- C:\Users\millymatt\P1000865.JPG
[2009/05/03 18:25:06 | 004,437,756 | ---- | C] () -- C:\Users\millymatt\P1000846(1).JPG
[2009/05/03 18:25:06 | 004,355,579 | ---- | C] () -- C:\Users\millymatt\P1000837(1).JPG
[2009/05/03 18:25:06 | 004,303,260 | ---- | C] () -- C:\Users\millymatt\P1000873(1).JPG
[2009/05/03 18:25:06 | 000,085,119 | ---- | C] () -- C:\Users\millymatt\P1000882(1).JPG
[2009/05/03 18:25:05 | 004,619,799 | ---- | C] () -- C:\Users\millymatt\P1000945(1).JPG
[2009/05/03 18:25:05 | 004,098,318 | ---- | C] () -- C:\Users\millymatt\P1000828.JPG
[2009/05/03 18:25:05 | 003,733,974 | ---- | C] () -- C:\Users\millymatt\P1000936(1).JPG
[2009/05/03 18:25:02 | 004,293,971 | ---- | C] () -- C:\Users\millymatt\P1000864.JPG
[2009/05/03 18:25:01 | 004,104,890 | ---- | C] () -- C:\Users\millymatt\P1000891.JPG
[2009/05/03 18:25:01 | 000,085,119 | ---- | C] () -- C:\Users\millymatt\P1000882.JPG
[2009/05/03 18:25:00 | 004,170,956 | ---- | C] () -- C:\Users\millymatt\P1000927.JPG
[2009/05/03 18:24:58 | 004,619,799 | ---- | C] () -- C:\Users\millymatt\P1000945.JPG
[2009/05/03 18:24:58 | 004,517,296 | ---- | C] () -- C:\Users\millymatt\P1000836(1).JPG
[2009/05/03 18:24:58 | 004,337,638 | ---- | C] () -- C:\Users\millymatt\P1000845(1).JPG
[2009/05/03 18:24:55 | 004,327,882 | ---- | C] () -- C:\Users\millymatt\P1000863.JPG
[2009/05/03 18:24:54 | 004,399,752 | ---- | C] () -- C:\Users\millymatt\P1000872.JPG
[2009/05/03 18:24:54 | 000,083,243 | ---- | C] () -- C:\Users\millymatt\P1000881.JPG
[2009/05/03 18:24:53 | 004,395,480 | ---- | C] () -- C:\Users\millymatt\P1000944.JPG
[2009/05/03 18:24:53 | 004,364,172 | ---- | C] () -- C:\Users\millymatt\P1000935.JPG
[2009/05/03 18:24:52 | 004,351,111 | ---- | C] () -- C:\Users\millymatt\P1000862(1).JPG
[2009/05/03 18:24:52 | 004,213,843 | ---- | C] () -- C:\Users\millymatt\P1000826(1).JPG
[2009/05/03 18:24:52 | 003,347,603 | ---- | C] () -- C:\Users\millymatt\P1000844(1).JPG
[2009/05/03 18:24:50 | 004,249,428 | ---- | C] () -- C:\Users\millymatt\P1000835.JPG
[2009/05/03 18:24:48 | 004,366,926 | ---- | C] () -- C:\Users\millymatt\P1000871.JPG
[2009/05/03 18:24:47 | 004,172,605 | ---- | C] () -- C:\Users\millymatt\P1000934.JPG
[2009/05/03 18:24:47 | 004,169,871 | ---- | C] () -- C:\Users\millymatt\P1000880.JPG
[2009/05/03 18:24:46 | 004,336,350 | ---- | C] () -- C:\Users\millymatt\P1000943.JPG
[2009/05/03 18:24:44 | 004,368,349 | ---- | C] () -- C:\Users\millymatt\P1000825.JPG
[2009/05/03 18:24:44 | 004,318,923 | ---- | C] () -- C:\Users\millymatt\P1000861.JPG
[2009/05/03 18:24:44 | 000,137,208 | ---- | C] () -- C:\Users\millymatt\P1000870.JPG
[2009/05/03 18:24:42 | 004,412,288 | ---- | C] () -- C:\Users\millymatt\P1000933.JPG
[2009/05/03 18:24:41 | 004,602,584 | ---- | C] () -- C:\Users\millymatt\P1000942.JPG
[2009/05/03 18:24:41 | 004,181,183 | ---- | C] () -- C:\Users\millymatt\P1000914(1).JPG
[2009/05/03 18:24:40 | 004,087,226 | ---- | C] () -- C:\Users\millymatt\P1000833.JPG
[2009/05/03 18:24:39 | 004,328,067 | ---- | C] () -- C:\Users\millymatt\P1000905.JPG
[2009/05/03 18:24:38 | 004,163,683 | ---- | C] () -- C:\Users\millymatt\P1000923.JPG
[2009/05/03 18:24:37 | 004,165,144 | ---- | C] () -- C:\Users\millymatt\P1000904(1).JPG
[2009/05/03 18:24:37 | 004,147,338 | ---- | C] () -- C:\Users\millymatt\P1000941.JPG
[2009/05/03 18:24:36 | 003,724,691 | ---- | C] () -- C:\Users\millymatt\P1000841.JPG
[2009/05/03 18:24:34 | 004,392,818 | ---- | C] () -- C:\Users\millymatt\P1000840(1).JPG
[2009/05/03 18:24:34 | 004,146,715 | ---- | C] () -- C:\Users\millymatt\P1000931.JPG
[2009/05/03 18:24:34 | 003,949,339 | ---- | C] () -- C:\Users\millymatt\P1000913.JPG
[2009/05/03 18:24:33 | 004,365,458 | ---- | C] () -- C:\Users\millymatt\P1000921(1).JPG
[2009/05/03 18:24:33 | 004,044,228 | ---- | C] () -- C:\Users\millymatt\P1000831.JPG
[2009/05/03 18:24:32 | 004,392,818 | ---- | C] () -- C:\Users\millymatt\P1000840.JPG
[2009/05/03 18:24:31 | 004,367,871 | ---- | C] () -- C:\Users\millymatt\P1000903.JPG
[2009/05/03 18:24:29 | 004,385,915 | ---- | C] () -- C:\Users\millymatt\P1000902.JPG
[2009/05/03 18:24:29 | 003,775,535 | ---- | C] () -- C:\Users\millymatt\P1000830.JPG
[2009/05/03 18:24:28 | 004,182,988 | ---- | C] () -- C:\Users\millymatt\P1000900(1).JPG
[2009/05/03 18:24:27 | 004,075,388 | ---- | C] () -- C:\Users\millymatt\P1000889(1).JPG
[2009/05/03 18:24:25 | 004,187,392 | ---- | C] () -- C:\Users\millymatt\P1000879.JPG
[2009/05/03 18:24:24 | 004,297,682 | ---- | C] () -- C:\Users\millymatt\P1000888.JPG
[2009/05/03 18:24:22 | 004,220,522 | ---- | C] () -- C:\Users\millymatt\P1000868(1).JPG
[2009/05/03 18:24:22 | 004,153,844 | ---- | C] () -- C:\Users\millymatt\P1000878.JPG
[2009/05/03 18:24:21 | 003,940,922 | ---- | C] () -- C:\Users\millymatt\P1000877.JPG
[2009/05/03 18:24:20 | 004,565,216 | ---- | C] () -- C:\Users\millymatt\P1000895.JPG
[2009/05/03 18:24:20 | 004,156,640 | ---- | C] () -- C:\Users\millymatt\P1000885(1).JPG
[2009/05/03 18:24:19 | 004,551,686 | ---- | C] () -- C:\Users\millymatt\P1000939(1).JPG
[2009/05/03 18:24:19 | 004,210,363 | ---- | C] () -- C:\Users\millymatt\P1000867.JPG
[2009/05/03 18:24:18 | 004,005,178 | ---- | C] () -- C:\Users\millymatt\P1000876.JPG
[2009/05/03 18:24:15 | 004,503,517 | ---- | C] () -- C:\Users\millymatt\P1000839(1).JPG
[2009/05/03 18:24:15 | 004,259,472 | ---- | C] () -- C:\Users\millymatt\P1000875(1).JPG
[2009/05/03 18:24:15 | 004,227,576 | ---- | C] () -- C:\Users\millymatt\P1000866(1).JPG
[2009/05/03 18:24:05 | 004,403,404 | ---- | C] () -- C:\Users\millymatt\P1000929(1).JPG
[2009/05/03 18:23:49 | 004,394,320 | ---- | C] () -- C:\Users\millymatt\P1000884.JPG
[2009/05/03 18:23:48 | 004,310,123 | ---- | C] () -- C:\Users\millymatt\P1000893.JPG
[2008/07/28 19:27:05 | 000,029,184 | ---- | C] () -- C:\Users\millymatt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/22 01:24:56 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus
[2011/01/27 21:29:33 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\Canon
[2012/05/08 15:37:43 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\com.sheetmusicplus.DigitalAirPrint
[2011/01/23 17:57:08 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\Easeware
[2008/08/14 12:14:53 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\Nokia
[2008/10/18 19:15:50 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\Nokia Multimedia Player
[2008/08/14 12:37:52 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\NSeries
[2009/02/10 22:14:58 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\OpenOffice.org
[2009/01/17 14:36:41 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\Panasonic
[2008/08/14 12:13:42 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\PC Suite
[2008/11/12 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\ScanSoft
[2013/02/21 23:59:43 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\SecureSearch
[2009/11/08 00:05:00 | 000,000,000 | ---D | M] -- C:\Users\millymatt\AppData\Roaming\Template

========== Purity Check ==========

< End of report >


----------



## Mark1956 (May 7, 2011)

There is another log that I need to see, Extras.txt, it will be saved in the same location as OTL.

I can see a few items in the log relating to Ad-Aware and AddLyrics so we will remove them once I review the other log.

I'd like you to uninstall Spybot S&D as it can interfere with some of the tools we use and is no longer a recommended Anti Spyware program. You will need to go into Task Manager and disable Teatimer.exe under the running processes then uninstall in the normal way. You can replace it with this: SuperAntiSpyware The free version does not have an active component and is just used to run regular scans which is adequate to keep Cookies and Adware under control, the paid for version does have an active component.


----------



## Tartansprite (Feb 22, 2013)

Le voila! I believe I did all I was told to do in your last post and...

OTL Extras logfile created on: 08/03/2013 06:15:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\millymatt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.76% Memory free
4.22 Gb Paging File | 2.70 Gb Available in Paging File | 63.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 96.69 Gb Free Space | 43.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.00 Gb Free Space | 60.03% Space Free | Partition Type: NTFS

Computer Name: MILLYMATT-PC | User Name: millymatt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12562126-9348-46E9-93BF-EA5182B581ED}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{2900B03C-7C6F-4092-963F-B9D08965A9CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A6A48E6-84AF-44AD-90BC-47F68D280AD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2E88610A-7FF6-4936-9F31-EDC29CB33E39}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{4F6DE4F1-0834-46FB-8600-10E752555C08}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{57EEEED7-B33F-4A18-953B-81714BA75860}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{68BA678E-52AF-4839-A68B-311DB209DBD6}" = protocol=17 | dir=in | app=c:\users\millymatt\appdata\local\temp\7zs44ce.tmp\symnrt.exe | 
"{74BC8311-8981-4735-8173-B97A100F0570}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{78267EBD-D713-43A8-BE29-61887EB4A589}" = protocol=6 | dir=in | app=c:\users\millymatt\appdata\local\temp\7zs44ce.tmp\symnrt.exe | 
"{AB9138A3-F1DB-4796-907C-9629085444CA}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{C51703E2-8A48-4EAA-95BB-8A9BBFF94570}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{D1BF60D1-A88D-4C13-BA3D-568D5D93E464}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{F10995B4-46B7-4689-A12F-A456BEE1227C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{64E02896-EE22-42D2-ACFE-9C91C6913B4D}C:\users\millymatt\appdata\local\temp\lmied1e.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\millymatt\appdata\local\temp\lmied1e.tmp\lmi_rescue.exe | 
"TCP Query User{A7835A9C-58C0-487A-88E8-B2B8BB5F356C}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{3231F838-2927-44D5-8510-642B023F1800}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{8117CC31-2D69-483F-8F7B-D8FF4452A5B6}C:\users\millymatt\appdata\local\temp\lmied1e.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\millymatt\appdata\local\temp\lmied1e.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{26E7440E-FDA1-52B9-BABD-AAAC6D65D97B}" = Sheet Music Plus Digital Print
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{B1696BD8-9DFD-4F66-92AA-7C2865BE4D7E}" = Drug Calculations for Health Professionals
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier
"{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}" = Nokia NSeries Multimedia Player
"{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Boots F2CD Picture Suite" = Boots F2CD Picture Suite
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.sheetmusicplus.DigitalAirPrint" = Sheet Music Plus Digital Print
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Forte Free" = Forte Free 2.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"VLC media player" = VLC media player 1.0.1
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/03/2013 23:42:58 | Computer Name = millymatt-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 03/03/2013 23:44:57 | Computer Name = millymatt-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 04/03/2013 00:57:19 | Computer Name = millymatt-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/03/2013 03:57:41 | Computer Name = millymatt-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/03/2013 04:02:30 | Computer Name = millymatt-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/03/2013 12:09:46 | Computer Name = millymatt-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/03/2013 13:34:11 | Computer Name = millymatt-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/03/2013 17:32:21 | Computer Name = millymatt-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/03/2013 04:05:03 | Computer Name = millymatt-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/03/2013 15:21:58 | Computer Name = millymatt-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 07/03/2013 17:48:00 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 17:48:00 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 17:48:00 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 17:48:00 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 23:02:44 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 23:02:44 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 23:02:44 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 23:02:44 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 23:02:44 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 07/03/2013 23:02:44 | Computer Name = millymatt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >


----------



## Mark1956 (May 7, 2011)

Do the paid experts have access to a larger database of specific tools to eliminate the baddies?

None of us here get paid, we get trained to use a variety of tools which not many people would know about, but they are all freely available, the only stuff kept hidden is how to use some of them.

I have reviewed the logs and this is the fix for you to run, let me know how things are once it is complete and you have posted the log produced. I have included all the Spybot files just in case they have been left behind from the uninstall.

OTL - System Scan/Fix
Important! Close all applications and windows so that you have nothing open and are at your Desktop


Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
Under the *Standard Registry* box change it to *All*.
Check/tick the boxes beside *LOP Check* and *Purity Check.*


```
:commands
[createrestorepoint]
[EMPTYTEMP]

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] net: C:\Program Files\AddLyrics\FF\
O2 - BHO: (AddLyrics) - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Program Files\AddLyrics\AddLyrics.dll
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
[2013/02/21 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/02/21 22:31:06 | 000,001,081 | ---- | M] () -- C:\Users\millymatt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
[2013/02/21 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/02/21 22:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/02/21 18:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/21 18:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/02/22 00:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/02/21 23:57:11 | 000,000,000 | ---D | C] -- C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus
[2013/02/22 00:04:18 | 000,000,000 | ---D | C] -- C:\Users\millymatt\AppData\Roaming\LavasoftStatistics
[2013/02/21 23:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

:Services
SRV - (SBSDWSCService) -- C:\Program Files\Spybot
```

Copy & Paste the script in the box above into the *Custom Scan/Fixes* box.
Click the *Run Fix* button. If prompted... click *OK.*
When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Please post the contents of report in your next reply.


----------



## Tartansprite (Feb 22, 2013)

Sorry v busy++. Will do tomorrow


----------



## Mark1956 (May 7, 2011)

No problem, whenever you are ready.


----------



## Tartansprite (Feb 22, 2013)

Still no joy with the updates unfortunately.

Here's the log of above process:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: millymatt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47180551 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 270880153 bytes
->Flash cache emptied: 1210 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86319 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 233708 bytes

Total Files Cleaned = 304.00 mb

========== OTL ==========
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] net not found.
File C:\Program Files\AddLyrics\FF not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4145006D-47F8-42F2-8186-2225AAFECDD3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4145006D-47F8-42F2-8186-2225AAFECDD3}\ deleted successfully.
File C:\Program Files\AddLyrics\AddLyrics.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
File C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\ not found.
File C:\Users\millymatt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk not found.
No active process named TeaTimer.exe was found!
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\ not found.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\Spybot - Search & Destroy 2 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130222T013114.364629PID924 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130222T012646.476314PID528 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130222T000529.368719PID5844 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus folder moved successfully.
C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus\Logs\20130222T013516.076519PID960 folder moved successfully.
C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus\Logs\20130222T012752.337514PID1380 folder moved successfully.
C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus\Logs\20130222T012727.049914PID1404 folder moved successfully.
C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus\Logs\20130222T000557.524719PID2216 folder moved successfully.
C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus\Logs\20130221T235711.010719PID4696 folder moved successfully.
C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\millymatt\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
C:\Users\millymatt\AppData\Roaming\LavasoftStatistics\adaware folder moved successfully.
C:\Users\millymatt\AppData\Roaming\LavasoftStatistics folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
========== SERVICES/DRIVERS ==========
Error: No service named SRV - (SBSDWSCService) -- C:\Program Files\Spybot was found to stop!
Service\Driver key SRV - (SBSDWSCService) -- C:\Program Files\Spybot not found.

OTL by OldTimer - Version 3.2.69.0 log created on 03122013_174720

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## Mark1956 (May 7, 2011)

That removed a lot of remnants, lets see what this scan will find as at the moment the update problem is still a mystery.

*STEP 1*
*NOTE:* If you have already used Combofix please delete the icon from your desktop.


Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.

*STEP 2*
Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## Tartansprite (Feb 22, 2013)

Hi Mark, been v busy but at last found a slot to get the log required which is as follows. I chanced it without backing up Vista and worked out ok! Phew! Windows still won't update though .

ComboFix 13-03-17.01 - millymatt 18/03/2013 21:06:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2036.1130 [GMT 0:00]
Running from: c:\users\millymatt\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 )))))))))))))))))))))))))))))))
.
.
2013-03-18 21:16 . 2013-03-18 21:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-16 10:42 . 2013-03-16 10:42	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{53674384-BC55-4D1A-999A-8DE78141C90A}\offreg.dll
2013-03-15 08:25 . 2013-02-19 03:58	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{53674384-BC55-4D1A-999A-8DE78141C90A}\mpengine.dll
2013-03-12 17:47 . 2013-03-12 17:47	--------	d-----w-	C:\_OTL
2013-03-08 21:14 . 2013-03-08 21:14	--------	d-----w-	c:\users\millymatt\AppData\Roaming\SUPERAntiSpyware.com
2013-03-08 21:13 . 2013-03-08 21:14	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-03-08 21:13 . 2013-03-08 21:13	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-03-04 17:00 . 2013-03-04 17:00	--------	d-----w-	C:\_OTM
2013-03-04 16:05 . 2013-01-08 22:01	768000	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-04 09:58 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2013-03-04 09:58 . 2012-03-01 14:46	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-04 09:58 . 2012-03-01 14:46	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2013-03-04 09:58 . 2012-02-29 14:08	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-04 09:58 . 2012-02-29 13:44	683008	----a-w-	c:\windows\system32\d2d1.dll
2013-03-04 09:58 . 2012-02-29 13:41	1069056	----a-w-	c:\windows\system32\DWrite.dll
2013-03-04 04:52 . 2013-03-04 04:52	--------	d-----w-	c:\program files\Windows Portable Devices
2013-03-04 04:15 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2013-03-04 04:15 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2013-03-04 04:15 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2013-03-04 04:00 . 2012-02-29 15:11	5120	----a-w-	c:\windows\system32\wmi.dll
2013-03-04 04:00 . 2012-02-29 15:09	157696	----a-w-	c:\windows\system32\imagehlp.dll
2013-03-04 04:00 . 2012-02-29 13:32	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-03-04 03:45 . 2013-03-04 03:45	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2013-03-04 03:44 . 2013-03-04 03:44	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-04 03:44 . 2013-03-04 03:44	252928	----a-w-	c:\windows\system32\dxdiag.exe
2013-03-04 03:44 . 2013-03-04 03:44	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2013-03-04 03:44 . 2013-03-04 03:44	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-03-04 03:44 . 2013-03-04 03:44	519680	----a-w-	c:\windows\system32\d3d11.dll
2013-03-04 03:44 . 2013-03-04 03:44	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2013-03-04 03:44 . 2013-03-04 03:44	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-03-04 03:16 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-03-04 03:16 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-03-04 03:16 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-03-04 03:16 . 2009-07-14 12:12	16896	----a-w-	c:\windows\system32\winusb.dll
2013-03-04 03:15 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-03-04 03:15 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-03-04 03:15 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-03-04 03:15 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-03-04 03:15 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2013-03-04 03:15 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2013-03-04 03:15 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-03-04 03:02 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-03-04 03:02 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2013-03-03 16:05 . 2011-07-29 16:01	293376	----a-w-	c:\windows\system32\psisdecd.dll
2013-03-03 16:05 . 2011-07-29 16:01	217088	----a-w-	c:\windows\system32\psisrndr.ax
2013-03-03 16:05 . 2011-07-29 16:00	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2013-03-03 16:05 . 2011-07-29 16:00	57856	----a-w-	c:\windows\system32\MSDvbNP.ax
2013-03-03 16:05 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2013-03-03 16:05 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2013-03-03 16:05 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
2013-03-03 16:04 . 2011-04-21 13:55	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2013-03-03 16:04 . 2009-06-17 13:23	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2013-03-03 16:04 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2013-03-03 16:02 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2013-03-03 16:02 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2013-03-03 16:02 . 2012-11-02 10:18	376320	----a-w-	c:\windows\system32\dpnet.dll
2013-03-03 16:02 . 2012-11-02 08:26	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2013-03-03 16:02 . 2012-03-20 23:28	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2013-03-03 16:02 . 2012-08-21 11:47	224640	----a-w-	c:\windows\system32\drivers\volsnap.sys
2013-03-03 16:02 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-03-03 16:01 . 2011-08-13 04:43	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2013-03-03 16:01 . 2012-02-01 15:11	1218048	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-03-03 16:01 . 2012-02-01 15:10	1404928	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-03-03 16:01 . 2012-02-01 15:10	983040	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-03-03 16:01 . 2012-02-01 15:10	964608	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-03-03 16:01 . 2012-02-01 15:10	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-03-03 16:01 . 2012-02-01 13:58	47104	----a-w-	c:\program files\Windows Journal\PDIALOG.exe
2013-03-03 16:01 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2013-03-03 16:01 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-03 16:01 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2013-03-03 15:59 . 2012-11-20 04:22	204288	----a-w-	c:\windows\system32\ncrypt.dll
2013-03-03 15:59 . 2011-11-25 15:59 376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-03 15:59 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2013-03-03 15:59 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2013-03-03 15:59 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2013-03-03 15:59 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2013-03-03 15:59 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2013-03-03 15:59 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-03-03 15:59 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2013-03-03 15:58 . 2012-11-13 01:29	2048	----a-w-	c:\windows\system32\tzres.dll
2013-03-03 15:58 . 2012-11-02 10:19	1400832	----a-w-	c:\windows\system32\msxml6.dll
2013-03-03 15:58 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-03 15:58 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2013-03-03 15:58 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-03-03 15:58 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2013-03-03 15:58 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2013-03-03 15:58 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2013-03-03 15:58 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2013-03-03 15:58 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2013-03-03 15:58 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2013-03-03 15:57 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2013-03-03 15:57 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-03 15:57 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-03 15:56 . 2012-05-01 14:03	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2013-03-03 15:56 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2013-03-03 15:55 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2013-03-03 15:55 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2013-03-03 15:55 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2013-03-03 15:55 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2013-03-03 15:55 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2013-03-03 15:55 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2013-03-03 15:32 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2013-03-03 10:34 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2013-03-03 10:34 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2013-03-03 10:34 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2013-03-03 10:34 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2013-03-03 10:33 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2013-03-03 10:33 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2013-03-03 10:33 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2013-03-03 10:33 . 2012-06-02 15:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2013-03-03 10:33 . 2012-06-02 15:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2013-03-03 02:43 . 2013-03-03 02:43	--------	d-----w-	c:\windows\system32\ca-ES
2013-03-03 02:43 . 2013-03-03 02:43	--------	d-----w-	c:\windows\system32\eu-ES
2013-03-03 02:43 . 2013-03-03 02:43	--------	d-----w-	c:\windows\system32\vi-VN
2013-03-03 02:35 . 2013-03-03 02:35	--------	d-----w-	c:\windows\system32\SPReview
2013-03-03 02:09 . 2009-04-10 23:28	928768	----a-w-	c:\windows\system32\scavenge.dll
2013-03-03 02:08 . 2009-04-10 23:27 57856	----a-w-	c:\windows\system32\compcln.exe
2013-03-03 02:06 . 2009-04-10 23:28	941056	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
2013-03-03 02:05 . 2009-04-10 23:28	805376	----a-w-	c:\windows\system32\NaturalLanguage6.dll
2013-03-03 02:04 . 2009-04-10 23:33	292840	----a-w-	c:\windows\system32\drivers\volmgrx.sys
2013-03-02 13:04 . 2013-03-02 13:04	--------	d-----w-	c:\program files\Common Files\Java
2013-03-02 13:03 . 2013-03-02 13:02	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-02 13:02 . 2013-03-02 13:02	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-27 08:45 . 2013-02-27 08:45	--------	d-----w-	c:\windows\system32\EventProviders
2013-02-22 03:38 . 2013-02-22 03:38	--------	d-----w-	c:\users\millymatt\AppData\Roaming\Malwarebytes
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-04 03:44 . 2013-03-04 03:44	4096	----a-w-	c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2013-03-02 13:02 . 2010-08-24 11:57	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-17 01:28 . 2010-01-08 16:14	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-10 15:48 . 2013-01-10 15:48	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-10 15:48 . 2011-12-13 22:36	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-02 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-29 206448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\millymatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-1-17 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 08:02	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 16:08]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 16:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
HKCU-Run-NSeries.PCSync - c:\program files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-18 21:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
.
c:\users\MILLYM~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-18 21:19:16
ComboFix-quarantined-files.txt 2013-03-18 21:19
.
Pre-Run: 102,961,774,592 bytes free
Post-Run: 102,735,245,312 bytes free
.
- - End Of File - - 4C1D7F8C7C6023839DFAA18170B48BF3


----------



## Mark1956 (May 7, 2011)

The scan has come up clean except for a hidden file detected by the built in GMER scanner. It may be nothing but we should run another scan for Rootkits.

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option *DO NOT select delete* as you may remove files needed for the system to operate.

Please download Kaspersky's *TDSSKiller* and *save it to your Desktop. <-Important!*
_-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again._

_Be sure to print out and follow the instructions for performing a scan_.


Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
Alternatively, you can download TDSSKiller.exe and use that instead.
Double-click on *TDSSKiller.exe* to run the tool for known TDSS variants.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
If an update is available, TDSSKiller will prompt you to update and download the most current version. Click *Load Update*. Close TDSSKiller and start again.


When the program opens, click the *Change parameters.*










Under "Additional options", check the boxes next to *Verify file digital signatures* and *Detect TDLFS file system*, then click *OK*.










Click the *Start Scan* button.










Do not use the computer during the scan
If the scan completes with nothing found, click *Close* to exit.
If '*Suspicious objects*' are detected, the default action will be *Skip*. Leave the default set to Skip and click on *Continue*.
If *Malicious objects* are detected, they will show in the Scan results - *Select action for found objects:* and offer three options.










Ensure *Cure* is selected...then click *Continue* -> *Reboot computer* *for cure completion.*










*Important! ->* If *Cure* *is not available*, please choose *Skip* instead. *Do not choose Delete unless instructed.* If you choose *Delete* you may *remove critical system files* and make your PC *unstable* or possibly *unbootable*.

A log file named *TDSSKiller_version_date_time_log.txt* will be created and saved to the root directory (usually Local Disk C: ).
Copy and paste the contents of that file in your next reply.

_-- If TDSSKiller does not run, try renaming it. To do this, right-click on *TDSSKiller.exe*, select *Rename* and give it a random name with the *.com* file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else *before* beginning the download and saving to the computer or to perform the scan in "safe mode"._


----------



## Tartansprite (Feb 22, 2013)

Log as follows - nothing malicious.

23:53:58.0783 4104 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:53:59.0033 4104 ============================================================
23:53:59.0033 4104 Current date / time: 2013/03/18 23:53:59.0033
23:53:59.0033 4104 SystemInfo:
23:53:59.0033 4104 
23:53:59.0033 4104 OS Version: 6.0.6002 ServicePack: 2.0
23:53:59.0033 4104 Product type: Workstation
23:53:59.0033 4104 ComputerName: MILLYMATT-PC
23:53:59.0033 4104 UserName: millymatt
23:53:59.0033 4104 Windows directory: C:\Windows
23:53:59.0033 4104 System windows directory: C:\Windows
23:53:59.0033 4104 Processor architecture: Intel x86
23:53:59.0033 4104 Number of processors: 2
23:53:59.0033 4104 Page size: 0x1000
23:53:59.0033 4104 Boot type: Normal boot
23:53:59.0033 4104 ============================================================
23:54:00.0608 4104 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:54:00.0755 4104 ============================================================
23:54:00.0755 4104 \Device\Harddisk0\DR0:
23:54:00.0755 4104 MBR partitions:
23:54:00.0756 4104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
23:54:00.0756 4104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x1BD89000
23:54:00.0756 4104 ============================================================
23:54:00.0791 4104 C: <-> \Device\Harddisk0\DR0\Partition2
23:54:00.0817 4104 D: <-> \Device\Harddisk0\DR0\Partition1
23:54:00.0817 4104 ============================================================
23:54:00.0817 4104 Initialize success
23:54:00.0817 4104 ============================================================
23:55:26.0198 3620 ============================================================
23:55:26.0198 3620 Scan started
23:55:26.0198 3620 Mode: Manual; SigCheck; TDLFS; 
23:55:26.0198 3620 ============================================================
23:55:27.0070 3620 ================ Scan system memory ========================
23:55:27.0071 3620 System memory - ok
23:55:27.0071 3620 ================ Scan services =============================
23:55:27.0151 3620 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:55:27.0340 3620 !SASCORE - ok
23:55:27.0428 3620 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:55:27.0455 3620 ACDaemon - ok
23:55:27.0563 3620 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:55:27.0604 3620 ACPI - ok
23:55:27.0675 3620 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:55:27.0694 3620 AdobeARMservice - ok
23:55:27.0742 3620 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:55:27.0811 3620 adp94xx - ok
23:55:27.0882 3620 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:55:27.0909 3620 adpahci - ok
23:55:27.0927 3620 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:55:27.0952 3620 adpu160m - ok
23:55:27.0970 3620 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:55:27.0993 3620 adpu320 - ok
23:55:28.0030 3620 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:55:28.0289 3620 AeLookupSvc - ok
23:55:28.0311 3620 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys
23:55:28.0347 3620 Afc ( UnsignedFile.Multi.Generic ) - warning
23:55:28.0347 3620 Afc - detected UnsignedFile.Multi.Generic (1)
23:55:28.0389 3620 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:55:28.0477 3620 AFD - ok
23:55:28.0542 3620 [ 66AF9991F7EAF6E95F088B4E4BC1E5AC ] AffinegyService C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
23:55:28.0573 3620 AffinegyService ( UnsignedFile.Multi.Generic ) - warning
23:55:28.0573 3620 AffinegyService - detected UnsignedFile.Multi.Generic (1)
23:55:28.0579 3620 AFGMp50 - ok
23:55:28.0609 3620 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\Windows\system32\Drivers\AFGSp50.sys
23:55:28.0628 3620 AFGSp50 - ok
23:55:28.0669 3620 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:55:28.0690 3620 agp440 - ok
23:55:28.0748 3620 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:55:28.0776 3620 aic78xx - ok
23:55:28.0818 3620 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:55:28.0937 3620 ALG - ok
23:55:28.0963 3620 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:55:28.0990 3620 aliide - ok
23:55:29.0030 3620 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:55:29.0059 3620 amdagp - ok
23:55:29.0075 3620 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:55:29.0103 3620 amdide - ok
23:55:29.0127 3620 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:55:29.0184 3620 AmdK7 - ok
23:55:29.0218 3620 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:55:29.0267 3620 AmdK8 - ok
23:55:29.0295 3620 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:55:29.0359 3620 Appinfo - ok
23:55:29.0418 3620 [ 2BDA4A9480B550FCCA6D29C22CA54C0D ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23:55:29.0443 3620 Apple Mobile Device - ok
23:55:29.0493 3620 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:55:29.0511 3620 arc - ok
23:55:29.0556 3620 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:55:29.0578 3620 arcsas - ok
23:55:29.0627 3620 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:55:29.0685 3620 AsyncMac - ok
23:55:29.0713 3620 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:55:29.0734 3620 atapi - ok
23:55:29.0781 3620 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:55:29.0848 3620 AudioEndpointBuilder - ok
23:55:29.0873 3620 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:55:29.0906 3620 Audiosrv - ok
23:55:30.0005 3620 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
23:55:30.0023 3620 AVP - ok
23:55:30.0097 3620 [ E3D7BC2DD538C9029E3849B129062AA2 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:55:30.0174 3620 BCM43XX - ok
23:55:30.0240 3620 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:55:30.0284 3620 Beep - ok
23:55:30.0346 3620 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:55:30.0387 3620 BFE - ok
23:55:30.0463 3620 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
23:55:30.0564 3620 BITS - ok
23:55:30.0598 3620 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:55:30.0661 3620 blbdrive - ok
23:55:30.0699 3620 [ CFD4C3352E29A8B729536648466E8DF5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:55:30.0732 3620 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
23:55:30.0732 3620 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
23:55:30.0773 3620 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:55:30.0829 3620 bowser - ok
23:55:30.0875 3620 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:55:30.0916 3620 BrFiltLo - ok
23:55:30.0926 3620 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:55:31.0003 3620 BrFiltUp - ok
23:55:31.0042 3620 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:55:31.0116 3620 Browser - ok
23:55:31.0164 3620 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:55:31.0383 3620 Brserid - ok
23:55:31.0399 3620 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:55:31.0500 3620 BrSerWdm - ok
23:55:31.0528 3620 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:55:31.0593 3620 BrUsbMdm - ok
23:55:31.0613 3620 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:55:31.0675 3620 BrUsbSer - ok
23:55:31.0734 3620 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
23:55:31.0788 3620 BthEnum - ok
23:55:31.0828 3620 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:55:31.0855 3620 BTHMODEM - ok
23:55:31.0910 3620 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:55:31.0965 3620 BthPan - ok
23:55:32.0023 3620 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
23:55:32.0134 3620 BTHPORT - ok
23:55:32.0165 3620 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
23:55:32.0247 3620 BthServ - ok
23:55:32.0303 3620 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
23:55:32.0375 3620 BTHUSB - ok
23:55:32.0439 3620 catchme - ok
23:55:32.0464 3620 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:55:32.0526 3620 cdfs - ok
23:55:32.0560 3620 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:55:32.0609 3620 cdrom - ok
23:55:32.0646 3620 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:55:32.0709 3620 CertPropSvc - ok
23:55:32.0740 3620 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
23:55:32.0812 3620 circlass - ok
23:55:32.0842 3620 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:55:32.0881 3620 CLFS - ok
23:55:32.0939 3620 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:33.0023 3620 clr_optimization_v2.0.50727_32 - ok
23:55:33.0058 3620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:33.0086 3620 clr_optimization_v4.0.30319_32 - ok
23:55:33.0122 3620 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:55:33.0148 3620 cmdide - ok
23:55:33.0162 3620 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:55:33.0189 3620 Compbatt - ok
23:55:33.0198 3620 COMSysApp - ok
23:55:33.0228 3620 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:55:33.0257 3620 crcdisk - ok
23:55:33.0284 3620 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:55:33.0355 3620 Crusoe - ok
23:55:33.0397 3620 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:55:33.0453 3620 CryptSvc - ok
23:55:33.0498 3620 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:55:33.0578 3620 DcomLaunch - ok
23:55:33.0611 3620 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:55:33.0679 3620 DfsC - ok
23:55:33.0770 3620 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:55:33.0917 3620 DFSR - ok
23:55:33.0963 3620 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:55:34.0009 3620 Dhcp - ok
23:55:34.0041 3620 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:55:34.0071 3620 disk - ok
23:55:34.0113 3620 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:55:34.0178 3620 Dnscache - ok
23:55:34.0213 3620 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:55:34.0271 3620 dot3svc - ok
23:55:34.0306 3620 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:55:34.0375 3620 DPS - ok
23:55:34.0400 3620 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:55:34.0456 3620 drmkaud - ok
23:55:34.0525 3620 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:55:34.0582 3620 DXGKrnl - ok
23:55:34.0626 3620 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
23:55:34.0673 3620 e1express - ok
23:55:34.0720 3620 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:55:34.0794 3620 E1G60 - ok
23:55:34.0815 3620 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:55:34.0862 3620 EapHost - ok
23:55:34.0909 3620 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:55:34.0942 3620 Ecache - ok
23:55:34.0987 3620 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:55:35.0071 3620 ehRecvr - ok
23:55:35.0109 3620 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:55:35.0174 3620 ehSched - ok
23:55:35.0198 3620 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:55:35.0236 3620 ehstart - ok
23:55:35.0282 3620 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:55:35.0323 3620 elxstor - ok
23:55:35.0374 3620 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:55:35.0464 3620 EMDMgmt - ok
23:55:35.0522 3620 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:55:35.0590 3620 ErrDev - ok
23:55:35.0629 3620 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:55:35.0714 3620 EventSystem - ok
23:55:35.0757 3620 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:55:35.0825 3620 exfat - ok
23:55:35.0857 3620 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:55:35.0938 3620 fastfat - ok
23:55:35.0961 3620 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:55:36.0019 3620 fdc - ok
23:55:36.0042 3620 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:55:36.0091 3620 fdPHost - ok
23:55:36.0099 3620 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:55:36.0190 3620 FDResPub - ok
23:55:36.0207 3620 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:55:36.0236 3620 FileInfo - ok
23:55:36.0260 3620 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:55:36.0317 3620 Filetrace - ok
23:55:36.0363 3620 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:55:36.0417 3620 flpydisk - ok
23:55:36.0460 3620 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:55:36.0525 3620 FltMgr - ok
23:55:36.0604 3620 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:55:36.0737 3620 FontCache - ok
23:55:36.0787 3620 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:55:36.0813 3620 FontCache3.0.0.0 - ok
23:55:36.0867 3620 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:55:36.0935 3620 Fs_Rec - ok
23:55:36.0970 3620 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:55:37.0000 3620 gagp30kx - ok
23:55:37.0050 3620 [ 5DC17164F66380CBFEFD895C18467773 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:55:37.0073 3620 GEARAspiWDM - ok
23:55:37.0117 3620 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\Windows\system32\drivers\gfibto.sys
23:55:37.0140 3620 gfibto - ok
23:55:37.0206 3620 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:55:37.0247 3620 GoogleDesktopManager-051210-111108 - ok
23:55:37.0308 3620 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:55:37.0382 3620 gpsvc - ok
23:55:37.0433 3620 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9f1c17e3d4712 C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:37.0456 3620 gupdate1c9f1c17e3d4712 - ok
23:55:37.0483 3620 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:37.0506 3620 gupdatem - ok
23:55:37.0556 3620 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:55:37.0584 3620 gusvc - ok
23:55:37.0623 3620 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:55:37.0757 3620 HDAudBus - ok
23:55:37.0791 3620 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:55:37.0849 3620 HidBth - ok
23:55:37.0901 3620 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:55:37.0992 3620 HidIr - ok
23:55:38.0032 3620 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
23:55:38.0071 3620 hidserv - ok
23:55:38.0102 3620 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:55:38.0145 3620 HidUsb - ok
23:55:38.0168 3620 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:55:38.0236 3620 hkmsvc - ok
23:55:38.0262 3620 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:55:38.0292 3620 HpCISSs - ok
23:55:38.0336 3620 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:55:38.0419 3620 HTTP - ok
23:55:38.0450 3620 [ C6B032D69650985468160FC9937CF5B4 ] i2omp  C:\Windows\system32\drivers\i2omp.sys
23:55:38.0479 3620 i2omp - ok
23:55:38.0519 3620 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:55:38.0584 3620 i8042prt - ok
23:55:38.0609 3620 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
23:55:38.0644 3620 iaStor - ok
23:55:38.0671 3620 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:55:38.0705 3620 iaStorV - ok
23:55:38.0784 3620 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:55:38.0834 3620 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:55:38.0834 3620 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:55:38.0902 3620 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:55:38.0985 3620 idsvc - ok
23:55:39.0056 3620 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:55:39.0300 3620 igfx - ok
23:55:39.0391 3620 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:55:39.0408 3620 iirsp - ok
23:55:39.0497 3620 [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
23:55:39.0551 3620 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
23:55:39.0551 3620 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
23:55:39.0583 3620 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:55:39.0664 3620 IKEEXT - ok
23:55:39.0733 3620 [ 4EAE74C8BCBCA309A5D7CBAD7E231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:55:39.0841 3620 IntcAzAudAddService - ok
23:55:39.0891 3620 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:55:39.0917 3620 intelide - ok
23:55:39.0942 3620 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:55:39.0998 3620 intelppm - ok
23:55:40.0024 3620 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:55:40.0086 3620 IPBusEnum - ok
23:55:40.0122 3620 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:55:40.0191 3620 IpFilterDriver - ok
23:55:40.0220 3620 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:55:40.0268 3620 iphlpsvc - ok
23:55:40.0275 3620 IpInIp - ok
23:55:40.0308 3620 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:55:40.0378 3620 IPMIDRV - ok
23:55:40.0412 3620 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:55:40.0465 3620 IPNAT - ok
23:55:40.0522 3620 [ D7ED7D86C9FDDC2EEE637B303B3D6A6B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:55:40.0549 3620 iPod Service - ok
23:55:40.0564 3620 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:55:40.0596 3620 IRENUM - ok
23:55:40.0649 3620 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:55:40.0666 3620 isapnp - ok
23:55:40.0716 3620 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:55:40.0740 3620 iScsiPrt - ok
23:55:40.0766 3620 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:55:40.0787 3620 iteatapi - ok
23:55:40.0805 3620 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:55:40.0823 3620 iteraid - ok
23:55:40.0850 3620 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:55:40.0870 3620 kbdclass - ok
23:55:40.0892 3620 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:55:40.0918 3620 kbdhid - ok
23:55:40.0967 3620 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:55:41.0045 3620 KeyIso - ok
23:55:41.0075 3620 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
23:55:41.0092 3620 KL1 - ok
23:55:41.0114 3620 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
23:55:41.0141 3620 kl2 - ok
23:55:41.0220 3620 [ AF04D0CE7939324E9A605B159295706C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
23:55:41.0266 3620 KLIF - ok
23:55:41.0295 3620 [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
23:55:41.0314 3620 KLIM6 - ok
23:55:41.0348 3620 [ 3DE1771C135328420315E21DDE229BBA ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
23:55:41.0377 3620 klmouflt - ok
23:55:41.0473 3620 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:55:41.0542 3620 KSecDD - ok
23:55:41.0588 3620 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:55:41.0700 3620 KtmRm - ok
23:55:41.0736 3620 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
23:55:41.0821 3620 LanmanServer - ok
23:55:41.0872 3620 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:55:41.0941 3620 LanmanWorkstation - ok
23:55:41.0972 3620 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:55:42.0029 3620 lltdio - ok
23:55:42.0093 3620 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:55:42.0186 3620 lltdsvc - ok
23:55:42.0219 3620 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:55:42.0304 3620 lmhosts - ok
23:55:42.0345 3620 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:55:42.0374 3620 LSI_FC - ok
23:55:42.0426 3620 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:55:42.0476 3620 LSI_SAS - ok
23:55:42.0499 3620 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:55:42.0549 3620 LSI_SCSI - ok
23:55:42.0579 3620 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:55:42.0645 3620 luafv - ok
23:55:42.0679 3620 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:55:42.0726 3620 Mcx2Svc - ok
23:55:42.0789 3620 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:55:42.0818 3620 megasas - ok
23:55:42.0898 3620 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:55:42.0935 3620 MegaSR - ok
23:55:42.0986 3620 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:55:43.0061 3620 MMCSS - ok
23:55:43.0093 3620 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:55:43.0160 3620 Modem - ok
23:55:43.0188 3620 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:55:43.0246 3620 monitor - ok
23:55:43.0266 3620 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:55:43.0295 3620 mouclass - ok
23:55:43.0333 3620 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:55:43.0386 3620 mouhid - ok
23:55:43.0405 3620 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:55:43.0433 3620 MountMgr - ok
23:55:43.0482 3620 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
23:55:43.0511 3620 mpio - ok
23:55:43.0546 3620 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:55:43.0602 3620 mpsdrv - ok
23:55:43.0640 3620 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:55:43.0712 3620 MpsSvc - ok
23:55:43.0727 3620 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:55:43.0753 3620 Mraid35x - ok
23:55:43.0789 3620 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:55:43.0840 3620 MRxDAV - ok
23:55:43.0874 3620 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:55:43.0927 3620 mrxsmb - ok
23:55:43.0963 3620 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:55:44.0060 3620 mrxsmb10 - ok
23:55:44.0099 3620 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:55:44.0132 3620 mrxsmb20 - ok
23:55:44.0175 3620 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
23:55:44.0218 3620 msahci - ok
23:55:44.0237 3620 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:55:44.0266 3620 msdsm - ok
23:55:44.0287 3620 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:55:44.0355 3620 MSDTC - ok
23:55:44.0383 3620 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:55:44.0440 3620 Msfs - ok
23:55:44.0473 3620 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:55:44.0500 3620 msisadrv - ok
23:55:44.0538 3620 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:55:44.0609 3620 MSiSCSI - ok
23:55:44.0616 3620 msiserver - ok
23:55:44.0653 3620 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:55:44.0720 3620 MSKSSRV - ok
23:55:44.0746 3620 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:55:44.0818 3620 MSPCLOCK - ok
23:55:44.0859 3620 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:55:44.0916 3620 MSPQM - ok
23:55:45.0026 3620 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:55:45.0070 3620 MsRPC - ok
23:55:45.0087 3620 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:55:45.0115 3620 mssmbios - ok
23:55:45.0132 3620 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:55:45.0202 3620 MSTEE - ok
23:55:45.0242 3620 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:55:45.0273 3620 Mup - ok
23:55:45.0318 3620 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:55:45.0365 3620 napagent - ok
23:55:45.0408 3620 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:55:45.0431 3620 NativeWifiP - ok
23:55:45.0499 3620 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:55:45.0539 3620 NDIS - ok
23:55:45.0564 3620 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:55:45.0612 3620 NdisTapi - ok
23:55:45.0626 3620 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:55:45.0672 3620 Ndisuio - ok
23:55:45.0714 3620 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:55:45.0796 3620 NdisWan - ok
23:55:45.0817 3620 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:55:45.0848 3620 NDProxy - ok
23:55:45.0865 3620 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:55:45.0912 3620 NetBIOS - ok
23:55:45.0951 3620 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:55:46.0018 3620 netbt - ok
23:55:46.0029 3620 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:55:46.0048 3620 Netlogon - ok
23:55:46.0165 3620 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:55:46.0289 3620 Netman - ok
23:55:46.0309 3620 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:55:46.0386 3620 netprofm - ok
23:55:46.0422 3620 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:55:46.0443 3620 NetTcpPortSharing - ok
23:55:46.0480 3620 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:55:46.0500 3620 nfrd960 - ok
23:55:46.0537 3620 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:55:46.0588 3620 NlaSvc - ok
23:55:46.0623 3620 [ 696B37EA78F9D9767A2F18BA0304A51A ] nmwcd C:\Windows\system32\drivers\nmwcd.sys
23:55:46.0717 3620 nmwcd - ok
23:55:46.0749 3620 [ BBB6010FC01D9239D88FCDF133E03FF0 ] nmwcdc C:\Windows\system32\drivers\nmwcdc.sys
23:55:46.0791 3620 nmwcdc - ok
23:55:46.0817 3620 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcj C:\Windows\system32\drivers\nmwcdcj.sys
23:55:46.0852 3620 nmwcdcj - ok
23:55:46.0880 3620 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcm C:\Windows\system32\drivers\nmwcdcm.sys
23:55:46.0915 3620 nmwcdcm - ok
23:55:46.0943 3620 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:55:47.0011 3620 Npfs - ok
23:55:47.0036 3620 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:55:47.0101 3620 nsi - ok
23:55:47.0113 3620 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:55:47.0166 3620 nsiproxy - ok
23:55:47.0232 3620 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:55:47.0444 3620 Ntfs - ok
23:55:47.0485 3620 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:55:47.0565 3620 ntrigdigi - ok
23:55:47.0580 3620 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:55:47.0644 3620 Null - ok
23:55:47.0699 3620 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:55:47.0757 3620 nvraid - ok
23:55:47.0778 3620 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:55:47.0806 3620 nvstor - ok
23:55:47.0836 3620 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:55:47.0866 3620 nv_agp - ok
23:55:47.0873 3620 NwlnkFlt - ok
23:55:47.0883 3620 NwlnkFwd - ok
23:55:47.0938 3620 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:55:48.0036 3620 ohci1394 - ok
23:55:48.0080 3620 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:55:48.0190 3620 p2pimsvc - ok
23:55:48.0205 3620 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:55:48.0251 3620 p2psvc - ok
23:55:48.0304 3620 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:55:48.0403 3620 Parport - ok
23:55:48.0495 3620 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:55:48.0525 3620 partmgr - ok
23:55:48.0605 3620 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:55:48.0712 3620 Parvdm - ok
23:55:48.0736 3620 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:55:48.0793 3620 PcaSvc - ok
23:55:48.0836 3620 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:55:48.0884 3620 pci - ok
23:55:48.0913 3620 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
23:55:48.0954 3620 pciide - ok
23:55:48.0989 3620 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:55:49.0019 3620 pcmcia - ok
23:55:49.0064 3620 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:55:49.0189 3620 PEAUTH - ok
23:55:49.0251 3620 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:55:49.0404 3620 pla - ok
23:55:49.0451 3620 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:55:49.0521 3620 PlugPlay - ok
23:55:49.0553 3620 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:55:49.0634 3620 PNRPAutoReg - ok
23:55:49.0694 3620 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:55:49.0730 3620 PNRPsvc - ok
23:55:49.0779 3620 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:55:49.0878 3620 PolicyAgent - ok
23:55:49.0923 3620 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:55:50.0004 3620 PptpMiniport - ok
23:55:50.0023 3620 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:55:50.0073 3620 Processor - ok
23:55:50.0102 3620 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:55:50.0188 3620 ProfSvc - ok
23:55:50.0202 3620 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:55:50.0233 3620 ProtectedStorage - ok
23:55:50.0270 3620 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:55:50.0328 3620 PSched - ok
23:55:50.0353 3620 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:55:50.0380 3620 PxHelp20 - ok
23:55:50.0429 3620 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:55:50.0522 3620 ql2300 - ok
23:55:50.0544 3620 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:55:50.0572 3620 ql40xx - ok
23:55:50.0617 3620 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:55:50.0656 3620 QWAVE - ok
23:55:50.0670 3620 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:55:50.0713 3620 QWAVEdrv - ok
23:55:50.0792 3620 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:55:51.0012 3620 R300 - ok
23:55:51.0042 3620 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:55:51.0093 3620 RasAcd - ok
23:55:51.0118 3620 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:55:51.0182 3620 RasAuto - ok
23:55:51.0204 3620 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:55:51.0255 3620 Rasl2tp - ok
23:55:51.0289 3620 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:55:51.0349 3620 RasMan - ok
23:55:51.0368 3620 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:55:51.0427 3620 RasPppoe - ok
23:55:51.0445 3620 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:55:51.0477 3620 RasSstp - ok
23:55:51.0494 3620 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:55:51.0528 3620 rdbss - ok
23:55:51.0547 3620 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:55:51.0589 3620 RDPCDD - ok
23:55:51.0621 3620 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:55:51.0656 3620 rdpdr - ok
23:55:51.0661 3620 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:55:51.0713 3620 RDPENCDD - ok
23:55:51.0741 3620 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:55:51.0797 3620 RDPWD - ok
23:55:51.0835 3620 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:55:51.0881 3620 RemoteAccess - ok
23:55:51.0908 3620 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:55:51.0954 3620 RemoteRegistry - ok
23:55:51.0989 3620 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:55:52.0023 3620 RFCOMM - ok
23:55:52.0043 3620 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:55:52.0108 3620 RpcLocator - ok
23:55:52.0130 3620 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
23:55:52.0172 3620 RpcSs - ok
23:55:52.0205 3620 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:55:52.0259 3620 rspndr - ok
23:55:52.0276 3620 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:55:52.0299 3620 SamSs - ok
23:55:52.0348 3620 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:55:52.0365 3620 SASDIFSV - ok
23:55:52.0374 3620 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:55:52.0392 3620 SASKUTIL - ok
23:55:52.0425 3620 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:55:52.0446 3620 sbp2port - ok
23:55:52.0479 3620 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:55:52.0514 3620 SCardSvr - ok
23:55:52.0556 3620 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:55:52.0638 3620 Schedule - ok
23:55:52.0662 3620 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:55:52.0693 3620 SCPolicySvc - ok
23:55:52.0716 3620 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:55:52.0763 3620 SDRSVC - ok
23:55:52.0787 3620 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:55:52.0876 3620 secdrv - ok
23:55:52.0903 3620 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:55:52.0955 3620 seclogon - ok
23:55:52.0981 3620 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
23:55:53.0036 3620 SENS - ok
23:55:53.0064 3620 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:55:53.0165 3620 Serenum - ok
23:55:53.0203 3620 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:55:53.0283 3620 Serial - ok
23:55:53.0299 3620 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:55:53.0334 3620 sermouse - ok
23:55:53.0397 3620 [ 65114D59850CA4D7785C22F922CC6942 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:55:53.0405 3620 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
23:55:53.0405 3620 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
23:55:53.0441 3620 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:55:53.0476 3620 SessionEnv - ok
23:55:53.0491 3620 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:55:53.0528 3620 sffdisk - ok
23:55:53.0547 3620 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:55:53.0585 3620 sffp_mmc - ok
23:55:53.0599 3620 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:55:53.0630 3620 sffp_sd - ok
23:55:53.0643 3620 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:55:53.0691 3620 sfloppy - ok
23:55:53.0722 3620 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:55:53.0771 3620 SharedAccess - ok
23:55:53.0796 3620 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:55:53.0843 3620 ShellHWDetection - ok
23:55:53.0886 3620 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:55:53.0903 3620 sisagp - ok
23:55:53.0919 3620 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:55:53.0941 3620 SiSRaid2 - ok
23:55:53.0960 3620 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:55:53.0982 3620 SiSRaid4 - ok
23:55:54.0175 3620 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:55:54.0534 3620 Skype C2C Service - ok
23:55:54.0616 3620 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:55:54.0642 3620 SkypeUpdate - ok
23:55:54.0775 3620 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:55:55.0064 3620 slsvc - ok
23:55:55.0112 3620 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:55:55.0185 3620 SLUINotify - ok
23:55:55.0226 3620 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:55:55.0292 3620 Smb - ok
23:55:55.0328 3620 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:55:55.0362 3620 SNMPTRAP - ok
23:55:55.0392 3620 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:55:55.0419 3620 spldr - ok
23:55:55.0446 3620 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:55:55.0508 3620 Spooler - ok
23:55:55.0547 3620 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:55:55.0609 3620 srv - ok
23:55:55.0642 3620 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:55:55.0699 3620 srv2 - ok
23:55:55.0729 3620 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:55:55.0762 3620 srvnet - ok
23:55:55.0792 3620 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:55:55.0878 3620 SSDPSRV - ok
23:55:55.0909 3620 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:55:55.0973 3620 SstpSvc - ok
23:55:56.0021 3620 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:55:56.0072 3620 stisvc - ok
23:55:56.0120 3620 [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:55:56.0142 3620 stllssvr - ok
23:55:56.0174 3620 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:55:56.0193 3620 swenum - ok
23:55:56.0231 3620 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:55:56.0281 3620 swprv - ok
23:55:56.0311 3620 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:55:56.0328 3620 Symc8xx - ok
23:55:56.0351 3620 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:55:56.0368 3620 Sym_hi - ok
23:55:56.0394 3620 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:55:56.0409 3620 Sym_u3 - ok
23:55:56.0447 3620 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:55:56.0509 3620 SysMain - ok
23:55:56.0537 3620 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:55:56.0565 3620 TabletInputService - ok
23:55:56.0596 3620 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:55:56.0642 3620 TapiSrv - ok
23:55:56.0663 3620 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:55:56.0705 3620 TBS - ok
23:55:56.0760 3620 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:55:56.0841 3620 Tcpip - ok
23:55:56.0877 3620 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:55:56.0927 3620 Tcpip6 - ok
23:55:56.0974 3620 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:55:57.0038 3620 tcpipreg - ok
23:55:57.0074 3620 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:55:57.0105 3620 TDPIPE - ok
23:55:57.0129 3620 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:55:57.0177 3620 TDTCP - ok
23:55:57.0207 3620 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:55:57.0243 3620 tdx - ok
23:55:57.0269 3620 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:55:57.0288 3620 TermDD - ok
23:55:57.0305 3620 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:55:57.0389 3620 TermService - ok
23:55:57.0420 3620 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:55:57.0447 3620 Themes - ok
23:55:57.0462 3620 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:55:57.0503 3620 THREADORDER - ok
23:55:57.0518 3620 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:55:57.0575 3620 TrkWks - ok
23:55:57.0628 3620 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:55:57.0670 3620 TrustedInstaller - ok
23:55:57.0699 3620 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:55:57.0751 3620 tssecsrv - ok
23:55:57.0765 3620 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:55:57.0797 3620 tunmp - ok
23:55:57.0825 3620 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:55:57.0867 3620 tunnel - ok
23:55:57.0895 3620 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:55:57.0912 3620 uagp35 - ok
23:55:57.0947 3620 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:55:57.0979 3620 udfs - ok
23:55:58.0008 3620 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:55:58.0053 3620 UI0Detect - ok
23:55:58.0085 3620 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:55:58.0118 3620 uliagpkx - ok
23:55:58.0140 3620 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:55:58.0161 3620 uliahci - ok
23:55:58.0178 3620 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:55:58.0196 3620 UlSata - ok
23:55:58.0220 3620 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:55:58.0243 3620 ulsata2 - ok
23:55:58.0268 3620 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:55:58.0310 3620 umbus - ok
23:55:58.0337 3620 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:55:58.0396 3620 upnphost - ok
23:55:58.0417 3620 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:55:58.0473 3620 usbccgp - ok
23:55:58.0490 3620 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:55:58.0571 3620 usbcir - ok
23:55:58.0612 3620 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:55:58.0658 3620 usbehci - ok
23:55:58.0692 3620 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:55:58.0740 3620 usbhub - ok
23:55:58.0772 3620 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:55:58.0865 3620 usbohci - ok
23:55:58.0893 3620 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:55:58.0942 3620 usbprint - ok
23:55:58.0971 3620 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:55:59.0013 3620 usbscan - ok
23:55:59.0047 3620 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:55:59.0147 3620 USBSTOR - ok
23:55:59.0174 3620 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:55:59.0214 3620 usbuhci - ok
23:55:59.0237 3620 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:55:59.0281 3620 UxSms - ok
23:55:59.0317 3620 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:55:59.0390 3620 vds - ok
23:55:59.0441 3620 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:55:59.0491 3620 vga - ok
23:55:59.0516 3620 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:55:59.0574 3620 VgaSave - ok
23:55:59.0609 3620 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:55:59.0637 3620 viaagp - ok
23:55:59.0658 3620 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:55:59.0707 3620 ViaC7 - ok
23:55:59.0725 3620 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:55:59.0752 3620 viaide - ok
23:55:59.0782 3620 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:55:59.0809 3620 volmgr - ok
23:55:59.0843 3620 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:55:59.0917 3620 volmgrx - ok
23:55:59.0971 3620 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:55:59.0995 3620 volsnap - ok
23:56:00.0028 3620 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:56:00.0048 3620 vsmraid - ok
23:56:00.0093 3620 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:56:00.0151 3620 VSS - ok
23:56:00.0209 3620 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:56:00.0252 3620 W32Time - ok
23:56:00.0269 3620 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:56:00.0332 3620 WacomPen - ok
23:56:00.0359 3620 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:56:00.0393 3620 Wanarp - ok
23:56:00.0401 3620 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:56:00.0431 3620 Wanarpv6 - ok
23:56:00.0467 3620 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:56:00.0506 3620 wcncsvc - ok
23:56:00.0528 3620 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:56:00.0584 3620 WcsPlugInService - ok
23:56:00.0612 3620 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:56:00.0633 3620 Wd - ok
23:56:00.0702 3620 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:56:00.0772 3620 Wdf01000 - ok
23:56:00.0796 3620 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:56:00.0849 3620 WdiServiceHost - ok
23:56:00.0862 3620 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:56:00.0895 3620 WdiSystemHost - ok
23:56:00.0931 3620 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:56:00.0976 3620 WebClient - ok
23:56:01.0000 3620 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:56:01.0064 3620 Wecsvc - ok
23:56:01.0090 3620 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:56:01.0138 3620 wercplsupport - ok
23:56:01.0181 3620 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:56:01.0243 3620 WerSvc - ok
23:56:01.0312 3620 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:56:01.0369 3620 WinDefend - ok
23:56:01.0378 3620 WinHttpAutoProxySvc - ok
23:56:01.0513 3620 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:56:01.0557 3620 Winmgmt - ok
23:56:01.0616 3620 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:56:01.0709 3620 WinRM - ok
23:56:01.0756 3620 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:56:01.0875 3620 Wlansvc - ok
23:56:01.0912 3620 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:56:01.0952 3620 WmiAcpi - ok
23:56:01.0993 3620 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:56:02.0035 3620 wmiApSrv - ok
23:56:02.0094 3620 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:56:02.0211 3620 WMPNetworkSvc - ok
23:56:02.0271 3620 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:56:02.0339 3620 WPCSvc - ok
23:56:02.0400 3620 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:56:02.0517 3620 WPDBusEnum - ok
23:56:02.0584 3620 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:56:02.0629 3620 WpdUsb - ok
23:56:02.0716 3620 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:56:02.0789 3620 WPFFontCache_v0400 - ok
23:56:02.0824 3620 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:56:02.0873 3620 ws2ifsl - ok
23:56:02.0909 3620 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
23:56:02.0955 3620 wscsvc - ok
23:56:02.0962 3620 WSearch - ok
23:56:03.0048 3620 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:56:03.0203 3620 wuauserv - ok
23:56:03.0253 3620 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:56:03.0332 3620 WudfPf - ok
23:56:03.0357 3620 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:56:03.0438 3620 WUDFRd - ok
23:56:03.0493 3620 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:56:03.0537 3620 wudfsvc - ok
23:56:03.0606 3620 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:56:03.0647 3620 YahooAUService - ok
23:56:03.0661 3620 ================ Scan global ===============================
23:56:03.0683 3620 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:56:03.0725 3620 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:56:03.0758 3620 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:56:03.0798 3620 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:56:03.0807 3620 [Global] - ok
23:56:03.0808 3620 ================ Scan MBR ==================================
23:56:03.0823 3620 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:56:04.0038 3620 \Device\Harddisk0\DR0 - ok
23:56:04.0038 3620 ================ Scan VBR ==================================
23:56:04.0066 3620 [ AC83B525CB4F74417B53DA5C015B8172 ] \Device\Harddisk0\DR0\Partition1
23:56:04.0067 3620 \Device\Harddisk0\DR0\Partition1 - ok
23:56:04.0084 3620 [ E9064281A07F8F7CEE27EF06478C2D47 ] \Device\Harddisk0\DR0\Partition2
23:56:04.0086 3620 \Device\Harddisk0\DR0\Partition2 - ok
23:56:04.0086 3620 ============================================================
23:56:04.0086 3620 Scan finished
23:56:04.0086 3620 ============================================================
23:56:04.0103 4676 Detected object count: 6
23:56:04.0103 4676 Actual detected object count: 6
23:56:22.0194 4676 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:22.0194 4676 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:56:22.0197 4676 AffinegyService ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:22.0197 4676 AffinegyService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:56:22.0199 4676 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:22.0200 4676 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:56:22.0203 4676 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:22.0203 4676 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:56:22.0206 4676 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:22.0207 4676 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:56:22.0209 4676 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:22.0209 4676 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip


----------



## Mark1956 (May 7, 2011)

Yup, the scan is clean. I have very little left to try and fix the update problem, but give this a try.

Download this and save it to the desktop: Windows Repair

Close your browser and any running programs, double click on the Tweaking icon to run the tool. When the program opens click on the *Step 4* tab. Under System Restore click on *Create* and wait for the confirmation to appear just below the button.

When complete click on the tab *Start Repairs*, click on the *Start* button. Then click on *Unselect All* and tick the boxes next to the following items only.

When done click on the *Start* button and leave it undisturbed until complete.


Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start Menu Icons Removed By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Windows Updates
Repair Volume Shadow Copy Service
Set Windows Services To Default Startup
Repair File Associations
Restore Important Windows Services


----------



## Tartansprite (Feb 22, 2013)

Sorry been too busy with work and packing (8 suitcases plus hand luggages!) .Off to Zambia until April 18th . Hope this will still be here on my return!! Very many thanks for all your assistance.


----------



## Mark1956 (May 7, 2011)

It should remain open until your return, thanks for letting me know.


----------



## Tartansprite (Feb 22, 2013)

Back from sunny Zambia and Victoria Falls! Too busy still but hope to have time Sunday to follow up advice.


----------



## Mark1956 (May 7, 2011)

Ok, thanks for the update.


----------



## Tartansprite (Feb 22, 2013)

Hi Mark,

Apologies for delay. I did try what you suggested but the site tried to charge me and now I get pop ups every so often that say i have so many errors that need fixing! I think the instructions were not very straightforward.


----------



## Mark1956 (May 7, 2011)

Sounds like you must have used the wrong button to download the software as it is completely free and as pop ups are appearing there was some Adware included in the download. Look in your list of installed programs and uninstall anything you do not recognize.

I have updated my instructions for Windows Repair with a warning not to use the download buttons at the top of the page, thank you for letting me know about the problem and sorry for the problem caused which I am sure we can quickly rectify. I can see how you could have been mislead, but I have not had this happen when posting those instructions before.

Please run ADWCleaner and RogueKiller again and post the logs to see what you have got.

Then go back to the link I gave and select any of the buttons to download the software, not from any of the other products on the page.

I have included a snapshot of the link to show exactly what download buttons you should use. The ones at the top are for some kind of system optimizer and should not be used, they take you to a page that clearly shows an item of software called Reimage not Windows Repair. All the buttons I have outlined go to trustworthy sites and you will not be charged. If you find one of those is asking for money then please tell me and I will make sure a complaint is made.


----------



## Mark1956 (May 7, 2011)

I have just downloaded Reimage to see what it included. Unless you declined the offer when installing you will have got the AVG Secure Search and it may have changed your browser Homepage to the AVG Search Provider. There was no sign of any malicious items being included.

Go into Control Panel then Programs and Features and uninstall AVG Secure Search and Reimage. AVG Secure Search will ask if you want to hide it or remove it, select to remove it.

Then continue as I suggested above and run ADWCleaner and RogueKiller, just as a precaution, and post the logs.

Then go back to the instructions for Windows Repair and run it as directed, you should find the instructions make more sense when you are running the software I intended you to use.


----------

